RE: Off Topic - CCIE Certification Junkies [7:65499]

[Jim Brown]

I would imagine the 5 CCIE mark has already been obtained. I met someone
who was working on their 5th at the end of the summer and I'm sure they
have passed by now.

Don't forget the article in Packet about Mark Purcell. I'm not sure on
the spelling of his name, but he already had 4 and was working on his
5th.

-Original Message-
From: The Long and Winding Road
[mailto:[EMAIL PROTECTED] 
Sent: Saturday, March 15, 2003 10:31 AM
To: [EMAIL PROTECTED]
Subject: Off Topic - CCIE Certification Junkies [7:65499]


With the announcement of the CCIE Voice certification ( a Good Thing,
IMHO )
I wonder a couple of things:

1) who will be the first quadruple CCIE?

2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid
certifications, making it possible to have more than four?

3) When will the CCIE become just another useless cert in the long
history
of useless networking certs?

NRF - you out there tonight?




--
TANSTAAFL
there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65520t=65499
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Last topic for tonight - Soltie's Book [7:64882]

[Jim Brown]

I bet I know which one is damaged. I would put money on the Caslow book.
Mine fell apart at the binding in no time flat. Whoever bound the Caslow
book did a very poor job.

-Original Message-
From: Juan Blanco [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 10, 2003 5:53 AM
To: [EMAIL PROTECTED]
Subject: RE: Last topic for tonight - Soltie's Book [7:64882]


Church,
I had being eating, drinking, sleeping.Solie, Caslow, Halabi,
Parkhurst,
Doyle and others books
as well for the last two months, and I came to the conclusion that Solie
and
Caslow book has
the same foundation or I will say using the same techniques, both books
are
great to the point
that I may have to buy one of them again because I had used them too
many
times it is already damage...
BTW Jeff Doyle Volume II looks like the continuation of Solie Book (very
interesting)...

Juan Blanco

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
The Long and Winding Road
Sent: Monday, March 10, 2003 3:57 AM
To: [EMAIL PROTECTED]
Subject: Last topic for tonight - Soltie's Book [7:64882]


I've waffled on this one before. But lately I've been spending more time
with Soltie ( CCIE Practical Studies, Volume 1 )

Previously, I've said the jury is still out on this one.

Now that I've given Mr. Soltie his due, I am finding this is a very good
book, and well worth considering when choosing CCIE prep books.

In fact, if I dare say so, I am finding that Mr. Soltie is much more
effective than is Mr. Caslow.

Anyone else finding the same?

Good night, everyone.

Chuck

--
TANSTAAFL
there ain't no such thing as a free lunch




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64908t=64882
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CiscoSecure Question [7:63941]

[Jim Brown]

You can hardcode the source address of TACACS requests on the routers.
This keeps you from needing to define every interface in the TACACS
server. The command is ip tacacs source-interface.

You can also define network devices in CiscoSecure with wildcards. You
could have one entry that maps all routers?

If you need more info drop me a line. I've been using it for several
years for all my authentication. It isn't cheap but it works great.

-Original Message-
From: Mossburg, Geoff (MAN-Corporate) [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 26, 2003 9:21 PM
To: [EMAIL PROTECTED]
Subject: CiscoSecure Question [7:63941]


All,
Does anyone out there have experience with CiscoSecure? I could
really use the help! I have over 50 routers that I'm setting up to
access
through TACACS, and I've been told that I have to make entries in
CiscoSecure for every interface on every router to make sure that each
router is TACACS accessible from anywhere in the network! Is this
true???
Thanks!
Geoff Mossburg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63943t=63941
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISS Real Secure Vs Cisco IDS [7:63461]-Automat [7:63560]

[Jim Brown]

This is my point exactly. I don't allow my IDS to respond to attacks for
the very reason you stated. It could easily force a DoS. I think a lot
of people don't take this into consideration. The vendors push automatic
response as a sexy feature when it really could be a major nuisance. Let
each piece of the puzzle do what it was designed for, no crossover. The
D in IDS stands for detection, I didn't install and IDRS. *The R is
for response if anyone missed that.

I try to use the most cost effective measures in a layered approach to
security. Anyone who throws up a firewall and thinks they are secure is
usually in for a big surprise. The most cost effective and easy approach
to security is just to keep your systems patched! This is simple and
would probably fight off 98% of all problems. The SQL Slammer worm is a
perfect example. The patch was available months ago! Security is a VERY
dynamic process.

I use and IDS to help identify problem IPs, what type of attacks do I
need to make sure I protected against, and auditing. The problem with an
IDS is it can only identify attacks in progress on the wire. An IDS does
NOT acknowledge if attacks were successful. This is where the layered
approach comes in and the most important piece of the whole puzzle is so
basic a clearly defined corporate security policy with teeth. How
many individuals realize 80% of all attacks and problems are not from
external threats but from employees?

I take security very seriously. I worked for a company once who was
about to throw up an E-commerce site that generated $1.5M the first year
behind a Microsoft Proxy Server. I had to scream, complain, and scare
the hell out of the executives before the coughed up the bucks for an
adequate security implementation.

An IDS is a tool, a mere piece of the security pie. NEVER put all of
your security eggs into one basket or there sure to get cracked. That's
pretty catchy. I need to remember that one.

-Original Message-
From: Carroll Kong [mailto:[EMAIL PROTECTED] 
Sent: Saturday, February 22, 2003 8:35 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]-Automated IDS
[7:63557]


I cut out some of the other messages to concentrate on one issue, 
automated IDS responses.  If your automated IDS responses result in a 
automated packet filter of any sort, I think you are doing yourself 
a disservice.  You might stop some kiddies, but you are just leaving 
yourself wide open to professionals who can DoS you very easily.

I suppose if everyone just started filtering at the edge to help 
prevent spoofing, but alas, that is not the reality of today's 
networks.

It should be trivial for the attacker to DoS your systems beyond 
compare.  For example, what if he spoofs a trusted host?  Now your 
trusted host cannot have access anymore.  Ok, so what if you have 
exceptions for the trusted host?  Now he has a host worth spoofing 
for, DoS trusted host, assume trusted host's identity.  Easier said 
than done and you can mitigate the risk with stuff like mac address 
port locking, anti-spoofing acls, but just to give you some ideas 
that automated IDS responses can be particularly dangerous.

Not even factoring the possibility you can lose accessibility to many 
systems, but most firewall products have some pitiful limitations 
(one can easily blow out any stateful firewall), and you can be 
assured your acls will grow to be so big your firewall just might 
keel over.  I hope you got default-closed systems.  ;)  But I suppose 
it won't matter at that point, your network will be down, or your IDS 
might be filled with so much garbage that you might not see the 
real attack come through for your forensics team to discover which 
hosts have been compromised.

 Come on now, the slammer worm? If you are security conscious this
 shouldn't have had any effect on you. Microsoft released a patch last
 summer.  Security is a best effort solution. It is about layers and
 maintenance. You cannot eliminate risk, you can only reduce risk.
 
 An IDSs responsibility is to pick up attacks on the wire, not prevent
 them. I personally don't believe in allowing my IDS to respond to an
 attack.
 

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Albert Lu
 Sent: Friday, February 21, 2003 9:19 AM
 To: [EMAIL PROTECTED]
 Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]
 
 Hi Troy,
 
 Must be some secure site, reason I was interested is that I had a
 discussion
 with someone else before in regards to multi-vendor IDS solutions and
 how
 effective they might be.
 
 So if you mostly rely on manual action, and an attack came in after
 hours,
 how quickly can you respond to your alerts? Since for some attacks, a
 half
 hour response time could cause your site to be down (eg. slammer
virus).
 If
 that was the case, even if you had all the vendor's IDS, it will be
 useless.
 
 Albert
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL 

RE: ISS Real Secure Vs Cisco IDS [7:63461]

[Jim Brown]

Come on now, the slammer worm? If you are security conscious this
shouldn't have had any effect on you. Microsoft released a patch last
summer.  Security is a best effort solution. It is about layers and
maintenance. You cannot eliminate risk, you can only reduce risk.

An IDSs responsibility is to pick up attacks on the wire, not prevent
them. I personally don't believe in allowing my IDS to respond to an
attack.

-Original Message-
From: cebuano [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 21, 2003 8:22 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


Hi Albert,
Very good point. Which brings me to this question - how can one measure
the security of a network? It almost always is an after-the-fact
response whichever vendor you choose. As you pointed out in your example
regarding the slammer virus, have you heard any vendor claiming immunity
from this?
Is detecting synonymous with preventing?
I'm also interested in this topic due to the fact that the pricing
structure from almost ALL the major players in the IDS/Firewall market
is astronomical.

Elmer

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Albert Lu
Sent: Friday, February 21, 2003 9:19 AM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]

Hi Troy,

Must be some secure site, reason I was interested is that I had a
discussion
with someone else before in regards to multi-vendor IDS solutions and
how
effective they might be.

So if you mostly rely on manual action, and an attack came in after
hours,
how quickly can you respond to your alerts? Since for some attacks, a
half
hour response time could cause your site to be down (eg. slammer virus).
If
that was the case, even if you had all the vendor's IDS, it will be
useless.

Albert

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, February 21, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


As with most things, you need to way up costs againts your requirements.
IN
our case, security is absolutely essential, so having a multivendor
security
solutions (and indeed fully redundant) is costly, but we see it as
justified.

With regards to action during attacks etc.  We mostly rely on manual
actions
as we dont want to inadvertently block legitimate traffic (for example
if an
attack came from a spoofed IP). For automatic action, you can make use
of
Ciso Policy manage, which has the ability to dynamically rewrite ACL's,
on
Pix's, Routers, and indeed Cat's.  according to data from IDS.  So for
example, if you where really paraniod (like we are),. you could have
pix's
as the first firewall, with IDS on the inside / dmz etc (using IDSM or
standalone IDS), tie these together with Policy manager .. then taking a
further step into your network, a set of Nokia Fw1 NG, along with
further
Nokia IDS solutions on the inside, and tied together using the
enterprisef
software!



Albert Lu wrote:

 Hi,

 I'm just curious about your multi-vendor solution. It must cost
 quite alot
 in order to have 3 IDS running. What about redundancy, if you
 are using dual
 switch/router/fw/ids, you would have a total of 6 IDS.

 Being able to detect attacks with multiple IDS is one thing.
 What action can
 it take once the IDS detects an attack? Logging it into the
 syslog server is
 not enough.

 Albert

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
 Sent: Friday, February 21, 2003 7:53 PM
 To: [EMAIL PROTECTED]
 Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]


 Hi Sean,

 I currently use Cisco IDSM (IDS module for the Cat6500), Nokia
 IDS, and
 Snort on the server themselves.  You can never be paranoid
 enough about
 these sort of things.  Each vendor has different exploits etc,
 so by
 implementing a multi vendor path to your critical servers, you
 protect
 yourself from any signle vendor specific exploit!




 Sean Kim wrote:
 
  Hello all,
 
  My company is thinking about installing an IDS (dedicated
  appliance type) for our network.
  As far as I know, the Real Secure and the Cisco IDS are two
  biggest names out there.  So I checked out the documents and
  white papers provided by the each company, but I couldn't
  really come up with what the differences are between them, and
  which one is better suited for our network.
 
  Can anyone voice their opinion about these two IDS?
 
  Thanks,
 
  Sean Kim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63548t=63461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Checkpoint NG trial licence needed [7:62823]

[Jim Brown]

Unless you have a relationship with a reseller they will charge you $100
for an evaluation license and media.

I have a few extra licenses. I would be willing to give you one. The
evaluation licenses are only good for 30 days. If this works for you,
drop me a line.

-Original Message-
From: Chris [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, February 11, 2003 2:04 PM
To: [EMAIL PROTECTED]
Subject: OT: Checkpoint NG trial licence needed [7:62823]


Hi all

I know it's OT but I hope some of you have a clue for this. Where from I
can get a trial license for Checkpoint NG ? I already asked this
question on their news site but now answer (it was the second posting).
I don't understand how can u get certified unless you take the training.

Thank you in advance
Chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62828t=62823
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: kismet [7:62376]

[Jim Brown]

A completely passive attack can capture data and derive a WEP key
without an association. This is the real issue with WEP encryption and
wireless networks.  A wireless network card and AirSnort or Ethereal
will get you the same result.

-Original Message-
From: s vermill [mailto:[EMAIL PROTECTED]] 
Sent: Monday, February 03, 2003 2:03 PM
To: [EMAIL PROTECTED]
Subject: RE: kismet [7:62376]


Priscilla Oppenheimer wrote:
 
 Sitting in a class. It would be very cool if someone answered
 this before the class got out!? :-)
 
 Is it really true that Kismet can sniff packets on an 802.11
 wireless network, even if you have the access point set up to
 require login/authentication. (assume the hacker doesn't know a
 login)
 
 From what I know about access points, the hacker would fail to
 associate with the access point, and hence could not see traffic.
 
 Thanks,
 
 Priscilla

If I understand the question, I don't see why a wireless sniffer would
need
to associate to an AP.  It's pulling data off the airways similar to a
NIC
in promiscuous mode on a hard-wired network.  Unless the data is
encrypted,
it's available to any wireless sniffer.  Sort of like a police scanner.
But
I sense there is more to the question...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62387t=62376
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Too much Security Overkill on wireless network??? [7:62010]

[Jim Brown]

I'm testing this very scenario at the moment. Just force the use of EAP
and turn off Open and Shared authentication.

I would probably pick (LEAP/PEAP + (BKR or TKIP)) or IPSEC. Although the
IPSEC-only route wouldn't afford you the ability to deny surfing from
the DMZ. EAP locks down the network access except for authenticated
users.

IPSEC might be overkill on top of PEAP.
 
You could use PEAP to protect unicast transmissions and Broadcast Key
Rotation to protect multicast/broadcast traffic. The broadcast key is
securely transmitted to the client during the EAP authentication
process.

I will be forced to use LEAP instead of PEAP at the moment because of
some CE devices, but the process is exactly the same except PEAP is
slightly more secure.

Can someone, Mas, please let me know if I need to enter in a WEP
transmission key when using EAP and Broadcast Key Rotation? I know I
need to turn WEP on, but I think I can just leave out the key and
specify the length. Is this right? The documentation isn't very clear.

-Original Message-
From: 910T [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 27, 2003 11:53 PM
To: [EMAIL PROTECTED]
Subject: Re: Too much Security Overkill on wireless network??? [7:62010]


Eric,

Sorry to pile it on, but the error correction in an 802.11 wireless
radio
transmission also takes up almost half the throughput right off the bat
(11
Mbit/s becomes about 6.5 Mbit/s net, best case). Perhaps SSH, SSL and
EAP/WEP are superflurous when used with IPSec, but I would imagine that
you
need SSH and SSL to support users coming in from the outside, or
perhaps
as an additional level of protection for individual users of sensitive
applications from those with general network access (most attacks come
from
within...).

Typically, WEP is done in hardware, so theoretically, there shouldn't be
any
overhead if that is the case. But if you want to eliminate it, why not
use
force the use of EAP for wireless admission control but leave WEP off?
(I
think you can either not enter a key at all or enter one and then select
'No
Encryption.)

Regards,

Mas Kato
https://ecardfile.com/id/mkato

- Original Message -
From: eric nguyen 
To: ; 
Sent: Thursday, January 23, 2003 8:51 AM
Subject: Too much Security Overkill on wireless network???


Hi,

I have assigned the task of setting up a wireless network for my company

and I am wondering that I use too much security for the wireless.

Currently, I am setting a test wireless network for about 5 users.
Eventually, this

network will have about 50 users.  My set up is as follows:

1) The wireless network is sitting on the DMZ network.  This DMZ network
is
hang

off an interface of a pix firewall (Pix-525).  Wireless users are
required
to use

Protected Extensible Authentication Protocol (PEAP)  in order to log

onto the wireless DMZ network.

2) In order to access the company iternal network which hang off the
inside

interface of the pix firewall, wireless users must use Cisco VPN Client
IPSec

to establish a secure VPN tunnel between their device and the Pix
firewall.

3) After succesfully establish the VPN tunnel between the wireless
device
and the

Pix firewall, wireless can only access the company internal network
applications

via SSL, SSH, POP3s and IMAPs.  I have a few users that tunnel
X-application
via

SSH connections.  Applications such as POP3, telnet and IMAP are not
allowed

from the DMZ network into the company internal network.

So far the test is going well.  However, my concern is that this will
not
scale well for

a large number of wireless users.  For example, let say for SSH
connection,
the

traffic is encrypted by SSH.  Below that, it is encrypted via IPSec.
Finally, it is

encrypted by PEAP.  I've not done any analysis yet but it is possible
that
50% of

the traffic is just overhead traffic for encryption.

Anyone has successfully implemented a secure wireless network on large
scale?

I would like to get your advise on this.  I have to present a
recommendation
to

my CTO in a next few days.

By the way, my company did hire a CCIE security consultant to work with
me
on

this project; however, this CCIE security is a f_cking moron.  Not
only he
doesn't

know anything about PEAP, but he even suggested that we use Cisco LEAP

because LEAP is much more secure than PEAP.  After he couldn't get PEAP
to

work, the SOB suggested that we switch to Cisco LEAP.  When we don't
want to

use Cisco LEAP, he suggested that we just use shared (aka STATIC WEP)

authentication because we are using IPSec and Secure applications to
access

the company internal network anyway.  The problem with this idea is that
once

wireless users are on the dmz wireless network, they can surf the
Internet

without restrictions.  I don't want strangers (if they get a hold of the
STATIC WEP

KEY) to use my company bandwith to use the Internet.  I want PEAP
because

it is safe and secure.  I am also testing EAP-TTLS but haven't had much
luck
with

it.

I am sure 

RE: Microsoft Exchange/UMS and Firewall [7:61747]

[Jim Brown]

Does your checkpoint licensing support VPN? If so it is very easy to
build a secure tunnel between sites that is encrypted. If you send me
the feature portion of the licensing string I can tell you if it
supports encryption.

-Original Message-
From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] 
Sent: Friday, January 24, 2003 10:18 AM
To: [EMAIL PROTECTED]
Subject: RE: Microsoft Exchange/UMS and Firewall [7:61747]


Exchange will use 135 to discover (portmapper) and then use dynamically
assigned ports for the actual conversations.  Your best bet is to
statically
map the ports in Exchange and then you don't have a moving target from
the
firewall point of view.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;155831

http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b194952

The other option (not a good one IMHO) is to open 135 only to the
Exchange
host and then leave a range of ports open to that host as well.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 23, 2003 9:04 PM
To: [EMAIL PROTECTED]
Subject: Microsoft Exchange/UMS and Firewall [7:61747]


Hi All,

Need your advice on the following situation: I have a Active Voice
Unified
Messaging System on Location A, and a Microsoft Exchange Server at
Location
B. Both Location A and B are protected by Checkpoint firewall. Please
advice
how the firewall be configured such that it will allow MAPI to be used
between these two sites.

Thanks a lot in advance!

Maurice




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61825t=61747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Export Control with 3DES encryption [7:60573]

[Jim Brown]

Here is a link to the BXA page about exporting encryption. They way I
read it, and applied it, is you don't need permission or registration to
use 3DES in countries except in countries labeled as terrorist countries
or if you organization falls into the terrorist category.

If you are sending commercial software to U.S. companies and their
subsidiaries for internal company use it is just fine with the U.S.
Government. As far as I can tell site-to-site VPN's fall into this
category as well as VPN remote access by employees, interns, or
contractors.

I think we have some ex-lawyers on the list and would be very interested
in their interpretation. 

If I'm incorrect, I've got a very big problem and would like to correct
it as soon as possible. Feedback encouraged.

http://www.bxa.doc.gov/Encryption/EncFactSheet6_17_02.html

U.S. Department of Commerce * Bureau of Industry and Security
Office of Strategic Trade  Foreign Policy Controls
Information Technology Controls Division 
COMMERCIAL ENCRYPTION EXPORT CONTROLS 



License Exception ENC eligibility for equipment controlled under ECCN
5B002 

The new rule clarifies that test, inspection and production equipment
controlled under ECCN 5B002 is eligible for export and reexport to U.S.
subsidiaries, government and non-government end-users in the European
Union (plus the eight additional countries) and non-government end-users
in all other countries (except in Cuba, Iran, Iraq, Libya, North Korea,
Sudan, Syria) under the provisions of License Exception ENC. 

Certain encryption items may be exported and reexported without review
or notification

This rule clarifies that, when a license is not otherwise required, no
review or notification is required to export or reexport the following:

1. Encryption items (including technology and source code) to U.S.
companies and their subsidiaries (except exports and reexports to
subsidiaries located in designated terrorist supporting countries, and
encryption technology or source code to foreign nationals of these
countries) for internal company use, including the development of new
products by employees, contractors and interns of U.S. companies.
Exporters are referred to Section 734.2 of the EAR for applicable
definitions of export and reexport that apply to encryption source
code and technology. (The encryption products that are developed using
these items are subject to the EAR and require review before they are
sold or transferred outside the company.)


-Original Message-
From: Thomas N. [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 09, 2003 8:51 AM
To: [EMAIL PROTECTED]
Subject: Re: Export Control with 3DES encryption [7:60573]


Thank you very much!  This page bring me directly to the registration
page.
However, I am wondering if I register with Cisco or with some government
organization?  If I register with Cisco link below, will they
automatically
submit it to certain government organization?  Thanks much!

Thomas


The Long and Winding Road  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 yes, here is a link on the Cisco web site:

 http://www.cisco.com/cgi-bin//Software/Crypto/crypto_main.pl

 this should get you started.

 HTH

 --
 TANSTAAFL
 there ain't no such thing as a free lunch




 Thomas N.  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi All,
 
  I plan to buy VPN routers, ship them to Japan then deploy VPN
between
 Cisco
  routers using 3DES encryption between Japan and U.S. for my company.
Do
I
  need to register with the government or certain organization?  How
the
  process work?  Also, where can I find a list of countries allowed to
 export
  3DES products to?  Thanks All in advance!
 
  Thomas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60737t=60573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ACS Authentication/Auth/Accounting [7:59393]

[Jim Brown]

The ACS server should have some error report in the logs if the router
is contacting it. It sounds like the response is so quick, the ACS
server isn't doing a lookup.

Have you nailed down the interface the router should use as the source
address for contacting the ACS server.

If not, the router could be contacting the ACS server and the ACS server
is rejecting the request because it is undefined. 

The router could have multiple interfaces and is using the wrong one as
the source.

-Original Message-
From: Amer [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 17, 2002 12:30 PM
To: [EMAIL PROTECTED]
Subject: ACS Authentication/Auth/Accounting [7:59393]


Okay I've got my login authentication, authorization and accounting
working
on most of my switches and router through a ACS (TACACS+).  But I have
this
one router that gives me an % Error in authentication message as soon
as I
put in my username.  It doesn't even allow me to put in a password.  The
only way I can get into it is through the local account that I have
created
on it.  I've checked a similar router (same IOS, exact same
configuration),
and it works okay so what can I look for to troubleshoot this
problem??
Thanks in advance.

Here is the config on the router:

aaa new-model
aaa authentication login default local tacacs+
aaa authentication enable default enable tacacs+
aaa authorization exec default tacacs+ local
aaa authorization network default none
aaa accounting update newinfo
aaa accounting exec default start-stop tacacs+
aaa accounting commands 15 default start-stop tacacs+
aaa accounting network default start-stop tacacs+

P.S.  Does anyone know of a way to filter out the commands that can be
accounted for at the ACS?  At the moment, the accounting is working a
great
but it accounts for every command that's put it. I have an access list
on
one of my router that is about 150 lines long and gets modified
constantly
and every command is accounted for in the ACS Accounting.  I'm trying to
see
if there's a way to filter out that particular access-list and not
account
for it everytime.  Thanks again.

Amer




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59404t=59393
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

[Jim Brown]

The image is working on other 3662 routers, but do are they the EXACT
same configuration. 

Do they all have exactly the same network modules and WIC cards in them?

Are all of the module and cards the same code revision?

I would try a different version of the IOS.

-Original Message-
From: Hamid Ali Asgari [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, October 13, 2002 11:21 PM
To: [EMAIL PROTECTED]
Subject: Re: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]


As I told ALL the images I used, are currently working on other 3662
routers

Hamid



 3660 uses different ios then the rest of 3600 family.  Seem like you
 have ios for the wrong platform

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of
 Hamid Ali Asgari
 Sent: Sunday, October 13, 2002 5:04 PM
 To: [EMAIL PROTECTED]
 Subject: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]

 Hi group,

 I have a Cisco 3662 router with 128 of RAM and 16 Mb of flash memory.
 The
 problem is that I cannot make the router boot !!!. Each time I boot
the
 router I get the folowing error.
 I don't know why this error is displayed. I have tried replacing the
 IOS several times. I have repleaced the flash memory but still it
 doesn't work.
 Does it have anything to do with Smart Init? I don't know what it is
 and how it can be disabled
 Any input would be welcome,

 Thanks,
 Hamid

 PS: The IOS that I have tested are currently running on other 3662s.

 *

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 program load complete, entry point: 0x80008000, size: 0xc26c18
 Self decompressing the image :


























 ###!



###
 [OK]
 Smart Init is enabled
 smart init is sizing iomem
  IDMEMORY_REQ TYPE
 B3  0X0009FC00 Dual Port Fast Ethernet
 6F  0X00012580 Sixteen port A/D Modem
 6F  0X00012580 Sixteen port A/D Modem
0X0028 OIR memory
0X0010A6F8 public buffer pools
0X00211000 public particle pools
 TOTAL:  0X0065FDF8

 If any of the above Memory Requirements are
 UNKNOWN, you may be using an unsupported
 configuration or there is a software problem and
 system operation may be compromised.
 Rounded IOMEM up to: 7Mb.
 Using 5 percent iomem. [7Mb/128Mb]


 Wrong system software for this hardware
 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 PCMCIA Slot0: No Card Present

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled

 PCMCIA Slot1: No Card Present

 System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1)
 Copyright (c) 1999 by cisco Systems, Inc.
 C3660 processor with 131072 Kbytes of main memory
 Main memory is configured to 64 bit mode with parity disabled
 Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=4t=55504
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map question (urgent) [7:54910]

[Jim Brown]

Port Address Translation.

-Original Message-
From: Harold Monroe [mailto:[EMAIL PROTECTED]] 
Sent: Monday, October 07, 2002 10:56 AM
To: [EMAIL PROTECTED]
Subject: RE: Route-map question (urgent) [7:54910]


This is something I've been wondering about also. As I understand it
when
you set ip next-hop it forces the packet to go out a particular
interface.

How about if you want the destination address changed for a particular
type
of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP
server.

For example, if you have only one Public IP Address and if HTTP comes in
you
want its destination address changed to 192.168.1.10, if FTP change its
destination address to 192.168.1.20

-Original Message-
From:   Stefan Razeshu [mailto:[EMAIL PROTECTED]]
Sent:   Monday, October 07, 2002 4:16 AM
To: [EMAIL PROTECTED]
Subject:Re: Route-map question (urgent)
[7:54910]

I think the response for this question is:

The access list:
access-list 101 permit tcp any eq www any
!-you need to detect your incoming www traffic.
!-You can use also your network address for the first
any.
!-route map statement
route-map http_access permit 10
match ip address 101
set ip next-hop 10.10.10.141

The policy map statement need to be place on the
interface
that is facing
your network not to the interface near by the host
10.10.10.141.
Regards,
Stefan

PS. I think we need to help each other not to give life
lessons.
It is a Cisco study list not the church.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55012t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Confused about MTU size [7:54689]

[Jim Brown]

I belong to the CheckPoint list server and a very similar discussion is
happening over there referencing Outlook over a VPN between CheckPoint
firewalls.

Could this problem be related to Tunnel overhead and packet
fragmentation?

I think this might be a problem with Microsoft's implementation of the
TCP/IP stack and large packets over 1500 MTU. Outlook might not be very
happy with fragmentation.

There is a registry setting for the end station that forces the MTU to
576 for any packets not destined for the local subnet.

This is cut and pasted from 
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314053

EnablePMTUDiscovery 
Key: Tcpip\Parameters
Value Type: REG_DWORD - Boolean
Valid Range: 0,1 (False, True)
Default: 1 (True)
Description: Setting this parameter to 1 (True) causes TCP to attempt to
discover the Maximum Transmission Unit (MTU or largest packet size) over
the path to a remote host. By discovering the Path MTU and limiting TCP
segments to this size, TCP can eliminate fragmentation at routers along
the path that connect networks with different MTUs. Fragmentation
adversely affects TCP throughput and network congestion. Setting this
parameter to 0 causes an MTU of 576 bytes to be used for all connections
that are not to computers on the local subnet. 

EnablePMTUBHDetect 
Key: Tcpip\Parameters
Value Type: REG_DWORD - Boolean
Valid Range: 0,1 (False, True)
Default: 0 (False)
Description: Setting this parameter to 1 (True) causes TCP to try to
detect Black Hole routers while doing Path MTU Discovery. A Black
Hole router does not return ICMP Destination Unreachable messages when
it needs to fragment an IP datagram with the Don't Fragment bit set. TCP
depends on receiving these messages to perform Path MTU Discovery. With
this feature enabled, TCP will try to send segments without the Don't
Fragment bit set if several retransmissions of a segment go
unacknowledged. If the segment is acknowledged as a result, the MSS will
be decreased and the Don't Fragment bit will be set in future packets on
the connection. Enabling black hole detection increases the maximum
number of retransmissions performed for a given segment. 

Anyone willing to modify their end station to force an MTU of 576 and
discovery of blackholes and report the results.

It would be most insightful to see the pre and post registry network
sniffer traces of Outlook traffic.

I don't have time now, but I think this could be the issue. I think it
may be an end station problem.


-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, October 02, 2002 7:58 PM
To: [EMAIL PROTECTED]
Subject: Re: Confused about MTU size [7:54689]


I had the same issue with outlook, its real slow when accessing Imap 
mail. I set the MTU, adjusted other
things, etc..nothing seems to fix this issue for me. I set up Netscape 
6.2x messenger/mail. Installed the
mail client for Imap mail, and it works fine...sometimes it hangs for a 
second or two, but not anything like
outlook

Larry

Creighton Bill-BCREIGH1 wrote:

I may be way out of line, but there aren't any access lists which may
be
prohibiting the IMAP ports used by exchange, are there. I ran into a
config
mess with DMZ's and access lists for a beta product test once. And that
was
what we saw - all worked (http, proxy, etc.) but Exchange was gone.
Turned
out to be some Checkpoint and access-list tweaking.


-Original Message-
From: JohnZ [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, October 02, 2002 5:43 PM
To: [EMAIL PROTECTED]
Subject: Re: Confused about MTU size [7:54689]

Thanks Priscilla, I definitely don't mind even if it was criticisim
especially coming from some one of your caliber. Thank you for the
pointers
and I will do some more deligant troubleshooting. And yes Mike it is
outlook
that refuses to work properly. There is no problem browsing, home user
is
able to copy files of all sizes with out any problems. We can ping the
email
server from the user's workstation heck I am even pc-anwhered into his
machine. But as soon we start outlook it just hangs. I will further
investigate the router's config although it's using a template that's
working elsewhere under different service provider without a hitch.
Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...

I agree that it doesn't sound like an MTU problem. There are often

problems

with MTU when DSL, VPNs, tunnels, etc. are used, so people might jump
to
that conclusion. But e-mail messages are often very short and would
easily
fit into most MTUs even after overhead. To test whether it's an MTU

problem,

try some oversized pings.

The MTU issue occurs when a full-sized packet arrives at an interface
that
needs to squeeze it into an MTU along with the overhead. The interface

could

fragment, but maybe the application or transport layer set the Don't
Fragment bit. Quite a few applications do that as part of their MTU
discovery process. The problem is made 

RE: How to force a new DR? [7:54810]

[Jim Brown]

Try 'clear ip ospf proc'

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, October 03, 2002 10:06 AM
To: [EMAIL PROTECTED]
Subject: How to force a new DR? [7:54810]


Hello friends,

  I have a question for you, maybe you can help me...


Suppose that I have an Ethernet segment with some routers
speaking OSPF, one of them is the DR and other is the BDR. Suppose that
I
add a new router to the Ethernet segment. I know that this doesn't start
a
new ellection of DR or BDR process, (the normal way is that when the DR
fails, the BDR takes its place and one new BDR is ellected). Now suppose
that I want the new router be the DR... How can I force this?? I know
that
I can force the priority in the election process (ip ospf priority
command), but I am not sure that changing this priority will start a new
election. Must I shut down the DR and BDR routers in order to force
a
new DR and BDR?? I don't think so


Best regards.

Miguel Angel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54812t=54810
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Aggregation in IOS 12.2 [7:54528]

[Jim Brown]

Elmer,

The way I read your config. You have enabled a single interface with
EIGRP routing, interface loopback17 of network 192.168.199.0/24.

You are redistributing all of EIGRP into BGP which only includes this
one network.

You are aggregating 192.168.192.0 255.255.248.0. The aggregate address
needs a minimum of one network in the aggregate address range to
advertise the supernet and more specific underlying routes.

The BGP table is exactly right as far as I can tell. The only networks
that should appear are the networks redistributed from EIGRP,
192.169.199.0/24, and the aggregate, 192.168.192.0/21, which is using
the previous /24 network for its very existence.

You must enter EACH of the loopbacks under the BGP process using
'network 192.168.192.0 mask 255.255.255.0', 'network 192.168.193.0 mask
255.255.255.0'.

The mask statement is not necessary in this case, I just always use it
for consistency. It is a personal preference. The mask statement is only
necessary for networks outside their classful boundary.

The other alternative is to include all of the loopbacks under the EIGRP
process and have them redistributed into BGP which you already have
setup, but currently you are only redistributing a single /24. If you
want them all to appear, you need to either enter them under the BGP
process with a network statement or redistribute them from EIGRP.

The route-map you have included in the configs looks like you are
planning on only advertising a subset of the more specific /24 routes.
You should look at the suppress-map option under the aggregate address
command as well as distribute list under the interface or neighbor
statement.

All three of these would accomplish the same result.

-Original Message-
From: cebuano [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, September 29, 2002 11:34 PM
To: [EMAIL PROTECTED]
Subject: BGP Aggregation in IOS 12.2 [7:54528]


Hi all.
Has 12.2 changed in that when you do an aggregate-address the
configured
router only shows the aggregate route and not include the more-specific
( or
aggregatED ) routes? Here's what I got...
This config is supposed to allow me to advertise both the aggregate
and
more-specific routes. But if this has changed then i'll have to think of
another solution...
Thanks.
Elmer

Stowe-2504#s
!
interface Loopback10
 ip address 192.168.192.1 255.255.255.0
!
interface Loopback11
 ip address 192.168.193.1 255.255.255.0
!
interface Loopback12
 ip address 192.168.194.1 255.255.255.0
!
interface Loopback13
 ip address 192.168.195.1 255.255.255.0
!
interface Loopback14
 ip address 192.168.196.1 255.255.255.0
!
interface Loopback15
 ip address 192.168.197.1 255.255.255.0
!
interface Loopback16
 ip address 192.168.198.1 255.255.255.0
!
interface Loopback17
 ip address 192.168.199.1 255.255.255.0
!
interface Serial0
 bandwidth 64
 ip address 192.168.1.254 255.255.255.252
!
router eigrp 100
 network 192.168.199.0
!
router bgp 100
 aggregate-address 192.168.192.0 255.255.248.0
 redistribute eigrp 100
 neighbor 192.168.1.253 remote-as 200
 neighbor 192.168.1.253 send-community
 neighbor 192.168.1.253 route-map community out
!
access-list 101 permit ip host 192.168.192.0 host 255.255.248.0
route-map community permit 10
 match ip address 101
 set community none
!
route-map community permit 20
 set community no-export
!

Stowe-2504#sh ip bgp
BGP table version is 9, local router ID is 192.168.199.1
Status codes: s suppressed, d damped, h history, * valid,  best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
* 192.168.192.0/21 0.0.0.032768 i
* 192.168.199.00.0.0.0  0 32768 ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54533t=54528
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: unusual BGP question. [7:54429]

[Jim Brown]

The original requirement stated you could not modify the AS path or
local preference. The MED is the method used to communicate preference
to another AS. There is no requirement that the MED can only be set
outside of the current AS, you can modify the MED attribute anywhere you
like.

-Original Message-
From: suaveguru [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, September 29, 2002 1:31 AM
To: Jim Brown; [EMAIL PROTECTED]
Subject: RE: unusual BGP question. [7:54429]


I have the impression that MED is only for outbound
traffic . For inbound traffic try prepending the
routes that you do not wish to use for the priority
path . And the routes will automatically follow the
path that has no prepend

correct me if I am wrong

suaveguru
--- Jim Brown  wrote:
 What about modify the MED of the route?
 
 -Original Message-
 From: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] 
 Sent: Saturday, September 28, 2002 9:51 AM
 To: [EMAIL PROTECTED]
 Subject: unusual BGP question. [7:54429]
 
 
 Hello, 
 
 Anyone any thought on the following lab Im working
 on,
 
 AS 1 and AS2 are connected to AS3 via EBGP as well
 as each other.
 (Triangular fashion)
 AS1 and AS2  both  originate and advertise the
 network 81.0.0.0/8 in to
 EBGP
 to AS3
 
 
 Objective:
 Ensure that AS3 routes to 81.0.0.0/8 via AS 1.
 Local preference or AS-path attributes may NOT be
 modified.
 
 I'm thinking to do this, to use policy routing, or
 is there another way
 to
 deal with a situation like this.
 
 Any help appreciated.
 Kind regards.
 Paul.
 
 
 
 
 


 
 
 This E-mail is from O2. The E-mail and any files
 transmitted with it are confidential and may also be
 privileged and
 intended
 solely for the use of the individual or entity to
 whom they are
 addressed.
 Any unauthorised direct or indirect dissemination,
 distribution or
 copying
 of this message and any attachments is strictly
 prohibited. If you have
 received the E-mail in error please notify
 [EMAIL PROTECTED] or 
   telephone ++ 353 1 6095000.
 


 *
[EMAIL PROTECTED]


__
Do you Yahoo!?
New DSL Internet Access from SBC  Yahoo!
http://sbc.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54480t=54429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: unusual BGP question. [7:54429]

[Jim Brown]

What about modify the MED of the route?

-Original Message-
From: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, September 28, 2002 9:51 AM
To: [EMAIL PROTECTED]
Subject: unusual BGP question. [7:54429]


Hello, 

Anyone any thought on the following lab Im working on,

AS 1 and AS2 are connected to AS3 via EBGP as well as each other.
(Triangular fashion)
AS1 and AS2  both  originate and advertise the network 81.0.0.0/8 in to
EBGP
to AS3


Objective:
Ensure that AS3 routes to 81.0.0.0/8 via AS 1.
Local preference or AS-path attributes may NOT be modified.

I'm thinking to do this, to use policy routing, or is there another way
to
deal with a situation like this.

Any help appreciated.
Kind regards.
Paul.








This E-mail is from O2. The E-mail and any files
transmitted with it are confidential and may also be privileged and
intended
solely for the use of the individual or entity to whom they are
addressed.
Any unauthorised direct or indirect dissemination, distribution or
copying
of this message and any attachments is strictly prohibited. If you have
received the E-mail in error please notify [EMAIL PROTECTED] or 
  telephone ++ 353 1 6095000.


*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54468t=54429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Jim Brown]

If you enter an IPX commands before you define the node address
manually, it will use the highest mac address on Ethernet interface
regardless of the node address manually entered.

To reset the router, you must remove all IPX commands, remove the ipx
routing command, and reboot the router.

The very first command after the reload should be the ipx routing 2.2.2
command, then all will be well.

-Original Message-
From: Mike Martins [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 6:07 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX ID [7:53989]


I got the IPX network going between all routers, over frame relay etc
etc no
problem. On the frame-relay map statements (opposite sides) I mapped to
the
IPX/MAC address that the router had elected. Everything works, no
worries. I
am not doing anything different, all routers were running default IPX
RIP,
now disabled and all running IPX EIGRP.
I dont know why one router accepts a manual statement and another
decides it
has got its own agenda. I tried shutting down all interfaces, deleting
IPX
Routing and re entering a manual x.x.x. It remains stubborn.
I will spare you the configs, unless you wanna sift through trunks and
tunnels and exiting stuff like DLSW and a few of my improvized ISDN
configs.
When I started with the IPX early this evening I did not have much
config on
the routers anyway.

It is just a point of interest really, someone must know the answer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54027t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX ID [7:53989]

[Jim Brown]

On second thought, it might just require a reload after you add the ipx
routing 2.2.2 command to force the router to use the manual address
after it has picked up an interface mac address.

-Original Message-
From: Jim Brown 
Sent: Tuesday, September 24, 2002 9:49 PM
To: 'Mike Martins'; [EMAIL PROTECTED]
Subject: RE: IPX ID [7:53989]


If you enter an IPX commands before you define the node address
manually, it will use the highest mac address on Ethernet interface
regardless of the node address manually entered.

To reset the router, you must remove all IPX commands, remove the ipx
routing command, and reboot the router.

The very first command after the reload should be the ipx routing 2.2.2
command, then all will be well.

-Original Message-
From: Mike Martins [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, September 24, 2002 6:07 PM
To: [EMAIL PROTECTED]
Subject: RE: IPX ID [7:53989]


I got the IPX network going between all routers, over frame relay etc
etc no
problem. On the frame-relay map statements (opposite sides) I mapped to
the
IPX/MAC address that the router had elected. Everything works, no
worries. I
am not doing anything different, all routers were running default IPX
RIP,
now disabled and all running IPX EIGRP.
I dont know why one router accepts a manual statement and another
decides it
has got its own agenda. I tried shutting down all interfaces, deleting
IPX
Routing and re entering a manual x.x.x. It remains stubborn.
I will spare you the configs, unless you wanna sift through trunks and
tunnels and exiting stuff like DLSW and a few of my improvized ISDN
configs.
When I started with the IPX early this evening I did not have much
config on
the routers anyway.

It is just a point of interest really, someone must know the answer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54028t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dialer interfaces vs. dialer maps question to ponder [7:53467]

[Jim Brown]

I think you can do anything with dialer interfaces that you can do with
legacy DDR, but the inverse is not true.

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]] 
Sent: Monday, September 16, 2002 10:45 PM
To: [EMAIL PROTECTED]
Subject: OT: Dialer interfaces vs. dialer maps question to ponder
[7:53457]


OK,

A Question to ponder.

Can anyone think of a reason of why someone would NOT user dialer
interfaces, as apposed to using legacy DDR , beside IOS support, and the
political just because we want legacy DDR ?

I'm just trying to reason why someone would use legacy DDR and I can't
think
of a reason to use it. Is there some configuration that is only
supported by
legacy DDR commands?

Just a little late night pondering before bedtime...

Thanks

Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53467t=53467
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3550 EMI [7:52430]

[Jim Brown]

Make sure you can enter some commands under the BGP process. Just defining
the process in the config doesn't mean the IOS supports it.

-Original Message-
From: Dan Penn [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, August 31, 2002 1:56 AM
To: [EMAIL PROTECTED]
Subject: RE: 3550 EMI [7:52430]


Just tried it out:

Switch(config)#router bgp 1
Switch(config-router)#

Yep, this version has BGP, doesn't have IS-IS yet.

Dan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Eric Rogers
Sent: Saturday, August 31, 2002 12:13 AM
To: [EMAIL PROTECTED]
Subject: 3550 EMI [7:52430]

A new IOS has just been released for the 3550 - 12.1.11.EA1. Looks like
it
came just in time for the new lab format too. Will this have BGP? What
else
will this have? The documentation has not been posted yet. Just in time
to
practice for the weekend anyhow. In any event it looks like the lab will
be
moving from 6 to 8 full routers come Nov.

-Eric




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52442t=52430
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No longer 4 digits [7:52146]

[Jim Brown]

First number assigned to a candidate was 1025. When we hit 11025 their will
be 10,000 candidates not including people who didn't recertify.

-Original Message-
From: Reza Sharifi [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, August 27, 2002 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: No longer 4 digits [7:52146]


Is that because there are more than 1 CCIE,s?.

Reza




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52149t=52146
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Cable for lab? [7:51651]

[Jim Brown]

You probably won't be able to pass the lab without practice on a simulator
or the real thing.

-Original Message-
From: Robert D. Cluett [mailto:[EMAIL PROTECTED]] 
Sent: Monday, August 19, 2002 1:10 PM
To: [EMAIL PROTECTED]
Subject: Re: ISDN Cable for lab? [7:51651]


is it really worth it?

Johnny Routin  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 No, you need an isdn simulator.

 --
 Johnny Routin




 Robert D. Cluett  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Can a straight through cat 5 cable be used for ISDN connectivity in a
lab
  (between 2 2503's)?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51660t=51651
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: bandwidth allocation problem [7:51565]

[Jim Brown]

This is the whole concept behind frame relay. The provider oversubscribes
the network and this is your port speed, your CIR is the guaranteed amount
even during times of congestion. Airlines do the same thing, the sell more
seats on flights than they actually have. Welcome to oversubscription.

Take a look a CBWFQ, this might be a solution to your problem. Clients can
use all the bandwidth until the link reaches capacity, then bandwidth is
scaled back defined limits. Look for QOS mechanisms that only take affect
during congestion.

-Original Message-
From: Deepak Achar [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, August 17, 2002 7:46 AM
To: [EMAIL PROTECTED]
Subject: bandwidth allocation problem [7:51565]


hi all 
i have doubt
 Suppose we have a leased line of 2MB bandwidth between say India and US.
The link is carrying more than 5 clients, using the concept of Multiplexer.
The question is if a client is allocated a bandwidth of 512k out of 2MB, is
it possible to use a part of the bandwidth which is allocated to client when
that client is not using the whole bandwidth. but this bandwidth adjustment
should not be known to the client. If the client's traffic reaches the whole
bandwidth, he should be given the whole bandwidth.
suppose client is using only 256k out of 512k which is allocated to him. is
it possible to allocate the remaining 256k to other purpose. if yes how can
it be done. once the client traffic reaches 512k, the bandwidth which was
taken from the client should be freed dynamically.

thanks
deepak




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51578t=51565
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE WORTH IT? [7:50941]

[Jim Brown]

You guys are talking about a lot or work and we all know Paul has other
things to do besides gathering and maintaining data on list members.

In a perfect world it would be great to have the information suggested
below, but someone has to expend the time and effort. I know it won't be me,
I need to study so I can fail my next attempt. ;-)

-Original Message-
From: Michael L. Williams [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 08, 2002 3:44 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE WORTH IT? [7:50941]


I agree.

Mike W.

David j  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Yes, I agree but only if it's voluntary...
 Robert D. Cluett wrote:
 
  It would be nice to know where each member is located and what
  there level
  of knowledge/certification is.  I wonder if we could request
  this to be
  added to the site.  Maybe member profiles or something.  Anyone
  agree?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50998t=50941
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Time-Base ISDN connection [7:48991]

[Jim Brown]

Base your dialer list on a time based access list. This should do the trick.


-Original Message-
From: Jimmy [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 16, 2002 10:34 PM
To: [EMAIL PROTECTED]
Subject: Time-Base ISDN connection [7:48991]


   Does anyone have the sample configuration for
Time-Base ISDN connection.

   What I want to do is the only specific time , like
from 9am to 6pm , ISDN link bettwen 2 router will be
up. 


  Thanks in advance.


regards
Jimmy

__
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48992t=48991
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM fore CCIE [7:48892]

[Jim Brown]

You are not responsible for configuring the switch, but ATM is still on the
test. You will need to configure routers to communicate through the cloud.


-Original Message-
From: Calorifer Gogu [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 16, 2002 3:43 PM
To: [EMAIL PROTECTED]
Subject: RE: ATM fore CCIE [7:48892]


According to the info on the CISCO's own web site ATM is not required any
more to pass, that is no testing on ATM.
Just do a search on CISCO WEB for CCIE requirements there is a list with
stuff:
http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#42




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48965t=48892
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Placement of IDS [7:48420]

[Jim Brown]

Most security breaches are by employees.

With that out of the way, I would place the IDS engine in front of the
firewall to catch attacks against devices in the DMZ. In a small trusting
environment, your employees are probably not your biggest threat.


-Original Message-
From: sam sneed [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 09, 2002 12:20 PM
To: [EMAIL PROTECTED]
Subject: Placement of IDS [7:48420]


I was contemplating on where I should put my IDS. I have a simple network
with only one Internet connection to my ISP. It is firewalled with an
internal network that does not allow any incoming connections via firewall
and a DMZ which has web, DNS, and email server. My question is should I put
the IDS behind or in front of my firewall? What are most of you doing?
I realize if it is behinf the FW I will not be able to detect a lot of
possible security breaches, such as users trying to rsh or telnet into my
servers since this is blocked by FW. Should I care that people are trying to
get in or attack if the firewall is already blocking it?
The IDS could easily handle the traffic since its only at the 1MB-2MB range.

sam sneed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48432t=48420
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Lab Equipment [7:40032]

[Jim Brown]

I personally don't think my piece of mind would be worth that much. 

Buy hardware from a reputable source on E-bay or I have the number of an
individual I had GREAT success with in California. They sell large volumes
of hardware and I also have the number of someone for memory which you will
need.

The hardware person goes under the name of BabyJake on E-bay and I have
nothing but good things to say about them or the way they conduct business.
You can call them direct and have them check inventory if you don't see what
you want on E-bay.

Contact me offline if interested for their number also.

-Original Message-
From: Shaun Stanley [mailto:[EMAIL PROTECTED]] 
Sent: Monday, April 01, 2002 10:19 AM
To: [EMAIL PROTECTED]
Subject: Lab Equipment [7:40032]


I'm planning on setting up a home lab and I've 
noticed that most places offer a 30 day warranty
on used Cisco equipment...(usedrouter.com)...
Tancom.net offers a one year warranty...they will
swap out the defective piece for another working 
'used' one...

However, their prices are significantly higher than usedrouter.com...

eg.  UsedRouter.com - 2503 - 435.00
 Tancom - 2503 - 695.00

on one hand I feel like the peace of mind is worth 
some more money but on the other hand, what is the 
likelihood there will be a problem...AND I won't be buying
just one router, so the cost difference will be huge for
the entire lab...

What experience have others had with purchasing used 
equipment? warranties? etc?
If the router does go bad and you have no warranty? what options are
available at that stage?

Any help greatly appreciated.

Shaun




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40073t=40032
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Token Ring [7:38863]

[Jim Brown]

Get online access for the 3900 it is enough. Be very sad they are removing
Token Ring from the lab, there are the easiest points you will receive on
the lab.

-Original Message-
From: James [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, March 19, 2002 2:42 PM
To: [EMAIL PROTECTED]
Subject: CCIE Token Ring [7:38863]


Hello

I have read in a previous post that the CCIE R/S
program is dropping token ring stuff. Is that true or
does anyone know when will that be effective ?
Does anyone with experience with the lab know how much
does the token ring stuff is needed ? Is it worth
buying a Cat 3900 for a home lab or would getting
online rack access work as fine ?
any information is greatly appreciated.

Thank you.

__
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38866t=38863
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP Bandwidth statements [7:37221]

[Jim Brown]

I always understood the desired method for path manipulation and EIGRP was
through the modification of the delay value on the link.

-Original Message-
From: Grant Levy [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, March 05, 2002 6:31 PM
To: [EMAIL PROTECTED]
Subject: RE: EIGRP Bandwidth statements [7:37221]


Bandwidth statements, are used for the cost metrics of the links. If you
have equal links, but want to have a shadow not a load balancing link, then
use the offset-list, under the router eigrp process. It is always good
practice to use the bandwidth statement for each sub-interface.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37433t=37221
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Starter amp;amp;amp; Lab Equipment [7:37312]

[Jim Brown]

It will do the job nicely. No FEC for your lab, but do you really need it?

-Original Message-
From: Ronald James [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, March 06, 2002 8:59 AM
To: [EMAIL PROTECTED]
Subject: Re: CCIE Starter amp;amp; Lab Equipment [7:37312]


Is Catalyst 5000 with Supervisor 1 good enough for home lab purpose?


Justin C  wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Danie,

 I built my home lab entirely from Ebay.  There are some good vendors 
 on there, but the phrase buyer beware always comes to mind.  I 
 always look
at
 the sellers feedback, not just for positive ratings but to see if they
have
 sold equipment in the dollar value I am purchasing.  Look to see if 
 the seller has positive feedback on equipment in that price range.  
 The
sellers
 I can recommend (based on my own purchases and those of people I
personally
 know) are:

 networkhardwareresale - great packaging, good prices, quick shipment; 
 bluedesperateboy - good packaging, fair prices (little high, but top 
 notch equipment); ciscoware; www.whirled-routes.com; magi-tech; 
 snootfull; lskok

 If you look up their feedbacks, you will see the amount of business 
 they
do.
   If you are after good deals, be patient about purchasing and watch 
 for good products at good-to-fair prices.  It took me two months to 
 build my home lab (Catalyst 5000 w/ Sup 2, 2-2501, 2-2503, 1-2502, 
 1-2513, 1-4000M, 1-2620, 1-2522, 1-2511RJ, 2-2900 Cat switches, plus 
 all serial/ethernet
 cables) for around $9500.  All of it from Ebay, and all of it worked when
I
 received it.  Costly yes, but nothing beats continuous hands on 
 experience with the equipment for months (six so far) on end.  Plus, I 
 can configure almost anything I find in the CCNP and CCIE books I have 
 (save some Token Ring and ATM of course), which is nice when you have 
 questions about technologies and want to experiment to learn more 
 about them.  Personally,
I
 will rent rack time to get at the 3900/3920 switches and ATM
configurations.
   Also, I have not purchased from them, but Optsys.net has some pretty
good
 deals on 2501 and 2503 router packages.  I will be purchasing an ISDN 
 simulator from them later this month.

 As for the Catalyst 5000 switch, you can substitute a Catalyst 2901 or 
 a Catalyst 2926T (the T means 10/100T connections on the supervisor 
 module versus the 10/100 Fiber connections on the 2926F).  Search the 
 archives
for
 additional information on rack recommendations AND Ebay sellers to 
 steer clear of as the topic gets brought up at least once a month.

 Best of luck to you in your studies.

 My apologies to the group for any perceived waste of bandwidth on this
often
 discussed topic.  After reading about it for the past seven months, I 
 just wanted to drop my $.05 on the table.

 Regards,

 Justin Cluer

 From: Danie Strydom
 Reply-To: Danie Strydom
 To: [EMAIL PROTECTED]
 Subject: CCIE Starter [7:37283]
 Date: Tue, 5 Mar 2002 13:04:08 -0500

 Dear All, I've recently started active study on CCIE and have limited 
 experience but CCNP knowledge on Cisco kit. I'm in the process of 
 buying what I need and I need some advice on where to start and would 
 like to
find
 out how you guys started out.  What do I need for my home lab? I've 
 looked at auctions on Ebay, is it alright to buy second-hand? Is there 
 IOS
upgrades
 available free from Cisco? If any of you know a good link to a 
 specific equipment list I need I'd be very grateful, I've had a look 
 on the Cisco Routing and Switching Lab equipment list but they only 
 had the following - no real specifics:
 2500 series routers
 2600 series routers
 3600 series routers
 4000 and 4500 series routers
 3900 series token ring switches
 Catalyst 5000 series switches

 I can only afford up to 3600 series routers, what can I do about the 
 rest?

 Thank you for your help and I think this is a great group.

 Kind Regards,

 Danie Strydom

 London, UK

 _
 Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37414t=37312
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bandwidth limit at the E I [7:37105]

[Jim Brown]

Very interesting question. What is your application? Where do you plan on
using this and why? Is this from some scenario you are testing?

I would be very interested to know because I would like to work on the same
practice lab if you can share your source.

It is wise to do a little research before asking this type question.

Take a peak at the QOS options for the IOS. If you read and understand the
section you will have your answer.

-Original Message-
From: Mohannad Khuffash [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, March 03, 2002 12:13 PM
To: [EMAIL PROTECTED]
Subject: Bandwidth limit at the E I [7:37105]


Hello,
Is there any spesific command i can use to limit the bandwidth available at
the ethernet interfaces ? Please advise ?

Regards,

--







Mohannad N. Khuffash
Network Administrator
Palestine Telecommunication Company
Tel: 00972-02-2982330
Fax:00972-02-2980235




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37106t=37105
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Variance for Eigrp...does it actually work?? [7:33835]

[Jim Brown]

Even with the variance command a neighbor might not be considered a feasible
successor. Remember a feasible successor is a path whose reported distance
is less than the feasible distance. 

This is a loop prevention method in EIGRP.

Read the section, Deciding if a Path is Loop-Free in the document at the
link below

http://www.cisco.com/warp/public/103/eigrp1.html#6

I guarantee a light bulb will come on above your head after you read this.


-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 31, 2002 7:57 AM
To: [EMAIL PROTECTED]
Subject: Re: Variance for Eigrp...does it actually work?? [7:33835]


I don't really have an answer, this is more of a me too email.  I've only
bothered with variance once in a practice lab and I was not able to make it
work even after setting the variance to a ridiculously high number.  No
matter what I did, I was not able to get both EIGRP routes into the routing
table.

At some point I need to go back and figure out why it wasn't working but
I've been avoiding it.  

John

 Cisco Nuts  1/31/02 12:05:03 AM 
Hello,I am testing out the variance command under eigrp and it does not seem
to be working the way it is explained in the CCNP routing guide by
CiscoPress. Any ideas ? Sorry, Long post but need help.I have RTA connected
to RTB and RTC via FR physical intf. running eigrp 1RTB and RTC are
connected to BBR via serials also running eigrp 1BBR is connected to TS via
serial running eigrp 1 and igrp 1TS is connected to REMOTE running rip.RTA
to RTB to BBR have bandwidth = 64 configed.RTA to RTC to BBR have the
default bw = 1.544On RTA, the route to Rip netw. 12. and 13. on Remote show
up via the RTC to BBR to TS to Remote routewhich is correct.D EX
12.0.0.0/8 [170/3245056] via 192.168.10.243, 00:12:37, Serial0 D EX
13.0.0.0/8 [170/3245056] via 192.168.10.243, 00:13:42, Serial0 The metric
via RTB to BBR to TS to Remote is 41538560 as inD EX 12.0.0.0/8
[170/41538560] via 192.168.10.242, 00:00:17, Serial0 D EX 13.0.0.0/8
[170/41538560] via 192.168.10.242, 00:00:17, Serial0 After doing the math,(
multiplied 3245056 x 13 to get 42185728 which is greater than 41538560), I
configed a variance of 13 on RTA and expected to see 2 routes to networks
12. and 13. but only 1 route shows up, that thru RTC.Is there a reason
why?Thank you. : 



Send and receive Hotmail on your mobile device: Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33861t=33835
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: QoS Configuration Guidelines [7:33714]

[Jim Brown]

I believe RSVP and RTP should be configured on both ends.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 30, 2002 12:34 PM
To: [EMAIL PROTECTED]
Subject: Re: QoS Configuration Guidelines [7:33714]


3
Grad Alfons Kanon  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 team,

 For Cisco QoS configuration below, which one we should configure on  
 both routers which one is not..?


 1. RED/WRED
 2. FRTS/GTS
 3. rSVP
 4. CAR
 5. CQ, PQ
 6. RTP..?


 thanks


 Grad

 _
 Join the worlds largest e-mail service with MSN Hotmail. 
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33749t=33714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: QoS Configuration Guidelines [7:33714]

[Jim Brown]

I would bet my last dollar the original poster is referring to cRTP. This is
why I included it into the both ends category.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 30, 2002 1:07 PM
To: [EMAIL PROTECTED]
Subject: Re: QoS Configuration Guidelines [7:33714]


RTP as in Real Time Protocol?  It's not even a command.  It's a transport
layer addition to UDP.  You really can't tell a router to use RTP.  You can
tell it to do cRTP, or ip rtp priority.  cRTP is both ends, IP RTP priority
doesn't have to be.  But RTP isn't even a valid choice.


Jim Brown  wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I believe RSVP and RTP should be configured on both ends.

 -Original Message-
 From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, January 30, 2002 12:34 PM
 To: [EMAIL PROTECTED]
 Subject: Re: QoS Configuration Guidelines [7:33714]


 3
 Grad Alfons Kanon  wrote in message 
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  team,
 
  For Cisco QoS configuration below, which one we should configure on 
  both routers which one is not..?
 
 
  1. RED/WRED
  2. FRTS/GTS
  3. rSVP
  4. CAR
  5. CQ, PQ
  6. RTP..?
 
 
  thanks
 
 
  Grad
 
  _
  Join the worlds largest e-mail service with MSN Hotmail. 
  http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33753t=33714
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Is CCIEprep on crack or what ? [7:32787]

[Jim Brown]

You can definitely install a DB60 upside down. I won't even say I've watched
a trainee do it, I've done it myself. It is easier than you think, the hood
becomes distorted and it becomes even easier the next time.

-Original Message-
From: Ozzie Sutcliffe [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 21, 2002 11:35 PM
To: [EMAIL PROTECTED]
Subject: Is CCIEprep on crack or what ? [7:32787]


I was looking over some troubleshooting stuff and on of the scenario's
involved a router that was fine and the admin goes to lunch. Comes back from
lunch,S0 is down and down,a show controller  sees no cable . The rest of the
garbage raves on about about the DB60 being symmetrical and the cable was
installed upside down. Every DB 60 I have seen was NOT symmetrical and would
take some cutting with tin snips to install upside down.
 
The 12 secenario's I saw were really advanced CCNA not even CCNP level
stuff.. Is this the standard of CCIEpreps stuff ???

Oz

[GroupStudy.com removed an attachment of type application/ms-tnef]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32810t=32787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF and The Disappearing Neighbor Statement [7:31656]

[Jim Brown]

I thought you only need the neighbor statement on one side of the
connection? 

Once a router accepts the hello, adjacencies are formed with information
from the hello via unicast communication from that point forward.

Sort of like if I shout over a hill, Hey Routerman are you there, this is
Jim. Then you would respond back to me by name.

-Original Message-
From: Router Man [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, January 13, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: Re: OSPF and The Disappearing Neighbor Statement [7:31656]


I was able to reproduce your exact scenario.  I had a hub with two spokes
and the neighbor statements only appeared on the hub. This is very
interesting and I'm not sure what the reason behind it is.  I am glad that
this was brought up, because I would love to get to the bottom of this
situation.  I'll keep you posted John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The network statement definitely was there, but the neighbor 
 statements would only appear on the hub router.  Interestingly, I just 
 saw a sample configuration similar to this on CCO and they only had 
 the neighbor statement on one router, not both.  I think as long as 
 one router has a neighbor statement configured, the adjacency will 
 form assuming all other things being equal (network type, etc.)

 The adjacencies formed but I had to cycle the interfaces to get things
 started.   Even if the neighbor statement is only required on one side,
 I still don't understand why the router wouldn't let me add it.  The 
 adjacencies would eventually form, however, and routing occurred 
 exactly as I expected it.

 I did notice a minor issue with the neighbor statements on the hub.  I 
 had three of them, and one of them inserted 'priority 1' at the end, 
 yet the other two remained as I entered them.

  Router Man  1/11/02 3:08:03 PM 
 The only time that the neighbor statement will not show up in the 
 running-config, is if you do not have a network statement under the 
 router ospf process.  I am doubting that the neighbors formed an 
 adjacency without the neigbor or network statements showing up under 
 the ospf config.
 If the adjacency was actually formed, then it must be a bug.

 Another thing that I have noticed is than when trying to use the 
 neighbor statement to set the priority, neighbor 1.1.1.1 priority 
 255 the priority
 will change to something other than what I set it too.  It took me a
 while
 to figure this one out.   The problem is that I have to have matching
 ip
 ospf priority 255 statements under the interfaces running ospf .
 John Neiberger  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  It was hot, too hot.  Our detective had been working feverishly to 
  configure OSPF over NBMA without the use of ip ospf network
 statements.
  He knew that to do this he must explicitly add neighbor statements
 or
  adjacencies would not form.
 
  He logs into the hub router and types in his three neighbor
 statements.
   All seems well.  It's still too hot, but it's a dry heat.
 
  He now logs into one of the spoke routers and types in his neighbor 
  statement.  He pauses momentarily and then checks the OSPF
 adjacencies.
  Something seems to be wrong, he thinks to himself.  This ought to be 
  working, but it isn't.  Why not?  He looks through the running 
  config
 to
  look for any errors and notices the the neighbor statement that he
 just
  entered is missing!
 
  He slowly and deliberately types it in again making sure there are
 no
  mistakes but yet it still does not show up in the running
 configuration.
   Is this an IOS issue?  Operator error?  Some rift in the space-time 
  continuum?
 
  He jumps to another spoke router running a different IOS and tries
 the
  same thing with the same result.  He is frantic now, beads of sweat 
  pouring down his face.  What if this were the real CCIE lab exam?
 Could
  this be a fatal stumbling block?
 
  He finally notices that adjacencies do eventually form after
 clearing
  the relevant interfaces.  This must be because the hub router
 accepted
  the neighbor statements.  But what if it hadn't, he ponders.  He
 thinks
  forward into the future when--a day after taking the lab exam--he 
  receives the dreaded email that says, We're sorry, it is apparent
 that
  you have no clue.
 
  Back to the real world
 
  What was the cause of the missing neighbor statements?  Have any of
 you
  run into this before?  I've never bothered to explicitly use
 neighbor
  statements as I'm in the habit of using the ip ospf network command
 to
  make them unnecessary.
 
  Any thoughts?
 
  Thanks,
  John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31776t=31656
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab [7:31476]

[Jim Brown]

Candidates are responsible for features, up to and including, those found in
12.1 IOS. 

It is listed on the website in the certification section. 

Please note, this does not mean the routers will have 12.1 on them. They
might have the 12.1 code or some down revision.

-Original Message-
From: Edward Chuchaisri [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 09, 2002 4:47 PM
To: [EMAIL PROTECTED]
Subject: CCIE Lab [7:31476]


Just a quick question.  What IOS images do they use in the CCIE Lab?  I am
particularly intersted in the images they use in 2500 and 2600.

Thanks,

Ed

www.router4u.com
Affordable Router Lab




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31480t=31476
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BECN vs TCP congesttion control [7:31219]

[Jim Brown]

I think the reasoning is to prevent the transmission of traffic almost all
the way through the frame cloud only to have it dropped by the last telco
switch. With congestion notification you can shape the traffic for a more
even flow reducing packet loss and retransmission based on information from
the cloud.

If the traffic is traveling across the cloud only to be dropped at an
intermediate switch, it is still consuming valuable bandwidth.

Imagine one end with T1 access speed and the other end with a 64K port. The
T1 end will crush the line with everything it has only to have it dropped by
the last switch attached to the 64K port. Then the T1 end will cycle through
retransmission, and on, and on. You would waste a terrible amount of
bandwidth.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 07, 2002 3:49 PM
To: [EMAIL PROTECTED]
Subject: BECN vs TCP congesttion control [7:31219]


I understand that FR is multi-protocol, but I feel confident in saying that
most traffic is IP based.

With that out of the way, historically, why did the writers of frame-relay
include BECN as a method of congestion control when 1, it isn't end-to-end
as TCP is, and therefore not as good as TCP, and 2, not nearly as robust
and complex as TCP's tried and true methods of congestion control.

Is there another reason that I don't understand.

--

RFC 1149 Compliant.


FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31223t=31219
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sniffing my broadband connection to my ISP ??? [7:30689]

[Jim Brown]

O.K. let me rephrase this, A router would generate and ARP request and ARP
reply if the source network and destination network were directly attached
and proxy ARP were enabled.

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 02, 2002 5:08 PM
To: [EMAIL PROTECTED]
Subject: RE: Sniffing my broadband connection to my ISP ??? [7:30689]


At 04:37 PM 1/2/02, Jim Brown wrote:
Priscilla,

Wouldn't proxy ARP generate an ARP request and an ARP reply if the 
source and target networks were directly connected to the router?

No. Proxy ARP causes the router to generate ARP replies. It has no effect 
on ARP requests.

ARP requests are generated by normal ARP when a node tries to find the MAC 
address of another station. They are generated by end stations and by the 
router. The router has to find the MAC address just like any other station 
does.

He is sniffing on the broadband connection which presumably is shared by 
all hosts in his area (sometimes called a node in cable modem designs). 
He can see their ARPs and he can see the router's ARPs.

Proxy ARP allows devices to communicate with devices on the other side of 
the router without having to know that the router is there. In this case, 
end stations send ARP requests for local and non-local devices. For 
non-local addresses, the router responds with its own MAC address.

Priscilla



-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 02, 2002 3:54 PM
To: [EMAIL PROTECTED]
Subject: Re: Sniffing my broadband connection to my ISP ??? [7:30689]


Having proxy ARP enabled on the router would cause the router to send 
ARP replies not requests.

The fact that he sees ARP requests isn't surprising. He's on a shared 
network. On a shared network you see all the ARP requests from your 
local router to devices on your network.

Priscilla

At 05:24 PM 1/2/02, Erick B. wrote:
 Hi,
 
 Just to expand on this...
 
 The 224.0.0.1 multicast query you're seeing is coming
 from the cable modem I bet. I have a Surfboard 3100
 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. 
 I'm not sure why the cable modem is doing multicast and haven't 
 really looked into it. I think it may only be local to the LAN 
 interface toward your PC but not 100% positive. You can use your web 
 browser to view the log and status of the SB3100 cable modem by the 
 way, you can see the IP in the sniffer trace.
 
 If the ARP requests are originating from the ISP default-gateway 
 (first hop router for you) then maybe they have proxy arp enabled.
 
 The DHCP requests could be from other users on your
 segment, or maybe forwarded to a DHCP server on your
 segment from another segment.
 
 Also, since you're on a shared segment with others
 they may have set up their own networks, etc with
 their own address space, etc that you might see
 packets from.
 
 Erick
 
 --- Priscilla Oppenheimer  wrote:
   It sounds like you are sharing the broadcast domain
   with a bunch of other
   stations. The network is bridging on the edge. I
   think this is normal for
   cable modem systems. Is that what you are on?
  
   Priscilla
  
   At 12:23 PM 1/2/02, Phil Barker wrote:
   Hi Group,
 I have been sniffing my broadband connection
   to
   my ISP today and have a few questions.
   
 My main gripe is that I'm being sent around
   100
   Arp requests per minute, which obviously I cannot resolve. These 
   ARP requests are all originating
   from
   my default G/W at the ISP trying to resolve MAC addresses of 
   various users. Can anyone confirm if
   this
   is usual or unusual. I cannot see this being
   correct
   since if I set my router up to be one of these IP addresses I can 
   resolve it to my MAC address Eth 0 int' or any other mac-address 
   for that matter.
   
 They also send me DHCP requests, IGMP
   requests
   for group 224.0.0.1 (Which I wish I could join) but cannot and 
   lots of their private address
   information
   via the above mentioned ARP's.
   
 I also captured an attemt at an inbound TCP connection on a 
   dynamic port which my router RST, thankfully.
   
 Are they wasting my B/W ?
   
   Thanx,
   
   Phil
   
   
   
   
   
   __
   Do You Yahoo!?
   Everything you'll ever need on one web page
   from News and Sport to Email and Music Charts 
   http://uk.my.yahoo.com
   
  
   Priscilla Oppenheimer
   http://www.priscilla.com
 [EMAIL PROTECTED]
 
 
 __
 Do You Yahoo!?
 Send your FREE holiday greetings online! http://greetings.yahoo.com


Priscilla Oppenheimer
http://www.priscilla.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30786t=30689

RE: CCIE Written Passed Lab Advise [7:30838]

[Jim Brown]

If you are in the DC are maybe you should consider the Net Master Class by
Bruce and Val instead of the Global Knowledge. I attended ECP1 and know a
couple of individuals who attended the new RSNMC1, it sounds like the new
class is even better.

www.netmasterclass.net

You should be able to schedule your lab date soon. It usually takes a couple
of days for it to be reported to Cisco. There is an online registration tool
on the Cisco web site in the certification section. The dates are about six
months out. Don't worry about the backlog, most candidates need the time to
prepare. Just schedule a date and get cracking.

-Original Message-
From: Olympia Ric [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, January 03, 2002 2:41 PM
To: [EMAIL PROTECTED]
Subject: CCIE Written Passed  Lab Advise [7:30838]


I just passed the CCIE Routing and Switching Qualification Exam and would
appreciate recommendations on preparing for the lab. I do not have access to
Cisco gear at work but have registered for Global Knowledge CCIE lab
preparation courses. What equipment do I need? Rent vs buy. Recommended lab
sites preferably in the Washington DC, Virginia, Maryland area. I would
consider other location as well depending on how good they are.Do I need to
schedule my lab date now?

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30844t=30838
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sniffing my broadband connection to my ISP ??? [7:30689]

[Jim Brown]

Priscilla,

Wouldn't proxy ARP generate an ARP request and an ARP reply if the source
and target networks were directly connected to the router?


-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, January 02, 2002 3:54 PM
To: [EMAIL PROTECTED]
Subject: Re: Sniffing my broadband connection to my ISP ??? [7:30689]


Having proxy ARP enabled on the router would cause the router to send ARP 
replies not requests.

The fact that he sees ARP requests isn't surprising. He's on a shared 
network. On a shared network you see all the ARP requests from your local 
router to devices on your network.

Priscilla

At 05:24 PM 1/2/02, Erick B. wrote:
Hi,

Just to expand on this...

The 224.0.0.1 multicast query you're seeing is coming
from the cable modem I bet. I have a Surfboard 3100
cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm 
not sure why the cable modem is doing multicast and haven't really 
looked into it. I think it may only be local to the LAN interface 
toward your PC but not 100% positive. You can use your web browser
to view the log and status of the SB3100 cable modem
by the way, you can see the IP in the sniffer trace.

If the ARP requests are originating from the ISP default-gateway (first 
hop router for you) then maybe they have proxy arp enabled.

The DHCP requests could be from other users on your
segment, or maybe forwarded to a DHCP server on your
segment from another segment.

Also, since you're on a shared segment with others
they may have set up their own networks, etc with
their own address space, etc that you might see
packets from.

Erick

--- Priscilla Oppenheimer  wrote:
  It sounds like you are sharing the broadcast domain
  with a bunch of other
  stations. The network is bridging on the edge. I
  think this is normal for
  cable modem systems. Is that what you are on?
 
  Priscilla
 
  At 12:23 PM 1/2/02, Phil Barker wrote:
  Hi Group,
I have been sniffing my broadband connection
  to
  my ISP today and have a few questions.
  
My main gripe is that I'm being sent around
  100
  Arp requests per minute, which obviously I cannot
  resolve. These ARP requests are all originating
  from
  my default G/W at the ISP trying to resolve MAC
  addresses of various users. Can anyone confirm if
  this
  is usual or unusual. I cannot see this being
  correct
  since if I set my router up to be one of these IP addresses I can 
  resolve it to my MAC address Eth 0 int' or any other mac-address 
  for that matter.
  
They also send me DHCP requests, IGMP
  requests
  for group 224.0.0.1 (Which I wish I could join) but
  cannot and lots of their private address
  information
  via the above mentioned ARP's.
  
I also captured an attemt at an inbound TCP connection on a 
  dynamic port which my router RST, thankfully.
  
Are they wasting my B/W ?
  
  Thanx,
  
  Phil
  
  
  
  
  
  __
  Do You Yahoo!?
  Everything you'll ever need on one web page
  from News and Sport to Email and Music Charts 
  http://uk.my.yahoo.com
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com
[EMAIL PROTECTED]


__
Do You Yahoo!?
Send your FREE holiday greetings online! http://greetings.yahoo.com


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30722t=30689
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Practical Studies has no solution for the lab [7:30480]

[Jim Brown]

Page 1134

www.ciscopress.com/1587200023



-Original Message-
From: Jason [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, December 30, 2001 7:27 AM
To: [EMAIL PROTECTED]
Subject: Re: CCIE Practical Studies has no solution for the lab [7:30478]


Was there a link ? I couldn't find it


Jim Brown  wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The authors intentionally left out the solutions for the big labs. The 
 authors wanted to discourage readers from peeking at the solutions. 
 They will be available on Cisco's web site.

 I heard the link is currently dead? I'm sure it will be available in 
 the very near future.

 -Original Message-
 From: Nick S. [mailto:[EMAIL PROTECTED]]
 Sent: Saturday, December 29, 2001 1:25 AM
 To: [EMAIL PROTECTED]
 Subject: RE: CCIE Practical Studies has no solution for the lab 
 [7:30412]


 Thats one of the reasons they call it VOL I :) Jokes apart, I think 
 Cisco intends to bring out a series of these books, which may be based 
 on the changes that the test undergoes, maybe they will bring out a 
 solution workbook as well.

 From what I have heard, it doesnt contain much/no BGP either .. is 
 that
true
 ?

 Nick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30480t=30480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Practical Studies has no solution for the lab [7:30436]

[Jim Brown]

The authors intentionally left out the solutions for the big labs. The
authors wanted to discourage readers from peeking at the solutions. They
will be available on Cisco's web site.

I heard the link is currently dead? I'm sure it will be available in the
very near future.

-Original Message-
From: Nick S. [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, December 29, 2001 1:25 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Practical Studies has no solution for the lab [7:30412]


Thats one of the reasons they call it VOL I :) Jokes apart, I think Cisco
intends to bring out a series of these books, which may be based on the
changes that the test undergoes, maybe they will bring out a solution
workbook as well.

From what I have heard, it doesnt contain much/no BGP either .. is that true
?

Nick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30436t=30436
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Practical Studies by Cisco Press [7:30243]

[Jim Brown]

I have only done a cursory review, but from what I can tell their approach
is perfect. The author goes through each technology and explains it with as
few routers as necessary, then at the end are six full scale exam style
labs. Really concise material without all the fluff.

I haven't had the chance to check for errors, but I have a good feeling
about the quality of the material.

This is just what the doctor ordered for prep work.

As a gut check I looked up a couple of things that tripped me up on an exam
and sure enough there they were fully explained with descriptions and
configs.

In my opinion this book should increase the pass rate. This book is the list
of gothcas and how-to's I was creating myself, now it just has a pretty
cover.

Remember Cisco wants more people to pass the lab.

These are only my preliminary observations. Take a look at the book and
judge for yourself.

-Original Message-
From: juno vtv [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, December 27, 2001 6:01 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Practical Studies by Cisco Press [7:30243]


Jim,

Does the book go in-depth with many different topics?  What's the quality of
the labs?

-junovtv




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30248t=30243
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Practical Studies by Cisco Press [7:30243]

[Jim Brown]

I think it ROCKS! 

John, you could have purchased it at SoftPro Books since the middle of last
week.

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, December 27, 2001 5:18 PM
To: [EMAIL PROTECTED]
Subject: CCIE Practical Studies by Cisco Press [7:30243]


I know this just came out recently but I'm wondering if any of you have it
yet?  I don't know why I'm asking now since my copy will be here tomorrow.
:-)  I'm just curious to see if anyone else has had a chance to crack its
pages yet.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30245t=30243
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Proper dress for CCIE lab? [7:29524]

[Jim Brown]

They also reduce the amount of oxygen in the lab to simulate networking at
high altitudes. The proctors stand over your shoulders and scream in your
ear just like a military boot camp. You aren't allowed to use the show run
command and must type everything exactly right the first time.

Seriously You can wear whatever you like. I've worn shorts with a
t-shirt and I've noticed candidates in sandals. Just be comfortable.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 18, 2001 3:00 PM
To: [EMAIL PROTECTED]
Subject: Proper dress for CCIE lab? [7:29524]


Is it true that you have to be dressed in a suit for the CCIE lab?  Do them
mark mannerisms, speech and dress?  I have some old Novell guys telling me
horror stories of the Novel Instructor Program.

Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29529t=29524
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Group Study LAB Board Question [7:28863]

[Jim Brown]

Join the board and use whatever date you feel comfortable with. As far as
the date is concerned, if you can leave on a weeks notice, there will be a
seat available.

Dates are always opening up. Just study with a March date in mind and you
should be able to grab one within two weeks of the test. I'm pretty certain
about this.

Look at the scheduler and you probably will see Jan dates open. If I
remember correctly Cisco testing is closed for testing from around the 20th
till the new year. This might affect the availability of Jan dates in
regards to my earlier statement.

Just keep an eye open study your buns off and you should be able to grab the
desired date as it approaches.


-Original Message-
From: Gregg Malcolm [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 11, 2001 11:02 AM
To: [EMAIL PROTECTED]
Subject: OT:Group Study LAB Board Question [7:28863]


I recently passed my CCIE written.  I am hoping for a Mid March lab date. 
Currently, cisco is showing only earliest available dates in June.  I'd like
to join the lab discussion group, but I have not yet schdeluded the lab
since I don't want to wait until June to take it.  Would it be an error in
protocol to join the group saying that I have a mid March date?  I'm am
going to try very hard to get a mid March date (hopefully a swap).

Thank you,  Gregg




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28873t=28863
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Redistribution and Filtering [7:28699]

[Jim Brown]

With a single redistribution point, split-horizon should handle the
filtering for you in most cases.

In a production environment I might apply filtering just to be safe, but in
a lab/testing environment why waste the cycles.

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 10, 2001 12:08 PM
To: [EMAIL PROTECTED]
Subject: Re: Redistribution and Filtering [7:28699]


Filtering is, yes. Of coarse I'm assuming your not talking about a single
router network since you are redistributing routing protocols.

  Dave

John Neiberger wrote:
 
 But is it ever necessary if you're only using a single router to do 
 the redistribution?
 
  Bill Carter  12/10/01 10:55:23 AM 
 Yes it is overkill.  Yes it is good practice to use either route-maps 
 or distribute lists.  Control is better.
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of 
 William Lijewski
 Sent: Monday, December 10, 2001 10:57 AM
 To: [EMAIL PROTECTED]
 Subject: Redistribution and Filtering [7:28699]
 
 I have a basic question, kind of...
 
 When you redistribute between routing protocols, should you ALWAYS use 
 a route-map?  If there are no loops is it still recommended/required?  
 I have
 been doing it but I want to know if its overkill.
 
 Thanks,
 Bill
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28740t=28699
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: C2620 with NM-1FE1R2W? [7:28716]

[Jim Brown]

The blurb actually states it is not compatible with the 2600. Check the NM
table towards the bottom of the link.

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 10, 2001 1:57 PM
To: [EMAIL PROTECTED]
Subject: Re: C2620 with NM-1FE1R2W? [7:28716]


Here is a marketing blurb that appears to say it is supported on the 2600
platform but me thinks it lies ;)

http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/2636m_ds.htm

  Dave

Johan Hjalmarsson wrote:
 
 Does a NM-1FE1R2W= work in a Cisco 2620 router?
 
 I thought all NM's worked in both the C26xx and C36xx series, but I 
 can't get this configuration to work. When I look in the HW/SW 
 compability matrix only SW for the C36xx is shown for this module.
 
 Any suggestions?
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28745t=28716
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN DDR Question [7:28257]

[Jim Brown]

I don't think you can drop just one channel. The variables are only for
enabling the additional channel? I can't remember anything to just drop part
of the bundle.

If I'm incorrect someone will immediately jump in to point it out. So you
should have your answer either way.

-Original Message-
From: Sam Deckert [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, December 06, 2001 4:36 PM
To: [EMAIL PROTECTED]
Subject: RE: ISDN DDR Question [7:28257]


thanks patrick,

however from what i have found the idle-timeout command is for the first
channel being idle, not the second.

What i am after is how to make the second channel stay up longer than the
default after the load threshold drops below its defined value.

thanks,

sam.


-Original Message-
From: Patrick Donlon [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 6 December 2001 7:31 PM
To: [EMAIL PROTECTED]
Subject: Re: ISDN DDR Question [7:28257]


dialer idle-timeout seconds



Have a look at this link it's got lots of info on PPP and multilink

http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Internetworking:PPPs
=Implementation_and_Configuration



Cheers

Pat

Sam Deckert  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 hey all,

 just wondering if anyone knows how to extend the amount of time it 
 takes before the second channel comes down after the traffic level 
 drops below
the
 load threshold, when using multilink isdn with 2 channels?

 Any help would be great!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28343t=28257
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: eigrp and isdn routing question? [7:28219]

[Jim Brown]

If you deny EIGRP multicasts in the dialer-list it will prevent them from
initiating a call or keeping the line up. They will be uninteresting. and
will not cause the line to dial.

Once the line is up, all packets are fair game regardless of whether or not
they match the dialer-list. Any packet is passed over the ISDN circuit. The
dialer-list only signifies what traffic is interesting and will force a
call. 

I'm not sure if this is what you are looking for. In other words, neighbors
would only be formed when the link was up due to some other traffic defined
interesting by the dialer-list. No more interesting traffic and the link
comes down, but EIGRP will not keep the circuit up or cause a call to be
initiated..

You should probably look at the dialer-watch command for dial backup over
EIGRP. I think dialer-watch might be just what the doctor ordered.


-Original Message-
From: Bob Perez [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, December 05, 2001 1:09 PM
To: [EMAIL PROTECTED]
Subject: eigrp and isdn routing question? [7:28219]


Is ther a way that I can stop all eigrp traffic from passing on the ISDN
when it is down and then to pass when the ISDN comes up?  I have an access
list that denies eigrp on the BRI and the interface is set as passive in the
eigrp config.  But I am having routing problems when I lose my serial line
and the ISDN comes up.  Nothing will route unless there is a hardcoded next
hop for an address ip route ** ** *  I would like to somehow
pass eigrp info over the isdn when it comes up but not when it is down?  Can
this be done.  I also do not want to do redistribute static because of
default gateway issues.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28222t=28219
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Split Horizon and Frame [7:27679]

[Jim Brown]

The real kicker is you must disable EIGRP split horizon on the interface of
an NBMA network. If you disable it on the interface this will not work. You
must use the no ipx split-horizon EIGRP  command. The no ipx
split horizon command doesn't mean squat to EIGRP.

In an NBMA network, you should use EIGRP or create tunnels for RIP. Without
the ability to disable split-horizon for RIP you will never pass all the
routing information out to the spokes.

Of course all the rule about subinterfaces and such apply to split horizon.
Just keep the NBMA thing in mind when using physical or multipoint
interfaces.

-Original Message-
From: Lopez, James [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 29, 2001 7:36 AM
To: 'McCallum, Robert'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail);
a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul
frost; peter norberg; phil
Subject: RE: Split Horizon and Frame


Robert,

For IPX RIP, it is my understanding that you can not turn off split horizon.

For IP on frame interfaces, split horizon is turned on automatically for
point to point interfaces but off by default for the physical and
multi-point interfaces.

some one please correct me if I am incorrect.


JL

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 29, 2001 8:03 AM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham;
john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg;
phil
Subject: Split Horizon and Frame


Folks,

Quick question just to make sure I have things correct in my head.  Please
correct me if I'm wrong.

O.k.

FOR IPX every frame interface (physical, point, multipoint) split horizon is
enabled by default.

FOR IP physical frame interface split horizon is disabled and for point and
multipoint split horizon is enabled by default.

The above on ATM interfaces is it the same rules??

Cheers

Robert McCallum




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27679t=27679
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Slimline 2 [7:27365]

[Jim Brown]

What version of the IOS are you running? Some of the 12.0 versions have a
cosmetic bug which shows an invalid SPID when actually, all is well.



-Original Message-
From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]] 
Sent: Monday, November 26, 2001 1:02 PM
To: [EMAIL PROTECTED]
Subject: Slimline 2 [7:27365]


I am using the Slimline 2 ISDN simulator from PDS technologies.
 
I cannot get the SPID to be accepted. (See below)
 
 
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHE
TEI 64, ces = 1, state = 4(await init)
spid1 configured, no LDN, spid1 sent, spid1 NOT valid
 
I have not modifed the default phone numbers  and  configured on
Slimline
 
Below are my configs for bri0
interface BRI0
 ip address 10.0.0.1 255.255.255.0
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 dialer map ip 10.0.0.2 
 dialer-group 1
 isdn switch-type basic-5ess
 isdn spid1 
 
Is there a default LDN number I have to configure?
 
Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27366t=27365
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay/ISDN Question [7:27386]

[Jim Brown]

Cisco created the frame relay end-to-end keep alive command to address just
the issue you describe. It actually sends a configurable keep alive between
the end points to verify connectivity.

Check out the Doc CD Wan Switching Guide. Look under frame relay and the
entire keepalive command set is there.
-Original Message-
From: Joshua Gottlieb [mailto:[EMAIL PROTECTED]] 
Sent: Monday, November 26, 2001 4:00 PM
To: [EMAIL PROTECTED]
Subject: Frame Relay/ISDN Question [7:27386]


Question,

I have a network that is connected via frame relay.  Each site also has BRI
Lines setup from ISDN Dial-Backup.  

The backup interface BRI1/0 command is on the PVC Sub-Interface on each
router.  

Occasionally, we will have a problem with our PVC and it will still show up,
but we won't be able to route traffic over it.  

I'm trying to figure out a config so that if the traffic times out on the
serial interface, it will DDR on the BRI line.  The problem is, that with
the Backup Interface command, the BRI line goes into Administratively down
mode, so I don't think a floating static route will work.

Any ideas?

Thanks,

Joshua




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27388t=27386
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE One Day Lab FAIL [7:27067]

[Jim Brown]

Cut and paste baby!

Cut once, paste many.

-Original Message-
From: Courtney Alexander Foster [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 21, 2001 1:54 PM
To: Bryan Ginman; Joseph Ezerski; McCallum, Robert; 'Ccielab' (E-mail);
Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren
Subject: RE: CCIE One Day Lab FAIL


You would have to waste a lot of time setting aliases on all the routers

C. A. Foster
Sr. Network Engineer
x5910


-Original Message-
From: Bryan Ginman [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 21, 2001 2:27 PM
To: Courtney Alexander Foster; Joseph Ezerski; McCallum, Robert; 'Ccielab'
(E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra;
sandra1; Warren
Subject: RE: CCIE One Day Lab FAIL


Aliases are a God send for all you slow of fingers out there.

ex.

alias exec g sho ip int brief

typing g will now issue show ip int brief to the cli

Cheers,

Bryan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Courtney Alexander Foster
Sent: Wednesday, November 21, 2001 2:13 PM
To: Joseph Ezerski; McCallum, Robert; 'Ccielab' (E-mail); Cisco@Groupstudy.
Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren
Subject: RE: CCIE One Day Lab FAIL


I don't type that fast...but I am trying to master the short version of the
commands...but commands like sh ip int br messes me up on routers with BRI
interfaces

C. A. Foster
Sr. Network Engineer
x5910


-Original Message-
From: Joseph Ezerski [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 21, 2001 12:15 PM
To: 'McCallum, Robert'; ''Ccielab' (E-mail)'; 'Cisco@Groupstudy. Com
(E-mail)'; 'George'; 'Kev'; 'kevin'; 'sandra'; 'sandra1'; 'Warren'
Subject: RE: CCIE One Day Lab FAIL


For those that finished with an hour or so to spare, do you mind posting
what your estimated typing speed is?  I know it sounds funny, but I work
with someone who can type 120 words a minute and it seems to make all the
difference in a tight time situation like the lab.

Thanks in advance,

-Joe

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
McCallum, Robert
Sent: Tuesday, November 20, 2001 5:45 AM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin;
sandra; sandra1; Warren
Subject: CCIE One Day Lab FAIL


O.k.  I sat the exam last week and failed but by not a lot.  Silly mistakes
killed me.  For those of you who have still to experience the one day lab
then please read ahead.

Mostly everyone on this list stated that there was no time to do the lab or
check anything.  I found this to be so untrue it was unreal.  Most people on
the lab finished with an hour to go and I had more time than this to check
and try to get the annoying things that didn't work to work (although I
failed to get two things working)... So from that, my advice is if you are
stuck on something, move on and work your way through the workbook.  Once
you get to the end you should have plenty time to fix (if you can) the
problems you left.

From my experience of Brussels everything was there.  The proctors
turned up when they should, answered any questions you asked, there were
icons for each element you had to configure, there was paper, there were
pens, pencils, sharpeners and erasers.  Lunch was horrible although I don't
think anyone was to bothered about lunch, so if you are a person who cannot
go without lunch bring a packed lunch with you (just don't put your answers
in your lunch box !!).

All in all enjoy the experience and READ the questions (even the smallest
detail).  I am resetting in Feb next year and I reckon the pressure will
really be on then.  Most people fail 1st time anyway is what I can say this
time but next time ??

Robert McCallum
Ext 730 3448
DDI : 01415663448
Mobile : 07818002241




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=27067t=27067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE One Day Lab FAIL [7:26926]

[Jim Brown]

It sounds like you have the right attitude. Don't go in and think you are
going to fail, YOU CAN PASS on the first attempt. The exam is very doable
and is not overly tricky. A if I only had that first attempt back.

Stay calm and focused and try not to be freaked out on the first attempt. I
would probably say nerves cause more people to fail on their first attempt
than anything else. Don't be nervous, this is easier said than done.

REMEMBER THESE FEW THINGS:
1. It is only an exam and you can take it multiple times.
2. The proctors want you to pass and are there to clarify requirements and
issues with equipment.
3. ASK THE PROCTOR questions!
4. Look at the exam as a challenge which attempts to verify you understand
how the protocols and equipment work opposed to just knowing how to
configure them.

-Original Message-
From: Courtney Alexander Foster [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 20, 2001 12:56 PM
To: McCallum, Robert; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail);
George; Kev; kevin; sandra; sandra1; Warren
Subject: RE: CCIE One Day Lab FAIL


I know most people fail the first time...BUT I am NOT planning on failing my
first attempt. If I do, then fine...but I am not going into the test
planning to fail...in late January I will let you know how my experience
was. Anyway, Good luck on your next attempt.

-CAF

It's always darkest...right before it goes completely black

-Original Message-
From: McCallum, Robert [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 20, 2001 8:45 AM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin;
sandra; sandra1; Warren
Subject: CCIE One Day Lab FAIL


O.k.  I sat the exam last week and failed but by not a lot.  Silly mistakes
killed me.  For those of you who have still to experience the one day lab
then please read ahead.

Mostly everyone on this list stated that there was no time to do the lab or
check anything.  I found this to be so untrue it was unreal.  Most people on
the lab finished with an hour to go and I had more time than this to check
and try to get the annoying things that didn't work to work (although I
failed to get two things working)... So from that, my advice is if you are
stuck on something, move on and work your way through the workbook.  Once
you get to the end you should have plenty time to fix (if you can) the
problems you left.

From my experience of Brussels everything was there.  The proctors turned up
when they should, answered any questions you asked, there were icons for
each element you had to configure, there was paper, there were pens,
pencils, sharpeners and erasers.  Lunch was horrible although I don't think
anyone was to bothered about lunch, so if you are a person who cannot go
without lunch bring a packed lunch with you (just don't put your answers in
your lunch box !!).

All in all enjoy the experience and READ the questions (even the smallest
detail).  I am resetting in Feb next year and I reckon the pressure will
really be on then.  Most people fail 1st time anyway is what I can say this
time but next time ??

Robert McCallum
Ext 730 3448
DDI : 01415663448
Mobile : 07818002241




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26926t=26926
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: how much dram and flash [7:26255]

[Jim Brown]

Show version

-Original Message-
From: george gittins [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 14, 2001 11:06 AM
To: [EMAIL PROTECTED]
Subject: how much dram and flash [7:26255]


what command would tell me how much flash and memory i have.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=26258t=26255
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: isdn simulation [7:25713]

[Jim Brown]

There are three very popular simulators on the market.

The Adtran 550 or 800, Teltone, and Arca Emutel.

The Adtran is what is used in the CCIE lab and it is also the most
expensive. It is modular and very reliable. The Teltone and Arca have two
ports. I prefer the Arca because you can configure the ports as S/T or U.
This is something the other two can't do.

I've had an Arca and the Adtran and dollar for dollar I think the Arca is
the best product. It is limited to two ports, but for testing this is all
you should need. Firmware upgradeable and multiple switch type support.

They have a sales office in San Francisco and they are very responsive. It
will set you back $1500 - $2000 but you can resell it close to purchase
price when done. They hold their value pretty well.

-Original Message-
From: James [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 08, 2001 2:36 PM
To: Jim Brown
Subject: RE: isdn simulation [7:25713]


Jim
Thanks for the info. That's what I was afraid of..I
managed to mimic a t1 with back to back csu and was
wondering If isdn works the same way. I was looking at
the ccie lab book and it had an adtran box.

--- Jim Brown  wrote:
 This is the big stickler. The only way is with an
 actual ISDN line that
 could be shared by both routers or purchase a
 simulator. There aren't any
 cheap simulators either.
 
 -Original Message-
 From: James [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 08, 2001 2:11 PM
 To: [EMAIL PROTECTED]
 Subject: isdn simulation [7:25713]
 
 
 Hello everyone,
 Forgive my ignorance on this one...
 I am wondering that if someone has a practice lab at
 home, say 2 2503 with BRI interface, how would isdn connection be 
 simulated ? Appreciate any information on this.
 Thanks
 
 __
 Do You Yahoo!?
 Find a job, post your resume.
 http://careers.yahoo.com
[EMAIL PROTECTED]


__
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25717t=25713
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: worst company [7:25033]

[Jim Brown]

CheckPoint = (great product) - (any support infrastructure).

It is without a doubt the least supported product by a manufacturer I have
ever seen. I have outstanding TAC cases over a year old! They charge a
fortune for support and maintenance, which you must have, and you get
nothing for it.

The only thing that actually keeps it running are the private boards and
mailing lists.

It is extremely easy to use though and they own 60% of the market?

There are things you can do with CheckPoint that Cisco cannot even begin to
emulate.

-Original Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, November 01, 2001 11:23 PM
To: [EMAIL PROTECTED]
Subject: OT: worst company [7:25033]


Hello,

I had a very bad experience with Checkpoint and am
wondering if anyone had the same problem.

One of my clients wanted to try Checkpoint VPN-1 so I
filled out online eval form a month ago. A sales rep
called me the next day and said a reseller would
contact me in 5-10 days (5-10 minutes would make more
sense). I didn't hear nothing in 3 weeks so I filled
out online eval form again (I lost that rep's phone
number) and another sales rep called me said the same
thing. Now another week passed and I still didn't hear
nothing. 

My client is very unhappy so he decide to go with
Cisco. Is Checkpoint's business so good that they
couldn't handle or what? Anyway, Checkpoint lost my
client and I would never work with them again.

Jim

__
Do You Yahoo!?
Find a job, post your resume.
http://careers.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25060t=25033
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT:RE: worst company [7:25033]

[Jim Brown]

All I use are Nokia's. It is a great appliance. Nokia recently changed their
fee structure for direct support. I think your eyes might pop out of your
head when it comes time to renew.

-Original Message-
From: Eric Rivard [mailto:[EMAIL PROTECTED]] 
Sent: Friday, November 02, 2001 10:48 AM
To: [EMAIL PROTECTED]
Subject: RE: worst company [7:25033]


I agree Checkpoint's support is terrible, and Cisco provides great support
for any of their products. I like Checkpoint because how flexible it is, the
features it provides and the great logging features of it. But it is very
expensive. Most of my clients run a PIX as a firewall, mainly because of the
price, but when my clients need to have a lot of functionality like multiple
vpns, e-mail stripping, etc, Checkpoint is the best for that (my biased
option. :) ). Although Checkpoint's support is terrible Nokia provides
excellent support for Checkpoint. If you buy a Checkpoint firewall, I highly
recommend running it on the Nokia IP platform because of how easy it is to
set up and Nokia's support is great. They know more about Checkpoint than
Checkpoints engineers do. Every time I have called Nokia, an engineer was on
the phone resolving my issue in about 60 secs. Not only that but they are
friendly too (something you don't see often.).

-Original Message- 
From: root 
Sent: Fri 11/2/2001 8:42 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re: worst company [7:25033]



Marshal Schoener wrote:

 Agreed, however there is great 3rd party support available for
Checkpoint
 from many vendors.
 UUNet has a very good support program for Checkpoint.

 No matter who is supporting it though, Checkpoint's license
procedure is
 horrible!
 I once went 6 months from eval license to eval license because we
couldn't
 get a permanent license to work properly.

 That being said, in my opinion, there is no better firewall.
Regards,

 -Original Message-
 From: Jim Brown [mailto:[EMAIL PROTECTED]]
 Sent: Friday, November 02, 2001 9:56 AM
 To: [EMAIL PROTECTED]
 Subject: RE: worst company [7:25033]

 CheckPoint = (great product) - (any support infrastructure).

 It is without a doubt the least supported product by a
manufacturer I have
 ever seen. I have outstanding TAC cases over a year old! They
charge a
 fortune for support and maintenance, which you must have, and you
get
 nothing for it.

 The only thing that actually keeps it running are the private
boards and
 mailing lists.

 It is extremely easy to use though and they own 60% of the market?

 There are things you can do with CheckPoint that Cisco cannot even
begin to
 emulate.

 -Original Message-
 From: Jim Bond [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 01, 2001 11:23 PM
 To: [EMAIL PROTECTED]
 Subject: OT: worst company [7:25033]

 Hello,

 I had a very bad experience with Checkpoint and am
 wondering if anyone had the same problem.

 One of my clients wanted to try Checkpoint VPN-1 so I
 filled out online eval form a month ago. A sales rep
 called me the next day and said a reseller would
 contact me in 5-10 days (5-10 minutes would make more
 sense). I didn't hear nothing in 3 weeks so I filled
 out online eval form again (I lost that rep's phone
 number) and another sales rep called me said the same
 thing. Now another week passed and I still didn't hear
 nothing.

 My client is very unhappy so he decide to go with
 Cisco. Is Checkpoint's business so good that they
 couldn't handle or what? Anyway, Checkpoint lost my
 client and I would never work with them again.

 Jim

 __
 Do You Yahoo!?
 Find a job, post your resume.
 http://careers.yahoo.com
I have you beat,  I waited 8 months for a perm. license from
Checkpoint.

-Andrew
[EMAIL PROTECTED]

[GroupStudy.com removed an attachment of type application/ms-tnef which had
a name of winmail.dat]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25099t=25033
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP addressing Subnetting [7:24712]

[Jim Brown]

Who needs to worry about subnetting with the one day exam? (disclaimer: this
is only a joke, no flames please)

-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, October 31, 2001 12:19 PM
To: [EMAIL PROTECTED]
Subject: Re: IP addressing Subnetting [7:24712]


Good.. but you can't have a subnet with 31 bits that would 
leave 2 hosts and the network address and the broadcast would use 
them up, so you end up with 0 hosts per subnet.  For point-to-point 
serial links, you'd usually use a /30 (255.255.255.252) which gives you 
4 addresses per subnet (1 network, 1 broadcast, and two hosts)

Mike W.

Mike, your answer has been correct for a long time.  However, let me 
cite a recent RFC with a lead author from Cisco:

3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links. A. Retana, R.
  White, V. Fuller, D. McPherson. December 2000.

I believe some recent IOS versions, primarily intended for carriers, 
will support /31 on point-to-point media.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24849t=24712
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Written - scoring method [7:24272]

[Jim Brown]

I don't think each question counts as a single point. I believe some are
weighted different than others.

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 26, 2001 1:10 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE Written - scoring method [7:24272]


It's a scale from 0-100, and I believe each question counts as one
point.  At least I seem to remember getting 100 questions.  :-)

 Robert  10/26/01 12:44:44 PM 
Hi All,

I apologize in advance is I am asking anybody to violate the NDA, but
I
think this quesiton is pretty sanitary.

Is the CCIE written scored on a scale between 1-1000, or is it like the
CCNP
exams where the scale is 300-1000?

Thanks,

Robert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24285t=24272
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE latest Number [7:24031]

[Jim Brown]

Looks like the numbers have come close to a screeching halt. On August 30th,
they were handing out the low 8100's.

-Original Message-
From: kwock99 [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 24, 2001 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: CCIE latest Number [7:24031]


Hi Jim,

Thanks for your info. Just checking if the CCIE number is keep on going
without re-use the number.

Hence, when I look at the number and make a comparison and I will know when
the CCIE got cerification. Do I correct?

Thanks.

Francis

- Original Message -
From: Jim Yam 
To: 
Sent: Thursday, October 25, 2001 12:40 AM
Subject: Re: CCIE latest Number [7:24031]


 I have a coworker just got his CCIE last Friday and his number is 8285.

 kwock99  wrote in message
 news:...
  Anyone knows what is the latest CCIE number or where to check the latest
  number?
 
  Thanks.
 
  Francis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24036t=24031
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Has anyone failed the CCIE Written? [7:21970]

[Jim Brown]

I would say the requirement of the CCNP/CCNA for CCIE written/lab attempts
is only a matter of time.

-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 04, 2001 11:01 AM
To: [EMAIL PROTECTED]
Subject: RE: Has anyone failed the CCIE Written? [7:21970]


Ruben,

I'd like to ask you if you already hold any Cisco certifications like CCNA,
CCNP, etc. or if you're going for the CCIE written from scratch.

Personally I would think that it would be an enormous help to have at least
CCNP before attending the CCIE written (and lab), unless you're born with a
router in one hand and a switch in the other - but I know that Cisco do not
demand you to have any certifications.

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~


-Original Message-
From: Ruben Arias [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 04, 2001 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: Has anyone failed the CCIE Written? [7:21970]


Twice!
I did my first try last year, haven't read all the books recommended in this
list and of course failed. 10 months later I thought I was prepared to try
it again. It was a completely different exam. I think I will not violate NDA
by telling you, you have to know RIF, besides that the exam deals with
technology, everything stated in the blue print is tested. After the second
try,I was much frustrated, because I was sure I passed and didn't know what
else to study, I started all over again, I am studying from all books again,
browsing CCO more carefully. This is a hard exam, I'm sure next time will be
also different.
Saludos
Ruben




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=22074t=21970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Has anyone failed the CCIE Written? [7:21970]

[Jim Brown]

LB also promised they would never go to a one day lab?

What was once considered outlandish and foolish has become reality.

I honestly believe in the future the NP will be a requirement to attempt the
IE. This is only my opinion.

Extended the testing stream another 5 exams and countless copies of Cisco
Press materials.

Just remember e-mail [7:21970] in 24 months.

-Original Message-
From: EA Louie [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 04, 2001 5:14 PM
To: [EMAIL PROTECTED]
Subject: Re: Has anyone failed the CCIE Written? [7:21970]


I don't think they'd do that - the CCIE written is being revamped to 'fill
in the gaps' from the things that have been removed from the CCIE Lab, and
has always been a separate certification track from the NA/NP track.

-e-

- Original Message -
From: Jim Brown 
To: 
Sent: Thursday, October 04, 2001 10:07 AM
Subject: RE: Has anyone failed the CCIE Written? [7:21970]


 I would say the requirement of the CCNP/CCNA for CCIE written/lab attempts
 is only a matter of time.

 -Original Message-
 From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, October 04, 2001 11:01 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Has anyone failed the CCIE Written? [7:21970]


 Ruben,

 I'd like to ask you if you already hold any Cisco certifications like
CCNA,
 CCNP, etc. or if you're going for the CCIE written from scratch.

 Personally I would think that it would be an enormous help to have at
least
 CCNP before attending the CCIE written (and lab), unless you're born with
a
 router in one hand and a switch in the other - but I know that Cisco do
not
 demand you to have any certifications.

 Ole

 ~~~
  Ole Drews Jensen
  Systems Network Manager
  CCNP, MCSE, MCP+I
  RWR Enterprises, Inc.
  [EMAIL PROTECTED]
 ~~~
  http://www.RouterChief.com
 ~~~
  NEED A JOB ???
  http://www.oledrews.com/job
 ~~~


 -Original Message-
 From: Ruben Arias [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, October 04, 2001 11:29 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Has anyone failed the CCIE Written? [7:21970]


 Twice!
 I did my first try last year, haven't read all the books recommended in
this
 list and of course failed. 10 months later I thought I was prepared to try
 it again. It was a completely different exam. I think I will not violate
NDA
 by telling you, you have to know RIF, besides that the exam deals with
 technology, everything stated in the blue print is tested. After the
second
 try,I was much frustrated, because I was sure I passed and didn't know
what
 else to study, I started all over again, I am studying from all books
again,
 browsing CCO more carefully. This is a hard exam, I'm sure next time will
be
 also different.
 Saludos
 Ruben
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=22140t=21970
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN Troubleshooting [7:20403]

[Jim Brown]

I had a problem similar to this in Canada with an ISDN circuit. Try placing
a 9 in from of the dial string. Like office phones when you need to grab an
outside line.

My dial strings looked like 913035551212. The 9 to grab an outside line and
then the full dial string with the 1 prefix for long distance if required.

Please let me know the outcome. I'm interested.

-Original Message-
From: Michael Gergov [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 19, 2001 9:12 AM
To: [EMAIL PROTECTED]
Subject: ISDN Troubleshooting [7:20403]


Hi everyone,

I was troubleshooting a DDR Backup with ISDN line, here is what happened.
Location 1 was setup to initiate the call, Location 2 to accept it . (I went
trough the config n+1 times).
The connection was never established. I set up the syslog server and
debugging of Q931.
Here is the excerpt out of the syslog.




DISCONNECT pd = 8  callref = 0xC9
Cause i = 0x81D8 - Incompatible destination
 Signal i = 0x03 - Network congestion tone on


I put 1 in front of the dial string xxx-xxx-, and it changed to the
following.

DISCONNECT pd = 8  callref = 0xF4
Cause i = 0x82A2 - No channel available
Signal i = 0x03 - Network congestion tone on



DISCONNECT pd = 8  callref = 0xA2
Cause i = 0x80C1 - Bearer capability not implemented
 Signal i = 0x03 - Network congestion tone on


Than I reversed the configuration-Location 2 calling Location 1 - It was
working just the way it supposed to.

I am not an ISDN specialist,so can someone tell me, what my problem with the
first setup was?

Many Thanks,
Michael




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20426t=20403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Ugly Access Lists [7:19996]

[Jim Brown]

10.0.200.32 mask 0.255.0.15

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 14, 2001 12:59 PM
To: [EMAIL PROTECTED]
Subject: Ugly Access Lists [7:19996]


I just had to write the ugliest access list I've ever personally
configured.  I had to allow the following traffic:

-  First octet must be 10
-  Second octect can be anything
-  Third octect must start with 200
-  Fourth octet must be in the .32 subnet, assuming a /27 mask length.

Using a single permit statement, how would you write this?  I know how
I did it, but for those of you needing some access list practice (and
who actually feel like doing this sort of exercise at this time), I'd
like to see how you would do it.

Regards,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20001t=19996
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: spid and ldn numbers [7:19752]

[Jim Brown]

You call the LDN, the local directory number. The SPID identifies the
circuit between the router and the CO/Simulator switch. 

The SPID goes no further.



-Original Message-
From: Lists Wizard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 7:31 AM
To: [EMAIL PROTECTED]
Subject: spid and ldn numbers [7:19752]


Hi Group,

I am realy confused about spid and ldn numbers. Which
one will a remote user use to dial into my isdn
router?


Thanks
Lw

__
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19764t=19752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: filtering ospf [7:19856]

[Jim Brown]

How about a passive interface with a neighbor statement. Changes the
behavior from multicast to unicast, thereby eliminating traffic to the rouge
router.


-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 3:06 PM
To: [EMAIL PROTECTED]
Subject: filtering ospf [7:19856]


Anyone remember how to ACL ospf?  

basically I have area 0 on one interface of a router that touches another
company's area 0 (we're splitting)  And I want to stop sending them updates
and stop receiving updates from them.

The real kicker is that I still have another router on that side in area 0
that WAS vendor supported and I can not make any changes to it. (therefor
area 0 must remain for it to communicate properly)

I seem to recall reading about filters designed just for this scenario but I
can not find them in conf t Anyone else know?

-Patrick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19859t=19856
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: filtering ospf [7:19856]

[Jim Brown]

Let me rethink that one

change the interface type with the ospf interface command to non-broadcast
and use a neighbor statement to select the router on the multi-access
segment you would like to form and adjacency with.


-Original Message-
From: Jim Brown [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 3:33 PM
To: [EMAIL PROTECTED]
Subject: RE: filtering ospf [7:19856]


How about a passive interface with a neighbor statement. Changes the
behavior from multicast to unicast, thereby eliminating traffic to the rouge
router.


-Original Message-
From: Patrick Ramsey [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 13, 2001 3:06 PM
To: [EMAIL PROTECTED]
Subject: filtering ospf [7:19856]


Anyone remember how to ACL ospf?  

basically I have area 0 on one interface of a router that touches another
company's area 0 (we're splitting)  And I want to stop sending them updates
and stop receiving updates from them.

The real kicker is that I still have another router on that side in area 0
that WAS vendor supported and I can not make any changes to it. (therefor
area 0 must remain for it to communicate properly)

I seem to recall reading about filters designed just for this scenario but I
can not find them in conf t Anyone else know?

-Patrick




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19871t=19856
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Back to back ISDN [7:19414]

[Jim Brown]

Can't they share a ISDN line? Doesn't the protocol allow for multiple ST
devices assigned different endpoints on the same circuit? Most NT1s have
multiple ST connections.

I'm only speaking from a theoretical standpoint and could be completely way
off base, but couldn't two routers share and single ISDN circuit.

A very fair B channel for each?

-Original Message-
From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 11:15 AM
To: [EMAIL PROTECTED]
Subject: RE: Back to back ISDN [7:19414]


Two telephones have two telephony links... and they can be linked together
using a bus... but without POTS service, they can't call each other, can
they.  All the bus does is enable multiple ISDN devices to be able to
connect to the ISDN service (which is provided either by a telco or a
simulator).

And yes, I visited the URL you posted.  The ISDN BRI service and ISDN cloud
are key components of that excerpt.


  -- Leigh Anne

 -Original Message-
 From: Daniel Cotts [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 11, 2001 10:40 AM
 To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
 Subject: RE: Back to back ISDN [7:19414]


 Yes, but an ISDN BRI line has two B channels. A POTS line has one channel.
 Did you visit the URL in my previous post?

  -Original Message-
  From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, September 11, 2001 11:36 AM
  To: Daniel Cotts; [EMAIL PROTECTED]
  Subject: RE: Back to back ISDN [7:19414]
 
 
  Let me give you an analogy as to what you've described.  I
  take a little
  gizmo that splits my telephone outlet into two outlets (I use
  one of these
  for my answering machine and telephone).  I can plug two
  telephones into the
  gizmo, but can they call each other?  Without telephone
  service, no.  But I
  have my own bus where I can connect multiple telephony devices...
 
   -Original Message-
   From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of
   Daniel Cotts
   Sent: Tuesday, September 11, 2001 10:34 AM
   To: [EMAIL PROTECTED]
   Subject: RE: Back to back ISDN [7:19414]
  
  
   See the following:
   http://www.isdnzone.com/info/bri.htm
  
   As I mentioned in a previous off line post, if you have an NT-1
   device with
   multiple connection points (s bus?) then you can connect several
   devices to
   it. Configure each with its own B channel SPID. I have not
  done this but
   everything that I read indicates that it can be done. Try it.
  
-Original Message-
From: Rick Harville [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 10:15 AM
To: [EMAIL PROTECTED]
Subject: Back to back ISDN [7:19414]
   
   
I have received several responses sofar expressing a great
interest in the
solution. Back to back ISDN over a single ISDN line seems
  to be a very
acceptable approach to simulating DDR. Unfortunately, nobody
seems to be
able to confirm that it can be done. A seach of archives
reveals discussions
but no real verification that this is possible. The p If
anyone has actually
done this please respond as there seems to be a great
interest in doing this.
   
Once again, the question is, can you connect two BRI (st)
interfaces through
a NT1 device using only a single ISDN line?
   
I have 2 Cisco 2503's with st Bri. Im using Motorola NT1
  device with a
single U interface and 2 ST ports. I have at my disposal a
single ISDN line
from SW Bell. I would like to split the spids at the nt1
device and practice
my DDR with only one spid on each router.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19444t=19414
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing and Bridging [7:19472]

[Jim Brown]

int e0
ip address X.X.X.X Y.Y.Y.Y

int e1
bridge-group 1

int s0
ip address X.X.X.X Y.Y.Y.Y

int s1
bridge-group 1


bridge 1 protocol ieee (or dec)



-Original Message-
From: Russ Kreigh [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 11, 2001 2:24 PM
To: [EMAIL PROTECTED]
Subject: Routing and Bridging [7:19472]


Hello all -

I need to bridge E1 to S1 on a router, and route E0 to S0, how can I do
this? This router config is the same on each end.


END A  END B

E0-S0  --  S0-E0
E1-S1  --  S1-E1 (Bridge)

Thanks

-Russ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19479t=19472
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Passed the CCIE Written! 850 [7:19304]

[Jim Brown]

One day all the way, unless you are willing to take within the next few
weeks. There are dates open this month.

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 10, 2001 2:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Passed the CCIE Written! 850 [7:19304]


Congratulations!!  That's very cool!

As far as the lab, last time I checked CCO stated that any labs
scheduled after Sep. 1 would be the one-day lab.  If that's still the
case, then you're stuck with the new lab.  It may have changed, though. 
Check out CCO to find the details.

Regards,
John

 Tom Keough  9/10/01 1:59:33 PM 
Thanks to all who responded to my question regarding time pressure and
the
written... I passed with a score of 85%!!! What a relief. When I got
home
with my registration number in hand I went to the Cisco web site and
tried
to register for the lab. Too soon, the error message says it will take
3 to
5 days for my results to make it to the registration database...;-(  I
want
to see if I have a choice of a one day or two day lab date, anyone
know?

BTW I could go back to review my answers! I marked six that I guessed
at and
at the end of the exam I still didn't know them, not much help for me.
Thanks again,
Tom

Tom Keough, CCNP, MCSE
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19310t=19304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SE Practice Lab v1.0GG [7:16852]

[Jim Brown]

Does anyone have the solution for this lab?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16852t=16852
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Boson Test Question [7:16895]

[Jim Brown]

If the question were worded, In OSPF, the DR is chosen with, I might agree
with the Boson answer, but it seems incorrect with the question stated as
such.

It is fairly ambiguous, but I wouldn't worry about it. You obviously
understand the concept and that is what is really important. I wouldn't
think the exam would be so ambiguous or tricky.



-Original Message-
From: Wright, Jeremy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 3:42 PM
To: [EMAIL PROTECTED]
Subject: Boson Test Question [7:16895]


In OSPF, the DR is chosen by
A.  MAC
B.  Hello Protocol
C.  Priority
D.  IP

I chose C but Boson says B. Obviously I have read a 1000 times that the DR
is elected by highest priority, so is Boson wrong here or am I
mis-interpreting the way the question is worded (typical Cisco)..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16898t=16895
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ip ospf network [7:16589]

[Jim Brown]

The network types must match so the OSPF timers will match and the routers
will form neighbor adjacencies.

There are different reasons why you would want to use each network type, but
the important thing is they all match, or more correctly the timers all
match.

If routers are not neighbors they will not exchange routing information,
breaking the routing process.

In your situation you could make them all point-to-multipoint, broadcast, or
non-broadcast.

-Original Message-
From: Jim Coyne [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 20, 2001 1:32 PM
To: [EMAIL PROTECTED]
Subject: ip ospf network [7:16589]


I have a frame relay network setup with all point-to-point connections on
sub-interfaces. I get the same result if I use ip ospf network
point-to-point as I do when I don't use it. What is the point (no pun
intended) of this command if it gives me the same results as without it? I
also noticed that one of the the routers in my lab has version 10.3 IOS and
the ip ospf network command doesn't let you set point-to-point, only
point-to-multipoint, non-broadcast and broadcast. How would I make a version
10.x router work with the 12.x routers that have ip ospf network
point-to-point set? (and please don't say upgrade the IOS)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16594t=16589
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Written Exam [7:2137]

[Jim Brown]

It has been a while since I sat the written. If I remember correctly, the
tricky part was select the correct answers. The operative word answers
being plural. It could be one, two, three 

You either know it or you don't.

-Original Message-
From: Rayappa Mayakunthala [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 18, 2001 11:06 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Written Exam [7:2137]


Would it at least state in the braces that this question has multiple
answers? 

Rayappa.


-Original Message-
From: Saleem Nathoo [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, April 26, 2001 10:55 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Written Exam [7:2137]


Hi,

It does not state how many answers it wants for the question.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Vincent Chong
Sent: Thursday, April 26, 2001 1:13 PM
To: [EMAIL PROTECTED]
Subject: CCIE Written Exam [7:2137]


Hi;

I know the exam is Multiple Choice.

The questions will stated that how many answer is looking for or
not?

Thanks
Vincent
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
This message is confidential and may also be legally privileged.  If you are
not the intended recipient, please notify us immediately.  You should not
copy it or use it for any purpose, not disclose its contents to any other
person.  The views and opinions expressed in this e-mail message are the
author's own and may not reflect the views and opinions of Wilco
International




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16469t=2137
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: To CSU/DSU or not to CSU/DSU [7:16368]

[Jim Brown]

If you have the right chassis you could use an Integrated T1 MFT card, which
I believe, allows splitting of voice and data.

-Original Message-
From: dragi radovanovic [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 17, 2001 7:53 AM
To: [EMAIL PROTECTED]
Subject: RE: To CSU/DSU or not to CSU/DSU [7:16368]


Jim,

look at it from this perspective:
with an external CSU/DSU you will have two possible point of failure: the
CSU/DSU and the  serial interface (WIC-1T). If you go with wic-1dsu-t1, and
something happens on that link, it is easier to troubleshoot the problem on
the wic-1dsu-t1.
The problem with this card is that you can't split voice and data, not can
you play with cable lenghts.
Regards,
Dragi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=16396t=16368
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Basic and Primary Rate ISDN Emulator for sale [7:12411]

[Jim Brown]

You can buy a modular Adtran Atlas 550 cheaper than this unit. It will
support IP, Frame, POTS, BRI, and PRI?

-Original Message-
From: SCollinson [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 15, 2001 8:42 AM
To: [EMAIL PROTECTED]
Subject: Basic and Primary Rate ISDN Emulator for sale [7:12411]


Have a look at the following ebay auction for the best priced basic and
primary rate emulator you are going to find, that also comes with a
warranty.

There is no reserve on the auction and you can buy independent of the
auction.

No need to fight it out with others, mail me and we will send you a personal
quote.

We are the number 1 UK distributor for these products, so this means you get
the best deal around.

Products can be shipped world wide.

Please read the details on the e-bay auction and mail us with any further
queries.

Regards

Steve Collinson

http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItemitem=1254938863




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12426t=12411
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AGS+ crossed over to 2610, Serial cable length issue? [7:10812]

[Jim Brown]

Which interface is providing clock for the connection? I don't see a 'clock
rate X command under either interface?

-Original Message-
From: Tim Medley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 03, 2001 8:51 AM
To: [EMAIL PROTECTED]
Subject: AGS+ crossed over to 2610, Serial cable length issue? [7:10810]


I've finally decided to sit down and try to troubleshoot what I thought
was a faulty serial port on my AGS+.

I have a 2610 with a WIC-2T connected to my AGS+ via a CAB-SS-V35MT and
a CAB-VCF. The CAB-VCF is from pacific cables and is a 26pin DCE to a
V.35 winchester cable. The CAB-VCF is 6 feet long and the CAB-SS-V35MT
is 10 feet long; so I have a 16 foot crosover cable.

When I cable the two routers together and just configure a simple point
to point connection, with the following config:

AGS+
int s2
ip address 100.100.100.1 255.255.255.252
encap ppp
no shut

2610
int s0/0
ip address 100.100.100.2 255.255.255.252
encap ppp
no shut

The serial interfacces come up/up but then after a second or two line
protocol goes down on both sides and they become up/down.

I thought the AGS+'s serial interface was bad (I had a bad applique a
while back). So I moved to a different interface on the AGS+, same
situation.

I then decided to try a different router, I replaced the AGS+ with a
CGS, and I got the same results.

I now think the issue is with the cable. a) I could have a bad cable. b)
the cable I have could be two long.  I have replaced the CAB-SS-V35MT,
with no luck. What kind of issues would I see if the cable was too long?
Would I see the issue I am experiencing? I'm getting ready to call
Pacific Cable and order another CAB-VCF.

tim




Tim Medley - CCNP+Voice
Network Architect
VoIP Group
iReadyWorld

704-943-3615 - Phone
704-943-3660 - Fax
877-6-iReady - Helpdesk




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=10812t=10812
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNA scoring [7:10407]

[Jim Brown]

Sit the IE written and let me know what you think.

-Original Message-
From: Sam Sneed [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 29, 2001 9:12 AM
To: [EMAIL PROTECTED]
Subject: CCNA scoring [7:10407]


I passed CCNA yesterday with a 946/1000(there is no integer divisible by 65
that would give me this score so I know its curved).  I did not think I was
doing well throughout the exam yet I got a good score. When it started, I
was  told that you need 849/1000 based on a score that ranges between 300
and 1000. So is this graded on a curve? If I got 3 wrong would my score be
62/65= 954/1000? I don't think it works that way. I overstudied thinking I
needed at least 55/65 to pass but I do not think this was the case. Why
would they grade on a curve? If you can't answer 85% of the questions I
think you should fail.  Are the CCNP exams graded on this weird scale and as
easy to pass as well? I recieved my MCSE a few months ago and honestly think
the scenario questions on  those test were harder than any of the questions
on th CCNA.Coming from a Computer Science background at Rutgers, I can
guarantee the midterms and finals on my networking courses there were 100
times more challenging than these exams.I barely needed a pen and paper
throughout the whole CCNA.

 Anyway before I digress any further I just wanted to know how the grading
worked on the CCNP and the scores required to pass.

Thanks.

Sam Sneed
 CCNA # 3,324,567,892
  MSCE # 5,324,324,332




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=10408t=10407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No-Export [7:9565]

[Jim Brown]

Ahh, but does the neighbor/peer configuration include the send community
statement?

-Original Message-
From: Bradley J. Wilson [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 22, 2001 2:54 PM
To: [EMAIL PROTECTED]
Subject: Re: No-Export [7:9565]


Sounds like you've got it.  AS 100 sends a route to AS 200 with the
no-export tag set.  AS 200 takes the route, and uses it, but doesn't send
it out to AS 300.  AS 300 is either kept in the dark, or learns about the
route via a different path.


- Original Message -
From: Rossetti, Stan
To: [EMAIL PROTECTED]
Sent: Friday, June 22, 2001 4:39 PM
Subject: No-Export [7:9565]


Can someone explain what exactly the no-export command is used for in BGP.
I am having problems getting this comand to work the way I think it is
supposed to work.  Maybe I am off base in my definition of it, but I am
using Halabi's book as reference.

Basically I have a peering session with a bgp  peer and I am advertising a
single route to them.  This route is then taken by my peer and being
readvertised to the world and back into my network at another location
(asymetrical routing).  I have a hard time getting my bgp neighbor
administrator to make changes for me, so I want to stop the advertisement of
the bgp route outside my neighbor's network (as number) using the no export
command.  Is this the correct application for no export or are there better
ways of skinning this cat?  Where is my logic being lead astray?  Thanks in
advance for any help.


Thanks

Stan Rossetti


NASA - PriSMS
Advanced Technology Group
Voice:  (256) 544-5031
Email:  [EMAIL PROTECTED]
Beeper:  544-1183 pin 0112

CCDA, CCNA, CCSE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=9571t=9565
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE LAB EXAM Arrangement [7:5158]

[Jim Brown]

If you score less than 20 points on your first day you must wait 6 months.
If you fail and score more than 20 points the candidate can reschedule the
lab in as little as 1 month.

You must attempt the lab at least once within the first year of passing the
written or the candidate must sit the written again.

The candidate has a total of three years to successfully pass the lab after
passing the written.

-Original Message-
From: Mich [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 19, 2001 9:01 PM
To: [EMAIL PROTECTED]
Subject: CCIE LAB EXAM Arrrangment [7:5158]


If a person fial the Lab exam the first time, hhow long does he have to wait
before a retry?

Is ther any upper limit of retry ateempts?

Mic
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5159t=5158
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: back-to-back t1 with wic-1dsu-t1? [7:3633]

[Jim Brown]

I believe clock source internal on one of the cards is all you need to bring
them up. Please post the 'show interface' results from both routers and the
related configs.

What pinouts did you use for the cross-over cable?

What LEDs are illuminated on the cards with the cable plugged in?

Are you sure the interfaces are not in a shutdown state?

-Original Message-
From: Neil Schneider [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 08, 2001 10:47 AM
To: [EMAIL PROTECTED]
Subject: back-to-back t1 with wic-1dsu-t1? [7:3633]


I am trying to set up 2 t1 wics back to back to simulate a t1 wan
connection.  I have a T1 crossover cable,  clock source is internal on one
card, but I get nothing, down and down.  Is anyone doing this and willing to
share a configuration?  Or give me a hint as to what may be wrong

Thanks

Neil Schneider
CCNP   CCSI (setting up a CCIE lab)
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=3635t=3633
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Switches/cables [7:3673]

[Jim Brown]

It is sort of like the ratings on tires. You should buy something like a Z
rated tire for high speeds on an automobile. You can buy a cheaper tire, but
it probably won't hold up at 150mph. It will work fine for cruising around,
but watch out when you try to push it to the limit.

Those connectors will work but errors and other issues can effectively
reduce your net speed.

-Original Message-
From: John Chang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 08, 2001 2:08 PM
To: [EMAIL PROTECTED]
Subject: Switches/cables [7:3673]


I looked at my G4 mac and the Apple System Profiler says 100Mbps/full 
duplex.  The 3548 XL switch says 100Mbps/full duplex.  How could that be 
possible when the patch panel connectors are 10Mbps and the connector on 
the wall is 10Mbps.  The cable is Cat 5.  I thought everything was suppose 
to be 100Mbps for the switch and the computer to register it as 
100Mbps/full??  So, what gives?  Thanks.
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=3675t=3673
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

[Jim Brown]

Security holes in lower layers? Where did you come up with that, your Cisco
rep?

-Original Message-
From: Eugene Nine [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 03, 2001 5:01 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]


PIX goes up to layer 4, so it won't do things like URL filtering.
Checkpoint (or other SW) can do higher layer protection but may not be as
well at the lower layers (due to security holes in the OS, etc)
Eugene

Chuck Larrieu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Asked sincerely, what advantages do you see in provisions PIX plus
 checkpoint?

 Chuck

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
 [EMAIL PROTECTED]
 Sent: Thursday, May 03, 2001 2:47 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

 It depends on your security policy , design and needs  , generally what we
 advice our
 customers is checkpoint + pix together

 Hatim badr a icrit :

  Hi ,
 
  I would like to know the pluses and minuses of each product .  Currently
 We
  are using checkpoint and I want to convince my management to switch to
 cisco
  PIX firewall .
 
  Thanks
 
  Hatim
 
  
  Get free email and a permanent address at http://www.netaddress.com/?N=1
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=3186t=2878
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]

[Jim Brown]

On the flushing noise. It sounds more like job security to me! Which is
better, to have an effective, understandable security policy that is easily
managed through a GUI, or a complex command line driven attempt at a
security policy. The job security is in not making stupid mistakes in policy
design/implementation. An incident or compromise related to a stupid policy
mistake is the quickest way out the door.

As far as the PIX GUI is concerned, I was privileged enough to take a look
at a beta of it a month ago. It is strikingly similar in layout to the
CheckPoint GUI. It is definitely a step in the right direction. Had Cisco
been more generous on trade-in values I would be the latest convert to the
PIX cult.

CheckPoint's biggest downfall is support. It downright stinks. If anything
can topple them from their perch support will be it. There is no TAC to call
and get a person who can answer your question. The top support people are in
friggin'' Israel working 9-5 hours for god's sake. You do the math and
timezone conversion.

They are both great products, but when someone starts saying one is more
secure than the other, hold on!

A couple parting questions for stimulating conversation

Can you manage and install policy to multiple PIX firewalls simultaneously?
(With a $15K add-on)

How often do your throughput needs exceed the ~80Mb threshold of CheckPoint?

Who has 52% market share?

The right product for the right environment.


-Original Message-
From: Allen May [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 04, 2001 10:05 AM
To: [EMAIL PROTECTED]
Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]


I installed the GUI for the PIX but haven't used it yet.  Letting something
else build my config just seems weird ;)  Almost like job security making a
flushing noise...rofl.

- Original Message -
From: Maness, Drew 
To: 
Sent: Friday, May 04, 2001 10:29 AM
Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]


 I don't think it is security holes at a lower layer.  Checkpoint installs
 what they call a shiv between the network and data link layer to protect
the
 IP stack.  And if you were to take advantage of OS security flaws you
would
 be doing it at the Session Layer and above, not the lower layers.


 About five years ago it used to be the case the application based
firewalls
 did not protect the network as well as packet filtering.  But that was
 because people didn't really understand what a firewall was. Most people
 considered a proxy server as a sort of firewall.

 I remember a client telling me they were protected because they used
 reserved ip address and M$ proxy.  In fact at the time M$ was marketing
 their proxy server as a poormans firewall.

 But today firewalls protect the IP stack.  And most people know that a
proxy
 is not a firewall.  So this hardware based is better than software based
 stuff does not ring true.

 When someone asks me which is better Pix or Checkpoint, I tell them it
 depends. I can find you studies that says Pix has better throughput than
 Checkpoint and vise versa.

 The real difference between them is that Checkpoint has a gui interface
and
 Pix has the o'l command line.  You can pretty much do the same thing with
 them, so what it comes down to is what are you or your staff more
 comfortable configuring.  Are you a cisco shop, buy the pix, are you an
 NT/Unix shop, buy Checkpoint.  Beyond that it is all marketing semantics.

 In fact I have heard, but not seen, that their is a new gui interface for
 the Pix.  Anyone used it lately?

 I haven't had time to work with it, since I'm preparing for this little
know
 lab called CCIE or something like that.  What's an IGP? (oh my brain is
 starting to hurt...)

 -Original Message-
 From: Jim Brown [mailto:[EMAIL PROTECTED]]
 Sent: Friday, May 04, 2001 7:45 AM
 To: [EMAIL PROTECTED]
 Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]


 Security holes in lower layers? Where did you come up with that, your
Cisco
 rep?

 -Original Message-
 From: Eugene Nine [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, May 03, 2001 5:01 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]


 PIX goes up to layer 4, so it won't do things like URL filtering.
 Checkpoint (or other SW) can do higher layer protection but may not be as
 well at the lower layers (due to security holes in the OS, etc)
 Eugene

 Chuck Larrieu  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Asked sincerely, what advantages do you see in provisions PIX plus
  checkpoint?
 
  Chuck
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
  [EMAIL PROTECTED]
  Sent: Thursday, May 03, 2001 2:47 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
 
  It depends on your security policy , design and needs  , generally what
we
  advice our
  customers is checkpoint + pix together
 
  Hatim badr

RE: ISDN BRI up but does not ping [7:2712]

[Jim Brown]

I scanned the message and noticed the configs at the bottom.

You only applied a dialer-group on the dialing end. My testing and
observation determined that you need a dialer-group statement on the remote
end also.

If you do not define any interesting traffic for the remote end it will not
send any packets back to the host that initiated the call.

I always assumed you only needed to define interesting traffic to initiate a
call, so why would I need the dialer-group statement on the remote end?

When initially goofing around with ISDN I noticed this behavior. I could not
find it documented anywhere. I just assumed if the connection is up why do I
need to define interesting traffic for the remote end. This drove me crazy
for a few hours.

List, please correct me if I'm crazy. I noticed this behavior with 12.0 IOS.

-Original Message-
From: Jaeheon Yoo [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 01, 2001 3:57 PM
To: [EMAIL PROTECTED]
Subject: Re: ISDN BRI up but does not ping [7:2712]


Hi, Shoaib.

First of all, you have to check if the ping packet is ever received by
the remote end, is it possible to debug ip packet at the remote end?
If it's not possible, check it at the center site with this.

access-list 110 permit ip 130.1.1.0 0.0.0.255 130.1.1.0 0.0.0.255
debug ip packet detail 110

If it's ever really sent to the remote end, then check if your isdn
interface of the remote end has any access-lists configured, which may
block return ping(echo reply) or any policy routing on that matter.

From your post, I have found nothing wrong with ISDN configuration.
But one thing is missing at the remote end, you have to add
dialer-group command to reset idle timer when interesting packets are
passed. But I guess this is not directly related to your current
problem.

Please let me know how you solved the problem, if it's done.

Regards,
Jaeheon

On 1 May 2001 14:43:19 -0400, [EMAIL PROTECTED] (Shoaib Waqar)
wrote:

I have traced the route as well, the data is not
passing across the ISDN link.

I also have used extended ping, but it does not ping.

Shoaib

--- Albert Lu  wrote:
 Do you know whether data is going across the link at
 all?
 
 Try a trace to the other side, and see what route
 the packet takes.
 
 
 Albert
 
  -Original Message-
  From: Shoaib Waqar [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, 1 May 2001 10:15 
  To: Albert lu
  Cc: [EMAIL PROTECTED]
  Subject: RE: ISDN BRI up but does not ping
 [7:2712]
  
  
  Yes i also have used an access-list to prevent
 eigrp
  to initiate call, and it dials on a ping event, as
  shown by the 'deb dialer events'
  
  shoaib
  
  
  --- Albert Lu  wrote:
   Try using debug dialer events to see if the
 dialing
   actually takes place
   when you ping. If the dialer doesn't come up,
 then
   it could be a dialer
   problem. If it does come up, and dialing fails,
 then
   it could be an isdn
   problem.
   
   Albert
   
-Original Message-
From: Shoaib Waqar
 [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 1 May 2001 9:54
To: Albert lu
Cc: [EMAIL PROTECTED]
Subject: RE: ISDN BRI up but does not ping
   [7:2712]
   
   
I have tried dialer profiles, legacy DDR with
   dialer
mao statement and with floating static route
 too,
   but
still same result, could not ping the
 neighbor.
Offcourse there is a dialer-list statement to
   initiate
call:
   
dialer-list 1 protocol ip permit
   
Shoaib
   
   
   
--- Albert Lu  wrote:
 I personally think that using dialer
 profiles
   are
 better than hard coding
 the interface. It is also true that there is
 no
 dialer-list command to dial
 for interesting traffic, and you don't have
 a
   route
 to use the bri interface
 so it wouldn't know when to dial.

 Wouldn't you need a dialer map command for
 interfaces, rather than specify
 dialer string?

 Albert

  -Original Message-
  From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of
  Shoaib Waqar
  Sent: Tuesday, 1 May 2001 6:15
  To: [EMAIL PROTECTED]
  Subject: ISDN BRI up but does not ping
   [7:2712]
 
 
  I am getting trouble in ISDN bri link. I
 have
   a
  Central site Router 3640 with 12.1.8
 IP/IPX
   plus
 IOS.
  the route has 4 port BRI module. The
 remote
   site
 is
  having 2503, all u know that it has 1 port
   BRI.
 remote
  site is running 11.2.1 version of IOS. The
   call is
  placed using simple DDR commands as:
 
  Cisco 3640 Router
  =
  Int bri 2/0
  ip add 130.1.1.1 255.255.255.0
  encap ppp
  dialer idle-timeout 300
  dialer fast-idle 300
  dialer string 
  dialer-group 1
 
  Remote site (2503):
  ===
 
  Int bri 0
  ip add 130.1.1.2 255.255.255.0
  encap ppp
  dialer idle-timeout 300
  dialer fast-idle 300
 
  

RE: Beware of VINCENT CHONG [7:1631]

[Jim Brown]

Hey guys why don't you take this offline. 

Above and beyond the fact this is beyond the scope of this group, I'm fairly
certain you are infringing on somebody's copyright.

-Original Message-
From: Vincent Chong [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 23, 2001 1:00 PM
To: [EMAIL PROTECTED]
Subject: Re: Beware of VINCENT CHONG [7:1631]


1)Is it  Canadian way to trade material?  Change price when they want
to?

2)What a guy, RAM G, agree on selling the solution lab at 50.  When you
paid him 50,
changed his mind, you had to pay 75.  Please see below.

3)I photocopied and well packed material,  who paid for the expense, I
am victim.

4) I  could not receive paypal becasuse paypal do not support
international bank a/c
in some country.  You can check paypal.

5) I will never trade materia to anyone. Only sell or buy.


 
 I purchased 17 lab { USD.210 }scenarios from Solution Labs
 www.solutionlabs.com All the lab does contain answer key.  It is in hard
 copy format.  I am not trying to make profit out of these labs.  I just
want
 to recover minimal cost on these labs.  I am willing to sell all the labs
 for USD.50.  I will make photo copies of 400 Pages document and surface
mail
 to your address. Let me know if it interests you.
 

 RamG   Hello Gang
 
  Just want to keep you all informed on the board not to deal in any form
of
  TRADE {CCIE Material }or BUYING accessories from VINCENT CHONG.  I had a
 bad
  experience today.  We had entered into an agreement to trade CCIE
 materials.
  I sent him soft copy of my materials and requested him to make hard copy
 of
  his material.  The price for hard copy of his material was mutually
agreed
  at USD.22.  I sincerely sent him the money through pay pal. To my
surprise
  he has declined accepting the money and is not interested to send the
  material.  Like a KID he sent me this reply  Quote I will send back
your
  material and I do not want to trade anymore. I will removed from my hard
  disk. Is this the way CHINESE behave.  Surprised.
 
  This is not a complaint.  Beware of this GUY - VINCENT CHONG.
 
 
  Thanks  /  RamG
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=1637t=1631
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CiscoSecure ACS [7:1125]

[Jim Brown]

_c/scprt2/sctacac.htm#xtocid2173216

watch the wrap!

Enable TACACS to Use a Specific IP Address
You can designate a fixed source IP address for all outgoing TACACS packets.
The feature enables TACACS to use the IP address of a specified interface
for all outgoing TACACS packets. This is especially useful if the router has
many interfaces, and you want to make sure that all TACACS packets from a
particular router have the same IP address.

Command: ip tacacs source-interface subinterface-name


-Original Message-
From: Ken Yeo [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 18, 2001 1:10 PM
To: [EMAIL PROTECTED]
Subject: CiscoSecure ACS [7:1125]


Anyone has experience with CiscoSecure ACS?

I have a question:

Under Network Configuration/Network Access Server Ip address, which
internet's ip address you use for the field? I tried loopback, and all
physical interfaces. Only the interface sending packet back to ACS server
work.

There must be a better way, if not there will be no redundancy, what if the
link goes down?

Please advice,

Thanks,
Ken
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=1131t=1125
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sup I IOS Upgrade Will Not Take [7:113]

[Jim Brown]

I thought the 4.5(8) image required 20MB? If not I wasted some money on
memory.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 10, 2001 3:49 PM
To: [EMAIL PROTECTED]
Subject: Sup I IOS Upgrade Will Not Take [7:113]


I'm upgrading my 5000 (Supervisor I WS-X5009) from 2.4(4) to 4.5.(8).  I
checked the IOS size  type before trying to load (4 FLASH  8 RAM), so I'm
pretty confident this part (IOS) is correct.  When I load the image "Life Is
Grand," until the switch reboots to accept the new version.  It seems as
though the new uploaded image has disappeared, the switch comes up in the
old
version.  The new image does not register in the Sho Version  Sho Flash
output.  This is a Sup I, so I cannot point the switch to a particular IOS
version (though it does not appear to be in FLASH) like possible with a Sup
II's.

Any advice is welcome !!!

Thanks Everyone
Phil

PS- here is the Sho Ver

CAT5K shv er

WS-C5000 Software, Version McpSW: 2.4(4) NmpSW: 2.4(4)
Copyright (c) 1995-1997 by Cisco Systems
NMP S/W compiled on Jan 23 1998, 11:54:52
MCP S/W compiled on Jan 23 1998, 12:14:52

System Bootstrap Version: 2.1

Hardware Version: 1.9  Model: WS-C5000  Serial #: 003627851

Module Ports Model  Serial #  Hw Fw  Fw1 Sw
-- - -- - -- --- ---

1  2 WS-X5009   003627851 1.92.1 2.1(4)  2.4(4)
2  12WS-X5213A  006491956 2.01.4 2.4(4)

Module DRAMFLASH   NVRAM   UsedAvailable
-- --- --- --- --- -
18192K   4096K256K 99K  157K

Uptime is 0 day, 0 hour, 22 minutes
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=116t=113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sup I IOS Upgrade Will Not Take [7:113]

[Jim Brown]

The image requires 16MB of memory. The only upgrade SIMM available is a 16MB
module.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/c5krn/sw_rns/78_
5861.htm#xtocid135692

Extracted from link above:

Release 4.x Memory Requirements
These memory restrictions apply when running supervisor engine software
release 4.x:

All of the 4.x Catalyst 5000 family supervisor engine software releases
require a minimum of 16-MB RAM installed on your supervisor engine. All
Catalyst 5000 family supervisor engines with at least 16-MB DRAM fully
support software release 4.x.

-Original Message-
From: Circusnuts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 10, 2001 4:26 PM
To: [EMAIL PROTECTED]
Subject: Re: Sup I IOS Upgrade Will Not Take [7:113]


Just checked my download folder  image 4.5(8) is 2.773 KB.  The CCO had no
minimum memory listed in the download information.  If we were talking
routers, 4 FLASH/ 8 RAM should be enough (even compressed).

Any takers here ???

Thanks
Phil

- Original Message -
From: "Jim Brown" 
To: 
Sent: Tuesday, April 10, 2001 9:07 PM
Subject: RE: Sup I IOS Upgrade Will Not Take [7:113]


 I thought the 4.5(8) image required 20MB? If not I wasted some money on
 memory.

 -Original Message-
 From: Circusnuts [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, April 10, 2001 3:49 PM
 To: [EMAIL PROTECTED]
 Subject: Sup I IOS Upgrade Will Not Take [7:113]


 I'm upgrading my 5000 (Supervisor I WS-X5009) from 2.4(4) to 4.5.(8).  I
 checked the IOS size  type before trying to load (4 FLASH  8 RAM), so
I'm
 pretty confident this part (IOS) is correct.  When I load the image "Life
Is
 Grand," until the switch reboots to accept the new version.  It seems as
 though the new uploaded image has disappeared, the switch comes up in the
 old
 version.  The new image does not register in the Sho Version  Sho Flash
 output.  This is a Sup I, so I cannot point the switch to a particular IOS
 version (though it does not appear to be in FLASH) like possible with a
Sup
 II's.

 Any advice is welcome !!!

 Thanks Everyone
 Phil

 PS- here is the Sho Ver

 CAT5K shv er

 WS-C5000 Software, Version McpSW: 2.4(4) NmpSW: 2.4(4)
 Copyright (c) 1995-1997 by Cisco Systems
 NMP S/W compiled on Jan 23 1998, 11:54:52
 MCP S/W compiled on Jan 23 1998, 12:14:52

 System Bootstrap Version: 2.1

 Hardware Version: 1.9  Model: WS-C5000  Serial #: 003627851

 Module Ports Model  Serial #  Hw Fw  Fw1 Sw
 -- - -- - -- --- ---
 
 1  2 WS-X5009   003627851 1.92.1 2.1(4)  2.4(4)
 2  12WS-X5213A  006491956 2.01.4 2.4(4)

 Module DRAMFLASH   NVRAM   UsedAvailable
 -- --- --- --- --- -
 18192K   4096K256K 99K  157K

 Uptime is 0 day, 0 hour, 22 minutes
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=126t=113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2610 Serial Interface Puzzler

[Jim Brown]

I don't think that module is even supported in the 2600's. Someone correct
me if I'm wrong, but can't you only use the NM-1E or NM-2W, not a NM-1E2W in
the 2600's

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 23, 2001 3:42 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: 2610 Serial Interface Puzzler


Those modules are numbered from right to left, but only includes
installed modules, I believe.  If you had two installed, they would
be--from left to right--1/1 and 1/0.

 "Gareth Hinton" [EMAIL PROTECTED] 3/23/01 2:50:43 PM

Hi All,

Can anybody please explain the following:

I've been messing with a 2600 with an NM1E2W running 12.1(5)T
I put a WIC1T in to slot W0, so this understandably became Serial 1/0.
Powered down, removed WIC1T and restarted then WR MEM so any config for
S1/0
is gone.
Powered down. Inserted WIC1T into slot W1.
This also came up as S1/0 as opposed to what I would have expected
(S1/1).
I had successful connections on S1/0 while WIC1T was in either slot.

I'd be interested to see what happens with two WIC1T's in but had to
get the
router on line before I could get hold of another WIC1T.

Anyone know the reason for this?

Thanks,

Gareth


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html 
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sample CCNA test question..bogus?

[Jim Brown]

I believe the "best" answer, this is always the kicker, is D. We all know we
are searching for the best answer, or the one the test designer thinks is
correct.

It is the only one that is not a broadcast or network address using the /19
mask.

It is a poorly worded question, but we are faced with those on any test.


-Original Message-
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 15, 2001 11:00 AM
To: John Neiberger
Cc: [EMAIL PROTECTED]
Subject: Re: Sample CCNA test question..bogus?


John's right on track here.  When using the /19 notation with 172.16.0.0, 
you're referring to that specific network.  172.16.0.0/19 is not the same 
network as 172.16.64.0/19.
Reading this question a little bit differently, I can see that perhaps 
there is a typo...if the question used a /18 instead of a /19, then answer 
"A" would be correct.
If you want to make answer "D" correct, you either need to rephrase the 
question to "Which one is a valid host using 172.16.64.0/19?" or rephrase 
the question to "Which one is a valid host using 172.16.0.0/17?", which 
would allow for ALL of the answers to be correct.

Craig

At 10:13 AM 3/15/2001 -0700, you wrote:
I disagree.  Valid hosts in 172.16.0.0/19 are:

172.16.0.1 through 172.16.31.255

I guarantee you that any other interpretation will make life miserable
for you eventually, especially in a production environment where you
actually use CIDR or VLSM.  A good example would be if you were running
BGP in a production environment that actually connected to the internet.


Let's say you were Joe's ISP and were assigned 172.16.0.0/19.  This is
*very* specific...you can only advertise 172.16.0.1 through
172.16.31.254.  Most likely, 172.16.32.1 through 172.16.63.254 is going
to be assigned to someone else.  If you followed your logic and
advertise the entire 172.16.0.0/16, you will be getting some nasty phone
calls or nastygrams in your email box.  Companies tend to get a little
upset with you if you start advertising their address block.

In that spirit, I assume when a test question says something as
specific as 172.16.0.0/19 that they *really* mean it.

John

  "Lowell Sharrah" [EMAIL PROTECTED] 3/15/01 9:54:56 AM 
I believe that answer D is correct and here is why

Vaslid hosts in the network 172.16.0.0/19 are as follows

172.16.64.1-172.16.95.254
172.16.128.1-172.16.159.254
172.16.192.1-172.16.223.254
172.16.32.1-172.16.63.265
172.16.160.1-172.16.191.254
172.16.96.1-172.16.127.254
.255 is broadcast

  "John Neiberger" [EMAIL PROTECTED] 03/15/01 11:19AM
 
I think I'll side with those who say there is no correct answer, but
there is an answer that's closer to being correct than the others.
:-)

The question is asking for a valid host in the 172.16.0.0/19 range.
Answer D is not in that range!  It is in the 172.16.64.0/19 network.
Valid host addresses in the 172.16.0.0/19 range are:

172.16.0.1 through 172.16.31.254

I would agree that by making a subtle adjustment to the question,
answer D is the only answer possible.  Given a /19 prefix length, the
only possible host address given in the answers is D, which forces us
to
change the question to fit the answer.

This just appears to be a poorly worded question that not only allows
you to figure out the most-correct answer eventually but also forces
you
to deduce what the actual question is in the first place.  g  In
other
words, it's a typical Cisco test question!

Regards,
John

  "Arthur Simplina" [EMAIL PROTECTED] 3/15/01 8:46:27 AM 
d. 172.16.80.255

This belongs to subnet 172.16.64.0 with host range of 172.16.64.1 -
172.16.95.254.

Arthur


 From: "Bruce" [EMAIL PROTECTED]
 Reply-To: "Bruce" [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Sample CCNA test question..bogus?
 Date: Thu, 15 Mar 2001 15:11:07 +1100
 
 Q. Which one of the following is a valid host using the address of
 172.16.0.0 /19?
 
 a. 172.16.32.0
 
 b. 172.16.64.0
 
 c. 172.16.63.255
 
 d. 172.16.80.255
 
 
 
 Which one and why?
 
 (I say none of them. Am I going mad?)
 
 
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
Get your FREE download of MSN Explorer at http://explorer.msn.com

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




_
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and 

RE: ISDN Simulator

[Jim Brown]

What you have here is a contradiction in terms. There are no cheap
simulators. Black Box sells a simulator that I know nothing about, but they
do offer 20% for you first purchase. This brings the price down around $1700
I think.

If you check the archives, there is mention of a company in Dallas that
resells the every popular Teltone. This is supposed to be one of the cheaper
outlets to purchase this simulator.

I chose the Emutel because of the software reconfiguration of the ports
between S/T and U. I don't think the Teltone does that. The Emutel also is
completely configurable with respect to numbers and such. I think the
Teltone is a fixed number configuration. I'm sure someone will correct me if
I'm wrong. The Emutel is around $2000 and you can purchase them from a
company in San Francisco.

And then there is the Adtran Atlas 550, with modules it is more expensive
than any of the above, but leaves you with unlimited configurations for your
lab. When its time to do PRI, T1, etc. this unit is your man for the job.



-Original Message-
From: nicolas bishop [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 15, 2001 3:01 PM
To: [EMAIL PROTECTED]
Subject: ISDN Simulator



If someone could recommend a good-cheap ISDN simulator it would be greatly 
appreciated.

cheers.
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ccie written

[Jim Brown]

365.25 days

-Original Message-
From: Lopez, Robert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 14, 2001 1:15 PM
To: '[EMAIL PROTECTED]'
Subject: ccie written


After successful completion of the CCIE written exam, is there a time limit
as to when you must take the CCIE lab.  Thanks!

Robert M. Lopez   
Network Planning
Ann Arbor Data Center
Pfizer Global Research  Development




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

WTB: NM-1E

[Jim Brown]

Sorry for posting this here, but I thought is semi-appropriate. This is gear
for my home lab.

I'm looking for an Ethernet module for a 2600 series router and I think this
is the only one that is supported.

I have checked E-bay for a while and there are none to be found.

Can anyone help me out, retail hurts!

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]