RE: Off Topic - CCIE Certification Junkies [7:65499]
I would imagine the 5 CCIE mark has already been obtained. I met someone who was working on their 5th at the end of the summer and I'm sure they have passed by now. Don't forget the article in Packet about Mark Purcell. I'm not sure on the spelling of his name, but he already had 4 and was working on his 5th. -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED] Sent: Saturday, March 15, 2003 10:31 AM To: [EMAIL PROTECTED] Subject: Off Topic - CCIE Certification Junkies [7:65499] With the announcement of the CCIE Voice certification ( a Good Thing, IMHO ) I wonder a couple of things: 1) who will be the first quadruple CCIE? 2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid certifications, making it possible to have more than four? 3) When will the CCIE become just another useless cert in the long history of useless networking certs? NRF - you out there tonight? -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65520t=65499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Last topic for tonight - Soltie's Book [7:64882]
I bet I know which one is damaged. I would put money on the Caslow book. Mine fell apart at the binding in no time flat. Whoever bound the Caslow book did a very poor job. -Original Message- From: Juan Blanco [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 5:53 AM To: [EMAIL PROTECTED] Subject: RE: Last topic for tonight - Soltie's Book [7:64882] Church, I had being eating, drinking, sleeping.Solie, Caslow, Halabi, Parkhurst, Doyle and others books as well for the last two months, and I came to the conclusion that Solie and Caslow book has the same foundation or I will say using the same techniques, both books are great to the point that I may have to buy one of them again because I had used them too many times it is already damage... BTW Jeff Doyle Volume II looks like the continuation of Solie Book (very interesting)... Juan Blanco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of The Long and Winding Road Sent: Monday, March 10, 2003 3:57 AM To: [EMAIL PROTECTED] Subject: Last topic for tonight - Soltie's Book [7:64882] I've waffled on this one before. But lately I've been spending more time with Soltie ( CCIE Practical Studies, Volume 1 ) Previously, I've said the jury is still out on this one. Now that I've given Mr. Soltie his due, I am finding this is a very good book, and well worth considering when choosing CCIE prep books. In fact, if I dare say so, I am finding that Mr. Soltie is much more effective than is Mr. Caslow. Anyone else finding the same? Good night, everyone. Chuck -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64908t=64882 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure Question [7:63941]
You can hardcode the source address of TACACS requests on the routers. This keeps you from needing to define every interface in the TACACS server. The command is ip tacacs source-interface. You can also define network devices in CiscoSecure with wildcards. You could have one entry that maps all routers? If you need more info drop me a line. I've been using it for several years for all my authentication. It isn't cheap but it works great. -Original Message- From: Mossburg, Geoff (MAN-Corporate) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 9:21 PM To: [EMAIL PROTECTED] Subject: CiscoSecure Question [7:63941] All, Does anyone out there have experience with CiscoSecure? I could really use the help! I have over 50 routers that I'm setting up to access through TACACS, and I've been told that I have to make entries in CiscoSecure for every interface on every router to make sure that each router is TACACS accessible from anywhere in the network! Is this true??? Thanks! Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63943t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]-Automat [7:63560]
This is my point exactly. I don't allow my IDS to respond to attacks for the very reason you stated. It could easily force a DoS. I think a lot of people don't take this into consideration. The vendors push automatic response as a sexy feature when it really could be a major nuisance. Let each piece of the puzzle do what it was designed for, no crossover. The D in IDS stands for detection, I didn't install and IDRS. *The R is for response if anyone missed that. I try to use the most cost effective measures in a layered approach to security. Anyone who throws up a firewall and thinks they are secure is usually in for a big surprise. The most cost effective and easy approach to security is just to keep your systems patched! This is simple and would probably fight off 98% of all problems. The SQL Slammer worm is a perfect example. The patch was available months ago! Security is a VERY dynamic process. I use and IDS to help identify problem IPs, what type of attacks do I need to make sure I protected against, and auditing. The problem with an IDS is it can only identify attacks in progress on the wire. An IDS does NOT acknowledge if attacks were successful. This is where the layered approach comes in and the most important piece of the whole puzzle is so basic a clearly defined corporate security policy with teeth. How many individuals realize 80% of all attacks and problems are not from external threats but from employees? I take security very seriously. I worked for a company once who was about to throw up an E-commerce site that generated $1.5M the first year behind a Microsoft Proxy Server. I had to scream, complain, and scare the hell out of the executives before the coughed up the bucks for an adequate security implementation. An IDS is a tool, a mere piece of the security pie. NEVER put all of your security eggs into one basket or there sure to get cracked. That's pretty catchy. I need to remember that one. -Original Message- From: Carroll Kong [mailto:[EMAIL PROTECTED] Sent: Saturday, February 22, 2003 8:35 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461]-Automated IDS [7:63557] I cut out some of the other messages to concentrate on one issue, automated IDS responses. If your automated IDS responses result in a automated packet filter of any sort, I think you are doing yourself a disservice. You might stop some kiddies, but you are just leaving yourself wide open to professionals who can DoS you very easily. I suppose if everyone just started filtering at the edge to help prevent spoofing, but alas, that is not the reality of today's networks. It should be trivial for the attacker to DoS your systems beyond compare. For example, what if he spoofs a trusted host? Now your trusted host cannot have access anymore. Ok, so what if you have exceptions for the trusted host? Now he has a host worth spoofing for, DoS trusted host, assume trusted host's identity. Easier said than done and you can mitigate the risk with stuff like mac address port locking, anti-spoofing acls, but just to give you some ideas that automated IDS responses can be particularly dangerous. Not even factoring the possibility you can lose accessibility to many systems, but most firewall products have some pitiful limitations (one can easily blow out any stateful firewall), and you can be assured your acls will grow to be so big your firewall just might keel over. I hope you got default-closed systems. ;) But I suppose it won't matter at that point, your network will be down, or your IDS might be filled with so much garbage that you might not see the real attack come through for your forensics team to discover which hosts have been compromised. Come on now, the slammer worm? If you are security conscious this shouldn't have had any effect on you. Microsoft released a patch last summer. Security is a best effort solution. It is about layers and maintenance. You cannot eliminate risk, you can only reduce risk. An IDSs responsibility is to pick up attacks on the wire, not prevent them. I personally don't believe in allowing my IDS to respond to an attack. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albert Lu Sent: Friday, February 21, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL
RE: ISS Real Secure Vs Cisco IDS [7:63461]
Come on now, the slammer worm? If you are security conscious this shouldn't have had any effect on you. Microsoft released a patch last summer. Security is a best effort solution. It is about layers and maintenance. You cannot eliminate risk, you can only reduce risk. An IDSs responsibility is to pick up attacks on the wire, not prevent them. I personally don't believe in allowing my IDS to respond to an attack. -Original Message- From: cebuano [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 8:22 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Albert, Very good point. Which brings me to this question - how can one measure the security of a network? It almost always is an after-the-fact response whichever vendor you choose. As you pointed out in your example regarding the slammer virus, have you heard any vendor claiming immunity from this? Is detecting synonymous with preventing? I'm also interested in this topic due to the fact that the pricing structure from almost ALL the major players in the IDS/Firewall market is astronomical. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Albert Lu Sent: Friday, February 21, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Troy, Must be some secure site, reason I was interested is that I had a discussion with someone else before in regards to multi-vendor IDS solutions and how effective they might be. So if you mostly rely on manual action, and an attack came in after hours, how quickly can you respond to your alerts? Since for some attacks, a half hour response time could cause your site to be down (eg. slammer virus). If that was the case, even if you had all the vendor's IDS, it will be useless. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 10:57 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] As with most things, you need to way up costs againts your requirements. IN our case, security is absolutely essential, so having a multivendor security solutions (and indeed fully redundant) is costly, but we see it as justified. With regards to action during attacks etc. We mostly rely on manual actions as we dont want to inadvertently block legitimate traffic (for example if an attack came from a spoofed IP). For automatic action, you can make use of Ciso Policy manage, which has the ability to dynamically rewrite ACL's, on Pix's, Routers, and indeed Cat's. according to data from IDS. So for example, if you where really paraniod (like we are),. you could have pix's as the first firewall, with IDS on the inside / dmz etc (using IDSM or standalone IDS), tie these together with Policy manager .. then taking a further step into your network, a set of Nokia Fw1 NG, along with further Nokia IDS solutions on the inside, and tied together using the enterprisef software! Albert Lu wrote: Hi, I'm just curious about your multi-vendor solution. It must cost quite alot in order to have 3 IDS running. What about redundancy, if you are using dual switch/router/fw/ids, you would have a total of 6 IDS. Being able to detect attacks with multiple IDS is one thing. What action can it take once the IDS detects an attack? Logging it into the syslog server is not enough. Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, February 21, 2003 7:53 PM To: [EMAIL PROTECTED] Subject: RE: ISS Real Secure Vs Cisco IDS [7:63461] Hi Sean, I currently use Cisco IDSM (IDS module for the Cat6500), Nokia IDS, and Snort on the server themselves. You can never be paranoid enough about these sort of things. Each vendor has different exploits etc, so by implementing a multi vendor path to your critical servers, you protect yourself from any signle vendor specific exploit! Sean Kim wrote: Hello all, My company is thinking about installing an IDS (dedicated appliance type) for our network. As far as I know, the Real Secure and the Cisco IDS are two biggest names out there. So I checked out the documents and white papers provided by the each company, but I couldn't really come up with what the differences are between them, and which one is better suited for our network. Can anyone voice their opinion about these two IDS? Thanks, Sean Kim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63548t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Checkpoint NG trial licence needed [7:62823]
Unless you have a relationship with a reseller they will charge you $100 for an evaluation license and media. I have a few extra licenses. I would be willing to give you one. The evaluation licenses are only good for 30 days. If this works for you, drop me a line. -Original Message- From: Chris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 2:04 PM To: [EMAIL PROTECTED] Subject: OT: Checkpoint NG trial licence needed [7:62823] Hi all I know it's OT but I hope some of you have a clue for this. Where from I can get a trial license for Checkpoint NG ? I already asked this question on their news site but now answer (it was the second posting). I don't understand how can u get certified unless you take the training. Thank you in advance Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62828t=62823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kismet [7:62376]
A completely passive attack can capture data and derive a WEP key without an association. This is the real issue with WEP encryption and wireless networks. A wireless network card and AirSnort or Ethereal will get you the same result. -Original Message- From: s vermill [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 2:03 PM To: [EMAIL PROTECTED] Subject: RE: kismet [7:62376] Priscilla Oppenheimer wrote: Sitting in a class. It would be very cool if someone answered this before the class got out!? :-) Is it really true that Kismet can sniff packets on an 802.11 wireless network, even if you have the access point set up to require login/authentication. (assume the hacker doesn't know a login) From what I know about access points, the hacker would fail to associate with the access point, and hence could not see traffic. Thanks, Priscilla If I understand the question, I don't see why a wireless sniffer would need to associate to an AP. It's pulling data off the airways similar to a NIC in promiscuous mode on a hard-wired network. Unless the data is encrypted, it's available to any wireless sniffer. Sort of like a police scanner. But I sense there is more to the question... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62387t=62376 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Too much Security Overkill on wireless network??? [7:62010]
I'm testing this very scenario at the moment. Just force the use of EAP and turn off Open and Shared authentication. I would probably pick (LEAP/PEAP + (BKR or TKIP)) or IPSEC. Although the IPSEC-only route wouldn't afford you the ability to deny surfing from the DMZ. EAP locks down the network access except for authenticated users. IPSEC might be overkill on top of PEAP. You could use PEAP to protect unicast transmissions and Broadcast Key Rotation to protect multicast/broadcast traffic. The broadcast key is securely transmitted to the client during the EAP authentication process. I will be forced to use LEAP instead of PEAP at the moment because of some CE devices, but the process is exactly the same except PEAP is slightly more secure. Can someone, Mas, please let me know if I need to enter in a WEP transmission key when using EAP and Broadcast Key Rotation? I know I need to turn WEP on, but I think I can just leave out the key and specify the length. Is this right? The documentation isn't very clear. -Original Message- From: 910T [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 11:53 PM To: [EMAIL PROTECTED] Subject: Re: Too much Security Overkill on wireless network??? [7:62010] Eric, Sorry to pile it on, but the error correction in an 802.11 wireless radio transmission also takes up almost half the throughput right off the bat (11 Mbit/s becomes about 6.5 Mbit/s net, best case). Perhaps SSH, SSL and EAP/WEP are superflurous when used with IPSec, but I would imagine that you need SSH and SSL to support users coming in from the outside, or perhaps as an additional level of protection for individual users of sensitive applications from those with general network access (most attacks come from within...). Typically, WEP is done in hardware, so theoretically, there shouldn't be any overhead if that is the case. But if you want to eliminate it, why not use force the use of EAP for wireless admission control but leave WEP off? (I think you can either not enter a key at all or enter one and then select 'No Encryption.) Regards, Mas Kato https://ecardfile.com/id/mkato - Original Message - From: eric nguyen To: ; Sent: Thursday, January 23, 2003 8:51 AM Subject: Too much Security Overkill on wireless network??? Hi, I have assigned the task of setting up a wireless network for my company and I am wondering that I use too much security for the wireless. Currently, I am setting a test wireless network for about 5 users. Eventually, this network will have about 50 users. My set up is as follows: 1) The wireless network is sitting on the DMZ network. This DMZ network is hang off an interface of a pix firewall (Pix-525). Wireless users are required to use Protected Extensible Authentication Protocol (PEAP) in order to log onto the wireless DMZ network. 2) In order to access the company iternal network which hang off the inside interface of the pix firewall, wireless users must use Cisco VPN Client IPSec to establish a secure VPN tunnel between their device and the Pix firewall. 3) After succesfully establish the VPN tunnel between the wireless device and the Pix firewall, wireless can only access the company internal network applications via SSL, SSH, POP3s and IMAPs. I have a few users that tunnel X-application via SSH connections. Applications such as POP3, telnet and IMAP are not allowed from the DMZ network into the company internal network. So far the test is going well. However, my concern is that this will not scale well for a large number of wireless users. For example, let say for SSH connection, the traffic is encrypted by SSH. Below that, it is encrypted via IPSec. Finally, it is encrypted by PEAP. I've not done any analysis yet but it is possible that 50% of the traffic is just overhead traffic for encryption. Anyone has successfully implemented a secure wireless network on large scale? I would like to get your advise on this. I have to present a recommendation to my CTO in a next few days. By the way, my company did hire a CCIE security consultant to work with me on this project; however, this CCIE security is a f_cking moron. Not only he doesn't know anything about PEAP, but he even suggested that we use Cisco LEAP because LEAP is much more secure than PEAP. After he couldn't get PEAP to work, the SOB suggested that we switch to Cisco LEAP. When we don't want to use Cisco LEAP, he suggested that we just use shared (aka STATIC WEP) authentication because we are using IPSec and Secure applications to access the company internal network anyway. The problem with this idea is that once wireless users are on the dmz wireless network, they can surf the Internet without restrictions. I don't want strangers (if they get a hold of the STATIC WEP KEY) to use my company bandwith to use the Internet. I want PEAP because it is safe and secure. I am also testing EAP-TTLS but haven't had much luck with it. I am sure
RE: Microsoft Exchange/UMS and Firewall [7:61747]
Does your checkpoint licensing support VPN? If so it is very easy to build a secure tunnel between sites that is encrypted. If you send me the feature portion of the licensing string I can tell you if it supports encryption. -Original Message- From: Arnold, Jamie [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 10:18 AM To: [EMAIL PROTECTED] Subject: RE: Microsoft Exchange/UMS and Firewall [7:61747] Exchange will use 135 to discover (portmapper) and then use dynamically assigned ports for the actual conversations. Your best bet is to statically map the ports in Exchange and then you don't have a moving target from the firewall point of view. http://support.microsoft.com/default.aspx?scid=kb;EN-US;155831 http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b194952 The other option (not a good one IMHO) is to open 135 only to the Exchange host and then leave a range of ports open to that host as well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 9:04 PM To: [EMAIL PROTECTED] Subject: Microsoft Exchange/UMS and Firewall [7:61747] Hi All, Need your advice on the following situation: I have a Active Voice Unified Messaging System on Location A, and a Microsoft Exchange Server at Location B. Both Location A and B are protected by Checkpoint firewall. Please advice how the firewall be configured such that it will allow MAPI to be used between these two sites. Thanks a lot in advance! Maurice Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61825t=61747 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Export Control with 3DES encryption [7:60573]
Here is a link to the BXA page about exporting encryption. They way I read it, and applied it, is you don't need permission or registration to use 3DES in countries except in countries labeled as terrorist countries or if you organization falls into the terrorist category. If you are sending commercial software to U.S. companies and their subsidiaries for internal company use it is just fine with the U.S. Government. As far as I can tell site-to-site VPN's fall into this category as well as VPN remote access by employees, interns, or contractors. I think we have some ex-lawyers on the list and would be very interested in their interpretation. If I'm incorrect, I've got a very big problem and would like to correct it as soon as possible. Feedback encouraged. http://www.bxa.doc.gov/Encryption/EncFactSheet6_17_02.html U.S. Department of Commerce * Bureau of Industry and Security Office of Strategic Trade Foreign Policy Controls Information Technology Controls Division COMMERCIAL ENCRYPTION EXPORT CONTROLS License Exception ENC eligibility for equipment controlled under ECCN 5B002 The new rule clarifies that test, inspection and production equipment controlled under ECCN 5B002 is eligible for export and reexport to U.S. subsidiaries, government and non-government end-users in the European Union (plus the eight additional countries) and non-government end-users in all other countries (except in Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria) under the provisions of License Exception ENC. Certain encryption items may be exported and reexported without review or notification This rule clarifies that, when a license is not otherwise required, no review or notification is required to export or reexport the following: 1. Encryption items (including technology and source code) to U.S. companies and their subsidiaries (except exports and reexports to subsidiaries located in designated terrorist supporting countries, and encryption technology or source code to foreign nationals of these countries) for internal company use, including the development of new products by employees, contractors and interns of U.S. companies. Exporters are referred to Section 734.2 of the EAR for applicable definitions of export and reexport that apply to encryption source code and technology. (The encryption products that are developed using these items are subject to the EAR and require review before they are sold or transferred outside the company.) -Original Message- From: Thomas N. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 8:51 AM To: [EMAIL PROTECTED] Subject: Re: Export Control with 3DES encryption [7:60573] Thank you very much! This page bring me directly to the registration page. However, I am wondering if I register with Cisco or with some government organization? If I register with Cisco link below, will they automatically submit it to certain government organization? Thanks much! Thomas The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... yes, here is a link on the Cisco web site: http://www.cisco.com/cgi-bin//Software/Crypto/crypto_main.pl this should get you started. HTH -- TANSTAAFL there ain't no such thing as a free lunch Thomas N. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I plan to buy VPN routers, ship them to Japan then deploy VPN between Cisco routers using 3DES encryption between Japan and U.S. for my company. Do I need to register with the government or certain organization? How the process work? Also, where can I find a list of countries allowed to export 3DES products to? Thanks All in advance! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60737t=60573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ACS Authentication/Auth/Accounting [7:59393]
The ACS server should have some error report in the logs if the router is contacting it. It sounds like the response is so quick, the ACS server isn't doing a lookup. Have you nailed down the interface the router should use as the source address for contacting the ACS server. If not, the router could be contacting the ACS server and the ACS server is rejecting the request because it is undefined. The router could have multiple interfaces and is using the wrong one as the source. -Original Message- From: Amer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:30 PM To: [EMAIL PROTECTED] Subject: ACS Authentication/Auth/Accounting [7:59393] Okay I've got my login authentication, authorization and accounting working on most of my switches and router through a ACS (TACACS+). But I have this one router that gives me an % Error in authentication message as soon as I put in my username. It doesn't even allow me to put in a password. The only way I can get into it is through the local account that I have created on it. I've checked a similar router (same IOS, exact same configuration), and it works okay so what can I look for to troubleshoot this problem?? Thanks in advance. Here is the config on the router: aaa new-model aaa authentication login default local tacacs+ aaa authentication enable default enable tacacs+ aaa authorization exec default tacacs+ local aaa authorization network default none aaa accounting update newinfo aaa accounting exec default start-stop tacacs+ aaa accounting commands 15 default start-stop tacacs+ aaa accounting network default start-stop tacacs+ P.S. Does anyone know of a way to filter out the commands that can be accounted for at the ACS? At the moment, the accounting is working a great but it accounts for every command that's put it. I have an access list on one of my router that is about 150 lines long and gets modified constantly and every command is accounted for in the ACS Accounting. I'm trying to see if there's a way to filter out that particular access-list and not account for it everytime. Thanks again. Amer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59404t=59393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504]
The image is working on other 3662 routers, but do are they the EXACT same configuration. Do they all have exactly the same network modules and WIC cards in them? Are all of the module and cards the same code revision? I would try a different version of the IOS. -Original Message- From: Hamid Ali Asgari [mailto:[EMAIL PROTECTED]] Sent: Sunday, October 13, 2002 11:21 PM To: [EMAIL PROTECTED] Subject: Re: FW: URGENT: WRONG IOS-Problem booting a 3662 [7:55504] As I told ALL the images I used, are currently working on other 3662 routers Hamid 3660 uses different ios then the rest of 3600 family. Seem like you have ios for the wrong platform -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hamid Ali Asgari Sent: Sunday, October 13, 2002 5:04 PM To: [EMAIL PROTECTED] Subject: URGENT: WRONG IOS-Problem booting a 3662 [7:55504] Hi group, I have a Cisco 3662 router with 128 of RAM and 16 Mb of flash memory. The problem is that I cannot make the router boot !!!. Each time I boot the router I get the folowing error. I don't know why this error is displayed. I have tried replacing the IOS several times. I have repleaced the flash memory but still it doesn't work. Does it have anything to do with Smart Init? I don't know what it is and how it can be disabled Any input would be welcome, Thanks, Hamid PS: The IOS that I have tested are currently running on other 3662s. * System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. C3660 processor with 131072 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled program load complete, entry point: 0x80008000, size: 0xc26c18 Self decompressing the image : ###! ### [OK] Smart Init is enabled smart init is sizing iomem IDMEMORY_REQ TYPE B3 0X0009FC00 Dual Port Fast Ethernet 6F 0X00012580 Sixteen port A/D Modem 6F 0X00012580 Sixteen port A/D Modem 0X0028 OIR memory 0X0010A6F8 public buffer pools 0X00211000 public particle pools TOTAL: 0X0065FDF8 If any of the above Memory Requirements are UNKNOWN, you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 7Mb. Using 5 percent iomem. [7Mb/128Mb] Wrong system software for this hardware System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. C3660 processor with 131072 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled PCMCIA Slot0: No Card Present System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. C3660 processor with 131072 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled PCMCIA Slot1: No Card Present System Bootstrap, Version 12.0(6r)T, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. C3660 processor with 131072 Kbytes of main memory Main memory is configured to 64 bit mode with parity disabled Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4t=55504 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Route-map question (urgent) [7:54910]
Port Address Translation. -Original Message- From: Harold Monroe [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 10:56 AM To: [EMAIL PROTECTED] Subject: RE: Route-map question (urgent) [7:54910] This is something I've been wondering about also. As I understand it when you set ip next-hop it forces the packet to go out a particular interface. How about if you want the destination address changed for a particular type of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP server. For example, if you have only one Public IP Address and if HTTP comes in you want its destination address changed to 192.168.1.10, if FTP change its destination address to 192.168.1.20 -Original Message- From: Stefan Razeshu [mailto:[EMAIL PROTECTED]] Sent: Monday, October 07, 2002 4:16 AM To: [EMAIL PROTECTED] Subject:Re: Route-map question (urgent) [7:54910] I think the response for this question is: The access list: access-list 101 permit tcp any eq www any !-you need to detect your incoming www traffic. !-You can use also your network address for the first any. !-route map statement route-map http_access permit 10 match ip address 101 set ip next-hop 10.10.10.141 The policy map statement need to be place on the interface that is facing your network not to the interface near by the host 10.10.10.141. Regards, Stefan PS. I think we need to help each other not to give life lessons. It is a Cisco study list not the church. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55012t=54910 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Confused about MTU size [7:54689]
I belong to the CheckPoint list server and a very similar discussion is happening over there referencing Outlook over a VPN between CheckPoint firewalls. Could this problem be related to Tunnel overhead and packet fragmentation? I think this might be a problem with Microsoft's implementation of the TCP/IP stack and large packets over 1500 MTU. Outlook might not be very happy with fragmentation. There is a registry setting for the end station that forces the MTU to 576 for any packets not destined for the local subnet. This is cut and pasted from http://support.microsoft.com/default.aspx?scid=kb;EN-US;q314053 EnablePMTUDiscovery Key: Tcpip\Parameters Value Type: REG_DWORD - Boolean Valid Range: 0,1 (False, True) Default: 1 (True) Description: Setting this parameter to 1 (True) causes TCP to attempt to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. Fragmentation adversely affects TCP throughput and network congestion. Setting this parameter to 0 causes an MTU of 576 bytes to be used for all connections that are not to computers on the local subnet. EnablePMTUBHDetect Key: Tcpip\Parameters Value Type: REG_DWORD - Boolean Valid Range: 0,1 (False, True) Default: 0 (False) Description: Setting this parameter to 1 (True) causes TCP to try to detect Black Hole routers while doing Path MTU Discovery. A Black Hole router does not return ICMP Destination Unreachable messages when it needs to fragment an IP datagram with the Don't Fragment bit set. TCP depends on receiving these messages to perform Path MTU Discovery. With this feature enabled, TCP will try to send segments without the Don't Fragment bit set if several retransmissions of a segment go unacknowledged. If the segment is acknowledged as a result, the MSS will be decreased and the Don't Fragment bit will be set in future packets on the connection. Enabling black hole detection increases the maximum number of retransmissions performed for a given segment. Anyone willing to modify their end station to force an MTU of 576 and discovery of blackholes and report the results. It would be most insightful to see the pre and post registry network sniffer traces of Outlook traffic. I don't have time now, but I think this could be the issue. I think it may be an end station problem. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 7:58 PM To: [EMAIL PROTECTED] Subject: Re: Confused about MTU size [7:54689] I had the same issue with outlook, its real slow when accessing Imap mail. I set the MTU, adjusted other things, etc..nothing seems to fix this issue for me. I set up Netscape 6.2x messenger/mail. Installed the mail client for Imap mail, and it works fine...sometimes it hangs for a second or two, but not anything like outlook Larry Creighton Bill-BCREIGH1 wrote: I may be way out of line, but there aren't any access lists which may be prohibiting the IMAP ports used by exchange, are there. I ran into a config mess with DMZ's and access lists for a beta product test once. And that was what we saw - all worked (http, proxy, etc.) but Exchange was gone. Turned out to be some Checkpoint and access-list tweaking. -Original Message- From: JohnZ [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 5:43 PM To: [EMAIL PROTECTED] Subject: Re: Confused about MTU size [7:54689] Thanks Priscilla, I definitely don't mind even if it was criticisim especially coming from some one of your caliber. Thank you for the pointers and I will do some more deligant troubleshooting. And yes Mike it is outlook that refuses to work properly. There is no problem browsing, home user is able to copy files of all sizes with out any problems. We can ping the email server from the user's workstation heck I am even pc-anwhered into his machine. But as soon we start outlook it just hangs. I will further investigate the router's config although it's using a template that's working elsewhere under different service provider without a hitch. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I agree that it doesn't sound like an MTU problem. There are often problems with MTU when DSL, VPNs, tunnels, etc. are used, so people might jump to that conclusion. But e-mail messages are often very short and would easily fit into most MTUs even after overhead. To test whether it's an MTU problem, try some oversized pings. The MTU issue occurs when a full-sized packet arrives at an interface that needs to squeeze it into an MTU along with the overhead. The interface could fragment, but maybe the application or transport layer set the Don't Fragment bit. Quite a few applications do that as part of their MTU discovery process. The problem is made
RE: How to force a new DR? [7:54810]
Try 'clear ip ospf proc' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 10:06 AM To: [EMAIL PROTECTED] Subject: How to force a new DR? [7:54810] Hello friends, I have a question for you, maybe you can help me... Suppose that I have an Ethernet segment with some routers speaking OSPF, one of them is the DR and other is the BDR. Suppose that I add a new router to the Ethernet segment. I know that this doesn't start a new ellection of DR or BDR process, (the normal way is that when the DR fails, the BDR takes its place and one new BDR is ellected). Now suppose that I want the new router be the DR... How can I force this?? I know that I can force the priority in the election process (ip ospf priority command), but I am not sure that changing this priority will start a new election. Must I shut down the DR and BDR routers in order to force a new DR and BDR?? I don't think so Best regards. Miguel Angel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54812t=54810 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Aggregation in IOS 12.2 [7:54528]
Elmer, The way I read your config. You have enabled a single interface with EIGRP routing, interface loopback17 of network 192.168.199.0/24. You are redistributing all of EIGRP into BGP which only includes this one network. You are aggregating 192.168.192.0 255.255.248.0. The aggregate address needs a minimum of one network in the aggregate address range to advertise the supernet and more specific underlying routes. The BGP table is exactly right as far as I can tell. The only networks that should appear are the networks redistributed from EIGRP, 192.169.199.0/24, and the aggregate, 192.168.192.0/21, which is using the previous /24 network for its very existence. You must enter EACH of the loopbacks under the BGP process using 'network 192.168.192.0 mask 255.255.255.0', 'network 192.168.193.0 mask 255.255.255.0'. The mask statement is not necessary in this case, I just always use it for consistency. It is a personal preference. The mask statement is only necessary for networks outside their classful boundary. The other alternative is to include all of the loopbacks under the EIGRP process and have them redistributed into BGP which you already have setup, but currently you are only redistributing a single /24. If you want them all to appear, you need to either enter them under the BGP process with a network statement or redistribute them from EIGRP. The route-map you have included in the configs looks like you are planning on only advertising a subset of the more specific /24 routes. You should look at the suppress-map option under the aggregate address command as well as distribute list under the interface or neighbor statement. All three of these would accomplish the same result. -Original Message- From: cebuano [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 29, 2002 11:34 PM To: [EMAIL PROTECTED] Subject: BGP Aggregation in IOS 12.2 [7:54528] Hi all. Has 12.2 changed in that when you do an aggregate-address the configured router only shows the aggregate route and not include the more-specific ( or aggregatED ) routes? Here's what I got... This config is supposed to allow me to advertise both the aggregate and more-specific routes. But if this has changed then i'll have to think of another solution... Thanks. Elmer Stowe-2504#s ! interface Loopback10 ip address 192.168.192.1 255.255.255.0 ! interface Loopback11 ip address 192.168.193.1 255.255.255.0 ! interface Loopback12 ip address 192.168.194.1 255.255.255.0 ! interface Loopback13 ip address 192.168.195.1 255.255.255.0 ! interface Loopback14 ip address 192.168.196.1 255.255.255.0 ! interface Loopback15 ip address 192.168.197.1 255.255.255.0 ! interface Loopback16 ip address 192.168.198.1 255.255.255.0 ! interface Loopback17 ip address 192.168.199.1 255.255.255.0 ! interface Serial0 bandwidth 64 ip address 192.168.1.254 255.255.255.252 ! router eigrp 100 network 192.168.199.0 ! router bgp 100 aggregate-address 192.168.192.0 255.255.248.0 redistribute eigrp 100 neighbor 192.168.1.253 remote-as 200 neighbor 192.168.1.253 send-community neighbor 192.168.1.253 route-map community out ! access-list 101 permit ip host 192.168.192.0 host 255.255.248.0 route-map community permit 10 match ip address 101 set community none ! route-map community permit 20 set community no-export ! Stowe-2504#sh ip bgp BGP table version is 9, local router ID is 192.168.199.1 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 192.168.192.0/21 0.0.0.032768 i * 192.168.199.00.0.0.0 0 32768 ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54533t=54528 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: unusual BGP question. [7:54429]
The original requirement stated you could not modify the AS path or local preference. The MED is the method used to communicate preference to another AS. There is no requirement that the MED can only be set outside of the current AS, you can modify the MED attribute anywhere you like. -Original Message- From: suaveguru [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 29, 2002 1:31 AM To: Jim Brown; [EMAIL PROTECTED] Subject: RE: unusual BGP question. [7:54429] I have the impression that MED is only for outbound traffic . For inbound traffic try prepending the routes that you do not wish to use for the priority path . And the routes will automatically follow the path that has no prepend correct me if I am wrong suaveguru --- Jim Brown wrote: What about modify the MED of the route? -Original Message- From: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: unusual BGP question. [7:54429] Hello, Anyone any thought on the following lab Im working on, AS 1 and AS2 are connected to AS3 via EBGP as well as each other. (Triangular fashion) AS1 and AS2 both originate and advertise the network 81.0.0.0/8 in to EBGP to AS3 Objective: Ensure that AS3 routes to 81.0.0.0/8 via AS 1. Local preference or AS-path attributes may NOT be modified. I'm thinking to do this, to use policy routing, or is there another way to deal with a situation like this. Any help appreciated. Kind regards. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * [EMAIL PROTECTED] __ Do you Yahoo!? New DSL Internet Access from SBC Yahoo! http://sbc.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54480t=54429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: unusual BGP question. [7:54429]
What about modify the MED of the route? -Original Message- From: Casey, Paul (6822) [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 28, 2002 9:51 AM To: [EMAIL PROTECTED] Subject: unusual BGP question. [7:54429] Hello, Anyone any thought on the following lab Im working on, AS 1 and AS2 are connected to AS3 via EBGP as well as each other. (Triangular fashion) AS1 and AS2 both originate and advertise the network 81.0.0.0/8 in to EBGP to AS3 Objective: Ensure that AS3 routes to 81.0.0.0/8 via AS 1. Local preference or AS-path attributes may NOT be modified. I'm thinking to do this, to use policy routing, or is there another way to deal with a situation like this. Any help appreciated. Kind regards. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54468t=54429 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
If you enter an IPX commands before you define the node address manually, it will use the highest mac address on Ethernet interface regardless of the node address manually entered. To reset the router, you must remove all IPX commands, remove the ipx routing command, and reboot the router. The very first command after the reload should be the ipx routing 2.2.2 command, then all will be well. -Original Message- From: Mike Martins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 6:07 PM To: [EMAIL PROTECTED] Subject: RE: IPX ID [7:53989] I got the IPX network going between all routers, over frame relay etc etc no problem. On the frame-relay map statements (opposite sides) I mapped to the IPX/MAC address that the router had elected. Everything works, no worries. I am not doing anything different, all routers were running default IPX RIP, now disabled and all running IPX EIGRP. I dont know why one router accepts a manual statement and another decides it has got its own agenda. I tried shutting down all interfaces, deleting IPX Routing and re entering a manual x.x.x. It remains stubborn. I will spare you the configs, unless you wanna sift through trunks and tunnels and exiting stuff like DLSW and a few of my improvized ISDN configs. When I started with the IPX early this evening I did not have much config on the routers anyway. It is just a point of interest really, someone must know the answer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54027t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPX ID [7:53989]
On second thought, it might just require a reload after you add the ipx routing 2.2.2 command to force the router to use the manual address after it has picked up an interface mac address. -Original Message- From: Jim Brown Sent: Tuesday, September 24, 2002 9:49 PM To: 'Mike Martins'; [EMAIL PROTECTED] Subject: RE: IPX ID [7:53989] If you enter an IPX commands before you define the node address manually, it will use the highest mac address on Ethernet interface regardless of the node address manually entered. To reset the router, you must remove all IPX commands, remove the ipx routing command, and reboot the router. The very first command after the reload should be the ipx routing 2.2.2 command, then all will be well. -Original Message- From: Mike Martins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 24, 2002 6:07 PM To: [EMAIL PROTECTED] Subject: RE: IPX ID [7:53989] I got the IPX network going between all routers, over frame relay etc etc no problem. On the frame-relay map statements (opposite sides) I mapped to the IPX/MAC address that the router had elected. Everything works, no worries. I am not doing anything different, all routers were running default IPX RIP, now disabled and all running IPX EIGRP. I dont know why one router accepts a manual statement and another decides it has got its own agenda. I tried shutting down all interfaces, deleting IPX Routing and re entering a manual x.x.x. It remains stubborn. I will spare you the configs, unless you wanna sift through trunks and tunnels and exiting stuff like DLSW and a few of my improvized ISDN configs. When I started with the IPX early this evening I did not have much config on the routers anyway. It is just a point of interest really, someone must know the answer. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54028t=53989 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dialer interfaces vs. dialer maps question to ponder [7:53467]
I think you can do anything with dialer interfaces that you can do with legacy DDR, but the inverse is not true. -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 10:45 PM To: [EMAIL PROTECTED] Subject: OT: Dialer interfaces vs. dialer maps question to ponder [7:53457] OK, A Question to ponder. Can anyone think of a reason of why someone would NOT user dialer interfaces, as apposed to using legacy DDR , beside IOS support, and the political just because we want legacy DDR ? I'm just trying to reason why someone would use legacy DDR and I can't think of a reason to use it. Is there some configuration that is only supported by legacy DDR commands? Just a little late night pondering before bedtime... Thanks Larry Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53467t=53467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550 EMI [7:52430]
Make sure you can enter some commands under the BGP process. Just defining the process in the config doesn't mean the IOS supports it. -Original Message- From: Dan Penn [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 31, 2002 1:56 AM To: [EMAIL PROTECTED] Subject: RE: 3550 EMI [7:52430] Just tried it out: Switch(config)#router bgp 1 Switch(config-router)# Yep, this version has BGP, doesn't have IS-IS yet. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Eric Rogers Sent: Saturday, August 31, 2002 12:13 AM To: [EMAIL PROTECTED] Subject: 3550 EMI [7:52430] A new IOS has just been released for the 3550 - 12.1.11.EA1. Looks like it came just in time for the new lab format too. Will this have BGP? What else will this have? The documentation has not been posted yet. Just in time to practice for the weekend anyhow. In any event it looks like the lab will be moving from 6 to 8 full routers come Nov. -Eric Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52442t=52430 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No longer 4 digits [7:52146]
First number assigned to a candidate was 1025. When we hit 11025 their will be 10,000 candidates not including people who didn't recertify. -Original Message- From: Reza Sharifi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 27, 2002 11:20 AM To: [EMAIL PROTECTED] Subject: RE: No longer 4 digits [7:52146] Is that because there are more than 1 CCIE,s?. Reza Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52149t=52146 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Cable for lab? [7:51651]
You probably won't be able to pass the lab without practice on a simulator or the real thing. -Original Message- From: Robert D. Cluett [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 1:10 PM To: [EMAIL PROTECTED] Subject: Re: ISDN Cable for lab? [7:51651] is it really worth it? Johnny Routin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... No, you need an isdn simulator. -- Johnny Routin Robert D. Cluett wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can a straight through cat 5 cable be used for ISDN connectivity in a lab (between 2 2503's)? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51660t=51651 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bandwidth allocation problem [7:51565]
This is the whole concept behind frame relay. The provider oversubscribes the network and this is your port speed, your CIR is the guaranteed amount even during times of congestion. Airlines do the same thing, the sell more seats on flights than they actually have. Welcome to oversubscription. Take a look a CBWFQ, this might be a solution to your problem. Clients can use all the bandwidth until the link reaches capacity, then bandwidth is scaled back defined limits. Look for QOS mechanisms that only take affect during congestion. -Original Message- From: Deepak Achar [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 17, 2002 7:46 AM To: [EMAIL PROTECTED] Subject: bandwidth allocation problem [7:51565] hi all i have doubt Suppose we have a leased line of 2MB bandwidth between say India and US. The link is carrying more than 5 clients, using the concept of Multiplexer. The question is if a client is allocated a bandwidth of 512k out of 2MB, is it possible to use a part of the bandwidth which is allocated to client when that client is not using the whole bandwidth. but this bandwidth adjustment should not be known to the client. If the client's traffic reaches the whole bandwidth, he should be given the whole bandwidth. suppose client is using only 256k out of 512k which is allocated to him. is it possible to allocate the remaining 256k to other purpose. if yes how can it be done. once the client traffic reaches 512k, the bandwidth which was taken from the client should be freed dynamically. thanks deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51578t=51565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE WORTH IT? [7:50941]
You guys are talking about a lot or work and we all know Paul has other things to do besides gathering and maintaining data on list members. In a perfect world it would be great to have the information suggested below, but someone has to expend the time and effort. I know it won't be me, I need to study so I can fail my next attempt. ;-) -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 08, 2002 3:44 PM To: [EMAIL PROTECTED] Subject: Re: CCIE WORTH IT? [7:50941] I agree. Mike W. David j wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes, I agree but only if it's voluntary... Robert D. Cluett wrote: It would be nice to know where each member is located and what there level of knowledge/certification is. I wonder if we could request this to be added to the site. Maybe member profiles or something. Anyone agree? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50998t=50941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Time-Base ISDN connection [7:48991]
Base your dialer list on a time based access list. This should do the trick. -Original Message- From: Jimmy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 10:34 PM To: [EMAIL PROTECTED] Subject: Time-Base ISDN connection [7:48991] Does anyone have the sample configuration for Time-Base ISDN connection. What I want to do is the only specific time , like from 9am to 6pm , ISDN link bettwen 2 router will be up. Thanks in advance. regards Jimmy __ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48992t=48991 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM fore CCIE [7:48892]
You are not responsible for configuring the switch, but ATM is still on the test. You will need to configure routers to communicate through the cloud. -Original Message- From: Calorifer Gogu [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 3:43 PM To: [EMAIL PROTECTED] Subject: RE: ATM fore CCIE [7:48892] According to the info on the CISCO's own web site ATM is not required any more to pass, that is no testing on ATM. Just do a search on CISCO WEB for CCIE requirements there is a list with stuff: http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#42 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48965t=48892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Placement of IDS [7:48420]
Most security breaches are by employees. With that out of the way, I would place the IDS engine in front of the firewall to catch attacks against devices in the DMZ. In a small trusting environment, your employees are probably not your biggest threat. -Original Message- From: sam sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 12:20 PM To: [EMAIL PROTECTED] Subject: Placement of IDS [7:48420] I was contemplating on where I should put my IDS. I have a simple network with only one Internet connection to my ISP. It is firewalled with an internal network that does not allow any incoming connections via firewall and a DMZ which has web, DNS, and email server. My question is should I put the IDS behind or in front of my firewall? What are most of you doing? I realize if it is behinf the FW I will not be able to detect a lot of possible security breaches, such as users trying to rsh or telnet into my servers since this is blocked by FW. Should I care that people are trying to get in or attack if the firewall is already blocking it? The IDS could easily handle the traffic since its only at the 1MB-2MB range. sam sneed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48432t=48420 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Lab Equipment [7:40032]
I personally don't think my piece of mind would be worth that much. Buy hardware from a reputable source on E-bay or I have the number of an individual I had GREAT success with in California. They sell large volumes of hardware and I also have the number of someone for memory which you will need. The hardware person goes under the name of BabyJake on E-bay and I have nothing but good things to say about them or the way they conduct business. You can call them direct and have them check inventory if you don't see what you want on E-bay. Contact me offline if interested for their number also. -Original Message- From: Shaun Stanley [mailto:[EMAIL PROTECTED]] Sent: Monday, April 01, 2002 10:19 AM To: [EMAIL PROTECTED] Subject: Lab Equipment [7:40032] I'm planning on setting up a home lab and I've noticed that most places offer a 30 day warranty on used Cisco equipment...(usedrouter.com)... Tancom.net offers a one year warranty...they will swap out the defective piece for another working 'used' one... However, their prices are significantly higher than usedrouter.com... eg. UsedRouter.com - 2503 - 435.00 Tancom - 2503 - 695.00 on one hand I feel like the peace of mind is worth some more money but on the other hand, what is the likelihood there will be a problem...AND I won't be buying just one router, so the cost difference will be huge for the entire lab... What experience have others had with purchasing used equipment? warranties? etc? If the router does go bad and you have no warranty? what options are available at that stage? Any help greatly appreciated. Shaun Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40073t=40032 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Token Ring [7:38863]
Get online access for the 3900 it is enough. Be very sad they are removing Token Ring from the lab, there are the easiest points you will receive on the lab. -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 2:42 PM To: [EMAIL PROTECTED] Subject: CCIE Token Ring [7:38863] Hello I have read in a previous post that the CCIE R/S program is dropping token ring stuff. Is that true or does anyone know when will that be effective ? Does anyone with experience with the lab know how much does the token ring stuff is needed ? Is it worth buying a Cat 3900 for a home lab or would getting online rack access work as fine ? any information is greatly appreciated. Thank you. __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38866t=38863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Bandwidth statements [7:37221]
I always understood the desired method for path manipulation and EIGRP was through the modification of the delay value on the link. -Original Message- From: Grant Levy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 6:31 PM To: [EMAIL PROTECTED] Subject: RE: EIGRP Bandwidth statements [7:37221] Bandwidth statements, are used for the cost metrics of the links. If you have equal links, but want to have a shadow not a load balancing link, then use the offset-list, under the router eigrp process. It is always good practice to use the bandwidth statement for each sub-interface. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37433t=37221 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Starter amp;amp;amp; Lab Equipment [7:37312]
It will do the job nicely. No FEC for your lab, but do you really need it? -Original Message- From: Ronald James [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 06, 2002 8:59 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Starter amp;amp; Lab Equipment [7:37312] Is Catalyst 5000 with Supervisor 1 good enough for home lab purpose? Justin C wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Danie, I built my home lab entirely from Ebay. There are some good vendors on there, but the phrase buyer beware always comes to mind. I always look at the sellers feedback, not just for positive ratings but to see if they have sold equipment in the dollar value I am purchasing. Look to see if the seller has positive feedback on equipment in that price range. The sellers I can recommend (based on my own purchases and those of people I personally know) are: networkhardwareresale - great packaging, good prices, quick shipment; bluedesperateboy - good packaging, fair prices (little high, but top notch equipment); ciscoware; www.whirled-routes.com; magi-tech; snootfull; lskok If you look up their feedbacks, you will see the amount of business they do. If you are after good deals, be patient about purchasing and watch for good products at good-to-fair prices. It took me two months to build my home lab (Catalyst 5000 w/ Sup 2, 2-2501, 2-2503, 1-2502, 1-2513, 1-4000M, 1-2620, 1-2522, 1-2511RJ, 2-2900 Cat switches, plus all serial/ethernet cables) for around $9500. All of it from Ebay, and all of it worked when I received it. Costly yes, but nothing beats continuous hands on experience with the equipment for months (six so far) on end. Plus, I can configure almost anything I find in the CCNP and CCIE books I have (save some Token Ring and ATM of course), which is nice when you have questions about technologies and want to experiment to learn more about them. Personally, I will rent rack time to get at the 3900/3920 switches and ATM configurations. Also, I have not purchased from them, but Optsys.net has some pretty good deals on 2501 and 2503 router packages. I will be purchasing an ISDN simulator from them later this month. As for the Catalyst 5000 switch, you can substitute a Catalyst 2901 or a Catalyst 2926T (the T means 10/100T connections on the supervisor module versus the 10/100 Fiber connections on the 2926F). Search the archives for additional information on rack recommendations AND Ebay sellers to steer clear of as the topic gets brought up at least once a month. Best of luck to you in your studies. My apologies to the group for any perceived waste of bandwidth on this often discussed topic. After reading about it for the past seven months, I just wanted to drop my $.05 on the table. Regards, Justin Cluer From: Danie Strydom Reply-To: Danie Strydom To: [EMAIL PROTECTED] Subject: CCIE Starter [7:37283] Date: Tue, 5 Mar 2002 13:04:08 -0500 Dear All, I've recently started active study on CCIE and have limited experience but CCNP knowledge on Cisco kit. I'm in the process of buying what I need and I need some advice on where to start and would like to find out how you guys started out. What do I need for my home lab? I've looked at auctions on Ebay, is it alright to buy second-hand? Is there IOS upgrades available free from Cisco? If any of you know a good link to a specific equipment list I need I'd be very grateful, I've had a look on the Cisco Routing and Switching Lab equipment list but they only had the following - no real specifics: 2500 series routers 2600 series routers 3600 series routers 4000 and 4500 series routers 3900 series token ring switches Catalyst 5000 series switches I can only afford up to 3600 series routers, what can I do about the rest? Thank you for your help and I think this is a great group. Kind Regards, Danie Strydom London, UK _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37414t=37312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bandwidth limit at the E I [7:37105]
Very interesting question. What is your application? Where do you plan on using this and why? Is this from some scenario you are testing? I would be very interested to know because I would like to work on the same practice lab if you can share your source. It is wise to do a little research before asking this type question. Take a peak at the QOS options for the IOS. If you read and understand the section you will have your answer. -Original Message- From: Mohannad Khuffash [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 03, 2002 12:13 PM To: [EMAIL PROTECTED] Subject: Bandwidth limit at the E I [7:37105] Hello, Is there any spesific command i can use to limit the bandwidth available at the ethernet interfaces ? Please advise ? Regards, -- Mohannad N. Khuffash Network Administrator Palestine Telecommunication Company Tel: 00972-02-2982330 Fax:00972-02-2980235 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37106t=37105 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Variance for Eigrp...does it actually work?? [7:33835]
Even with the variance command a neighbor might not be considered a feasible successor. Remember a feasible successor is a path whose reported distance is less than the feasible distance. This is a loop prevention method in EIGRP. Read the section, Deciding if a Path is Loop-Free in the document at the link below http://www.cisco.com/warp/public/103/eigrp1.html#6 I guarantee a light bulb will come on above your head after you read this. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 31, 2002 7:57 AM To: [EMAIL PROTECTED] Subject: Re: Variance for Eigrp...does it actually work?? [7:33835] I don't really have an answer, this is more of a me too email. I've only bothered with variance once in a practice lab and I was not able to make it work even after setting the variance to a ridiculously high number. No matter what I did, I was not able to get both EIGRP routes into the routing table. At some point I need to go back and figure out why it wasn't working but I've been avoiding it. John Cisco Nuts 1/31/02 12:05:03 AM Hello,I am testing out the variance command under eigrp and it does not seem to be working the way it is explained in the CCNP routing guide by CiscoPress. Any ideas ? Sorry, Long post but need help.I have RTA connected to RTB and RTC via FR physical intf. running eigrp 1RTB and RTC are connected to BBR via serials also running eigrp 1BBR is connected to TS via serial running eigrp 1 and igrp 1TS is connected to REMOTE running rip.RTA to RTB to BBR have bandwidth = 64 configed.RTA to RTC to BBR have the default bw = 1.544On RTA, the route to Rip netw. 12. and 13. on Remote show up via the RTC to BBR to TS to Remote routewhich is correct.D EX 12.0.0.0/8 [170/3245056] via 192.168.10.243, 00:12:37, Serial0 D EX 13.0.0.0/8 [170/3245056] via 192.168.10.243, 00:13:42, Serial0 The metric via RTB to BBR to TS to Remote is 41538560 as inD EX 12.0.0.0/8 [170/41538560] via 192.168.10.242, 00:00:17, Serial0 D EX 13.0.0.0/8 [170/41538560] via 192.168.10.242, 00:00:17, Serial0 After doing the math,( multiplied 3245056 x 13 to get 42185728 which is greater than 41538560), I configed a variance of 13 on RTA and expected to see 2 routes to networks 12. and 13. but only 1 route shows up, that thru RTC.Is there a reason why?Thank you. : Send and receive Hotmail on your mobile device: Click Here Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33861t=33835 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: QoS Configuration Guidelines [7:33714]
I believe RSVP and RTP should be configured on both ends. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 12:34 PM To: [EMAIL PROTECTED] Subject: Re: QoS Configuration Guidelines [7:33714] 3 Grad Alfons Kanon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... team, For Cisco QoS configuration below, which one we should configure on both routers which one is not..? 1. RED/WRED 2. FRTS/GTS 3. rSVP 4. CAR 5. CQ, PQ 6. RTP..? thanks Grad _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33749t=33714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: QoS Configuration Guidelines [7:33714]
I would bet my last dollar the original poster is referring to cRTP. This is why I included it into the both ends category. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 1:07 PM To: [EMAIL PROTECTED] Subject: Re: QoS Configuration Guidelines [7:33714] RTP as in Real Time Protocol? It's not even a command. It's a transport layer addition to UDP. You really can't tell a router to use RTP. You can tell it to do cRTP, or ip rtp priority. cRTP is both ends, IP RTP priority doesn't have to be. But RTP isn't even a valid choice. Jim Brown wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I believe RSVP and RTP should be configured on both ends. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 30, 2002 12:34 PM To: [EMAIL PROTECTED] Subject: Re: QoS Configuration Guidelines [7:33714] 3 Grad Alfons Kanon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... team, For Cisco QoS configuration below, which one we should configure on both routers which one is not..? 1. RED/WRED 2. FRTS/GTS 3. rSVP 4. CAR 5. CQ, PQ 6. RTP..? thanks Grad _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33753t=33714 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Is CCIEprep on crack or what ? [7:32787]
You can definitely install a DB60 upside down. I won't even say I've watched a trainee do it, I've done it myself. It is easier than you think, the hood becomes distorted and it becomes even easier the next time. -Original Message- From: Ozzie Sutcliffe [mailto:[EMAIL PROTECTED]] Sent: Monday, January 21, 2002 11:35 PM To: [EMAIL PROTECTED] Subject: Is CCIEprep on crack or what ? [7:32787] I was looking over some troubleshooting stuff and on of the scenario's involved a router that was fine and the admin goes to lunch. Comes back from lunch,S0 is down and down,a show controller sees no cable . The rest of the garbage raves on about about the DB60 being symmetrical and the cable was installed upside down. Every DB 60 I have seen was NOT symmetrical and would take some cutting with tin snips to install upside down. The 12 secenario's I saw were really advanced CCNA not even CCNP level stuff.. Is this the standard of CCIEpreps stuff ??? Oz [GroupStudy.com removed an attachment of type application/ms-tnef] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32810t=32787 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF and The Disappearing Neighbor Statement [7:31656]
I thought you only need the neighbor statement on one side of the connection? Once a router accepts the hello, adjacencies are formed with information from the hello via unicast communication from that point forward. Sort of like if I shout over a hill, Hey Routerman are you there, this is Jim. Then you would respond back to me by name. -Original Message- From: Router Man [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 13, 2002 10:28 AM To: [EMAIL PROTECTED] Subject: Re: OSPF and The Disappearing Neighbor Statement [7:31656] I was able to reproduce your exact scenario. I had a hub with two spokes and the neighbor statements only appeared on the hub. This is very interesting and I'm not sure what the reason behind it is. I am glad that this was brought up, because I would love to get to the bottom of this situation. I'll keep you posted John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The network statement definitely was there, but the neighbor statements would only appear on the hub router. Interestingly, I just saw a sample configuration similar to this on CCO and they only had the neighbor statement on one router, not both. I think as long as one router has a neighbor statement configured, the adjacency will form assuming all other things being equal (network type, etc.) The adjacencies formed but I had to cycle the interfaces to get things started. Even if the neighbor statement is only required on one side, I still don't understand why the router wouldn't let me add it. The adjacencies would eventually form, however, and routing occurred exactly as I expected it. I did notice a minor issue with the neighbor statements on the hub. I had three of them, and one of them inserted 'priority 1' at the end, yet the other two remained as I entered them. Router Man 1/11/02 3:08:03 PM The only time that the neighbor statement will not show up in the running-config, is if you do not have a network statement under the router ospf process. I am doubting that the neighbors formed an adjacency without the neigbor or network statements showing up under the ospf config. If the adjacency was actually formed, then it must be a bug. Another thing that I have noticed is than when trying to use the neighbor statement to set the priority, neighbor 1.1.1.1 priority 255 the priority will change to something other than what I set it too. It took me a while to figure this one out. The problem is that I have to have matching ip ospf priority 255 statements under the interfaces running ospf . John Neiberger wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It was hot, too hot. Our detective had been working feverishly to configure OSPF over NBMA without the use of ip ospf network statements. He knew that to do this he must explicitly add neighbor statements or adjacencies would not form. He logs into the hub router and types in his three neighbor statements. All seems well. It's still too hot, but it's a dry heat. He now logs into one of the spoke routers and types in his neighbor statement. He pauses momentarily and then checks the OSPF adjacencies. Something seems to be wrong, he thinks to himself. This ought to be working, but it isn't. Why not? He looks through the running config to look for any errors and notices the the neighbor statement that he just entered is missing! He slowly and deliberately types it in again making sure there are no mistakes but yet it still does not show up in the running configuration. Is this an IOS issue? Operator error? Some rift in the space-time continuum? He jumps to another spoke router running a different IOS and tries the same thing with the same result. He is frantic now, beads of sweat pouring down his face. What if this were the real CCIE lab exam? Could this be a fatal stumbling block? He finally notices that adjacencies do eventually form after clearing the relevant interfaces. This must be because the hub router accepted the neighbor statements. But what if it hadn't, he ponders. He thinks forward into the future when--a day after taking the lab exam--he receives the dreaded email that says, We're sorry, it is apparent that you have no clue. Back to the real world What was the cause of the missing neighbor statements? Have any of you run into this before? I've never bothered to explicitly use neighbor statements as I'm in the habit of using the ip ospf network command to make them unnecessary. Any thoughts? Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31776t=31656 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab [7:31476]
Candidates are responsible for features, up to and including, those found in 12.1 IOS. It is listed on the website in the certification section. Please note, this does not mean the routers will have 12.1 on them. They might have the 12.1 code or some down revision. -Original Message- From: Edward Chuchaisri [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 09, 2002 4:47 PM To: [EMAIL PROTECTED] Subject: CCIE Lab [7:31476] Just a quick question. What IOS images do they use in the CCIE Lab? I am particularly intersted in the images they use in 2500 and 2600. Thanks, Ed www.router4u.com Affordable Router Lab Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31480t=31476 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BECN vs TCP congesttion control [7:31219]
I think the reasoning is to prevent the transmission of traffic almost all the way through the frame cloud only to have it dropped by the last telco switch. With congestion notification you can shape the traffic for a more even flow reducing packet loss and retransmission based on information from the cloud. If the traffic is traveling across the cloud only to be dropped at an intermediate switch, it is still consuming valuable bandwidth. Imagine one end with T1 access speed and the other end with a 64K port. The T1 end will crush the line with everything it has only to have it dropped by the last switch attached to the 64K port. Then the T1 end will cycle through retransmission, and on, and on. You would waste a terrible amount of bandwidth. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 3:49 PM To: [EMAIL PROTECTED] Subject: BECN vs TCP congesttion control [7:31219] I understand that FR is multi-protocol, but I feel confident in saying that most traffic is IP based. With that out of the way, historically, why did the writers of frame-relay include BECN as a method of congestion control when 1, it isn't end-to-end as TCP is, and therefore not as good as TCP, and 2, not nearly as robust and complex as TCP's tried and true methods of congestion control. Is there another reason that I don't understand. -- RFC 1149 Compliant. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31223t=31219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffing my broadband connection to my ISP ??? [7:30689]
O.K. let me rephrase this, A router would generate and ARP request and ARP reply if the source network and destination network were directly attached and proxy ARP were enabled. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 5:08 PM To: [EMAIL PROTECTED] Subject: RE: Sniffing my broadband connection to my ISP ??? [7:30689] At 04:37 PM 1/2/02, Jim Brown wrote: Priscilla, Wouldn't proxy ARP generate an ARP request and an ARP reply if the source and target networks were directly connected to the router? No. Proxy ARP causes the router to generate ARP replies. It has no effect on ARP requests. ARP requests are generated by normal ARP when a node tries to find the MAC address of another station. They are generated by end stations and by the router. The router has to find the MAC address just like any other station does. He is sniffing on the broadband connection which presumably is shared by all hosts in his area (sometimes called a node in cable modem designs). He can see their ARPs and he can see the router's ARPs. Proxy ARP allows devices to communicate with devices on the other side of the router without having to know that the router is there. In this case, end stations send ARP requests for local and non-local devices. For non-local addresses, the router responds with its own MAC address. Priscilla -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 3:54 PM To: [EMAIL PROTECTED] Subject: Re: Sniffing my broadband connection to my ISP ??? [7:30689] Having proxy ARP enabled on the router would cause the router to send ARP replies not requests. The fact that he sees ARP requests isn't surprising. He's on a shared network. On a shared network you see all the ARP requests from your local router to devices on your network. Priscilla At 05:24 PM 1/2/02, Erick B. wrote: Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30786t=30689
RE: CCIE Written Passed Lab Advise [7:30838]
If you are in the DC are maybe you should consider the Net Master Class by Bruce and Val instead of the Global Knowledge. I attended ECP1 and know a couple of individuals who attended the new RSNMC1, it sounds like the new class is even better. www.netmasterclass.net You should be able to schedule your lab date soon. It usually takes a couple of days for it to be reported to Cisco. There is an online registration tool on the Cisco web site in the certification section. The dates are about six months out. Don't worry about the backlog, most candidates need the time to prepare. Just schedule a date and get cracking. -Original Message- From: Olympia Ric [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 03, 2002 2:41 PM To: [EMAIL PROTECTED] Subject: CCIE Written Passed Lab Advise [7:30838] I just passed the CCIE Routing and Switching Qualification Exam and would appreciate recommendations on preparing for the lab. I do not have access to Cisco gear at work but have registered for Global Knowledge CCIE lab preparation courses. What equipment do I need? Rent vs buy. Recommended lab sites preferably in the Washington DC, Virginia, Maryland area. I would consider other location as well depending on how good they are.Do I need to schedule my lab date now? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30844t=30838 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sniffing my broadband connection to my ISP ??? [7:30689]
Priscilla, Wouldn't proxy ARP generate an ARP request and an ARP reply if the source and target networks were directly connected to the router? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 3:54 PM To: [EMAIL PROTECTED] Subject: Re: Sniffing my broadband connection to my ISP ??? [7:30689] Having proxy ARP enabled on the router would cause the router to send ARP replies not requests. The fact that he sees ARP requests isn't surprising. He's on a shared network. On a shared network you see all the ARP requests from your local router to devices on your network. Priscilla At 05:24 PM 1/2/02, Erick B. wrote: Hi, Just to expand on this... The 224.0.0.1 multicast query you're seeing is coming from the cable modem I bet. I have a Surfboard 3100 cable modem and it sends out IGMP queries on 224.0.0.1 frequently. I'm not sure why the cable modem is doing multicast and haven't really looked into it. I think it may only be local to the LAN interface toward your PC but not 100% positive. You can use your web browser to view the log and status of the SB3100 cable modem by the way, you can see the IP in the sniffer trace. If the ARP requests are originating from the ISP default-gateway (first hop router for you) then maybe they have proxy arp enabled. The DHCP requests could be from other users on your segment, or maybe forwarded to a DHCP server on your segment from another segment. Also, since you're on a shared segment with others they may have set up their own networks, etc with their own address space, etc that you might see packets from. Erick --- Priscilla Oppenheimer wrote: It sounds like you are sharing the broadcast domain with a bunch of other stations. The network is bridging on the edge. I think this is normal for cable modem systems. Is that what you are on? Priscilla At 12:23 PM 1/2/02, Phil Barker wrote: Hi Group, I have been sniffing my broadband connection to my ISP today and have a few questions. My main gripe is that I'm being sent around 100 Arp requests per minute, which obviously I cannot resolve. These ARP requests are all originating from my default G/W at the ISP trying to resolve MAC addresses of various users. Can anyone confirm if this is usual or unusual. I cannot see this being correct since if I set my router up to be one of these IP addresses I can resolve it to my MAC address Eth 0 int' or any other mac-address for that matter. They also send me DHCP requests, IGMP requests for group 224.0.0.1 (Which I wish I could join) but cannot and lots of their private address information via the above mentioned ARP's. I also captured an attemt at an inbound TCP connection on a dynamic port which my router RST, thankfully. Are they wasting my B/W ? Thanx, Phil __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30722t=30689 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Practical Studies has no solution for the lab [7:30480]
Page 1134 www.ciscopress.com/1587200023 -Original Message- From: Jason [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 30, 2001 7:27 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Practical Studies has no solution for the lab [7:30478] Was there a link ? I couldn't find it Jim Brown wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The authors intentionally left out the solutions for the big labs. The authors wanted to discourage readers from peeking at the solutions. They will be available on Cisco's web site. I heard the link is currently dead? I'm sure it will be available in the very near future. -Original Message- From: Nick S. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 1:25 AM To: [EMAIL PROTECTED] Subject: RE: CCIE Practical Studies has no solution for the lab [7:30412] Thats one of the reasons they call it VOL I :) Jokes apart, I think Cisco intends to bring out a series of these books, which may be based on the changes that the test undergoes, maybe they will bring out a solution workbook as well. From what I have heard, it doesnt contain much/no BGP either .. is that true ? Nick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30480t=30480 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Practical Studies has no solution for the lab [7:30436]
The authors intentionally left out the solutions for the big labs. The authors wanted to discourage readers from peeking at the solutions. They will be available on Cisco's web site. I heard the link is currently dead? I'm sure it will be available in the very near future. -Original Message- From: Nick S. [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 29, 2001 1:25 AM To: [EMAIL PROTECTED] Subject: RE: CCIE Practical Studies has no solution for the lab [7:30412] Thats one of the reasons they call it VOL I :) Jokes apart, I think Cisco intends to bring out a series of these books, which may be based on the changes that the test undergoes, maybe they will bring out a solution workbook as well. From what I have heard, it doesnt contain much/no BGP either .. is that true ? Nick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30436t=30436 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Practical Studies by Cisco Press [7:30243]
I have only done a cursory review, but from what I can tell their approach is perfect. The author goes through each technology and explains it with as few routers as necessary, then at the end are six full scale exam style labs. Really concise material without all the fluff. I haven't had the chance to check for errors, but I have a good feeling about the quality of the material. This is just what the doctor ordered for prep work. As a gut check I looked up a couple of things that tripped me up on an exam and sure enough there they were fully explained with descriptions and configs. In my opinion this book should increase the pass rate. This book is the list of gothcas and how-to's I was creating myself, now it just has a pretty cover. Remember Cisco wants more people to pass the lab. These are only my preliminary observations. Take a look at the book and judge for yourself. -Original Message- From: juno vtv [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 6:01 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Practical Studies by Cisco Press [7:30243] Jim, Does the book go in-depth with many different topics? What's the quality of the labs? -junovtv Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30248t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Practical Studies by Cisco Press [7:30243]
I think it ROCKS! John, you could have purchased it at SoftPro Books since the middle of last week. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 27, 2001 5:18 PM To: [EMAIL PROTECTED] Subject: CCIE Practical Studies by Cisco Press [7:30243] I know this just came out recently but I'm wondering if any of you have it yet? I don't know why I'm asking now since my copy will be here tomorrow. :-) I'm just curious to see if anyone else has had a chance to crack its pages yet. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30245t=30243 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Proper dress for CCIE lab? [7:29524]
They also reduce the amount of oxygen in the lab to simulate networking at high altitudes. The proctors stand over your shoulders and scream in your ear just like a military boot camp. You aren't allowed to use the show run command and must type everything exactly right the first time. Seriously You can wear whatever you like. I've worn shorts with a t-shirt and I've noticed candidates in sandals. Just be comfortable. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 18, 2001 3:00 PM To: [EMAIL PROTECTED] Subject: Proper dress for CCIE lab? [7:29524] Is it true that you have to be dressed in a suit for the CCIE lab? Do them mark mannerisms, speech and dress? I have some old Novell guys telling me horror stories of the Novel Instructor Program. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29529t=29524 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Group Study LAB Board Question [7:28863]
Join the board and use whatever date you feel comfortable with. As far as the date is concerned, if you can leave on a weeks notice, there will be a seat available. Dates are always opening up. Just study with a March date in mind and you should be able to grab one within two weeks of the test. I'm pretty certain about this. Look at the scheduler and you probably will see Jan dates open. If I remember correctly Cisco testing is closed for testing from around the 20th till the new year. This might affect the availability of Jan dates in regards to my earlier statement. Just keep an eye open study your buns off and you should be able to grab the desired date as it approaches. -Original Message- From: Gregg Malcolm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 11:02 AM To: [EMAIL PROTECTED] Subject: OT:Group Study LAB Board Question [7:28863] I recently passed my CCIE written. I am hoping for a Mid March lab date. Currently, cisco is showing only earliest available dates in June. I'd like to join the lab discussion group, but I have not yet schdeluded the lab since I don't want to wait until June to take it. Would it be an error in protocol to join the group saying that I have a mid March date? I'm am going to try very hard to get a mid March date (hopefully a swap). Thank you, Gregg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28873t=28863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redistribution and Filtering [7:28699]
With a single redistribution point, split-horizon should handle the filtering for you in most cases. In a production environment I might apply filtering just to be safe, but in a lab/testing environment why waste the cycles. -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 12:08 PM To: [EMAIL PROTECTED] Subject: Re: Redistribution and Filtering [7:28699] Filtering is, yes. Of coarse I'm assuming your not talking about a single router network since you are redistributing routing protocols. Dave John Neiberger wrote: But is it ever necessary if you're only using a single router to do the redistribution? Bill Carter 12/10/01 10:55:23 AM Yes it is overkill. Yes it is good practice to use either route-maps or distribute lists. Control is better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of William Lijewski Sent: Monday, December 10, 2001 10:57 AM To: [EMAIL PROTECTED] Subject: Redistribution and Filtering [7:28699] I have a basic question, kind of... When you redistribute between routing protocols, should you ALWAYS use a route-map? If there are no loops is it still recommended/required? I have been doing it but I want to know if its overkill. Thanks, Bill -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28740t=28699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: C2620 with NM-1FE1R2W? [7:28716]
The blurb actually states it is not compatible with the 2600. Check the NM table towards the bottom of the link. -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 1:57 PM To: [EMAIL PROTECTED] Subject: Re: C2620 with NM-1FE1R2W? [7:28716] Here is a marketing blurb that appears to say it is supported on the 2600 platform but me thinks it lies ;) http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/2636m_ds.htm Dave Johan Hjalmarsson wrote: Does a NM-1FE1R2W= work in a Cisco 2620 router? I thought all NM's worked in both the C26xx and C36xx series, but I can't get this configuration to work. When I look in the HW/SW compability matrix only SW for the C36xx is shown for this module. Any suggestions? -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28745t=28716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN DDR Question [7:28257]
I don't think you can drop just one channel. The variables are only for enabling the additional channel? I can't remember anything to just drop part of the bundle. If I'm incorrect someone will immediately jump in to point it out. So you should have your answer either way. -Original Message- From: Sam Deckert [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 06, 2001 4:36 PM To: [EMAIL PROTECTED] Subject: RE: ISDN DDR Question [7:28257] thanks patrick, however from what i have found the idle-timeout command is for the first channel being idle, not the second. What i am after is how to make the second channel stay up longer than the default after the load threshold drops below its defined value. thanks, sam. -Original Message- From: Patrick Donlon [mailto:[EMAIL PROTECTED]] Sent: Thursday, 6 December 2001 7:31 PM To: [EMAIL PROTECTED] Subject: Re: ISDN DDR Question [7:28257] dialer idle-timeout seconds Have a look at this link it's got lots of info on PPP and multilink http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Internetworking:PPPs =Implementation_and_Configuration Cheers Pat Sam Deckert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hey all, just wondering if anyone knows how to extend the amount of time it takes before the second channel comes down after the traffic level drops below the load threshold, when using multilink isdn with 2 channels? Any help would be great!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28343t=28257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: eigrp and isdn routing question? [7:28219]
If you deny EIGRP multicasts in the dialer-list it will prevent them from initiating a call or keeping the line up. They will be uninteresting. and will not cause the line to dial. Once the line is up, all packets are fair game regardless of whether or not they match the dialer-list. Any packet is passed over the ISDN circuit. The dialer-list only signifies what traffic is interesting and will force a call. I'm not sure if this is what you are looking for. In other words, neighbors would only be formed when the link was up due to some other traffic defined interesting by the dialer-list. No more interesting traffic and the link comes down, but EIGRP will not keep the circuit up or cause a call to be initiated.. You should probably look at the dialer-watch command for dial backup over EIGRP. I think dialer-watch might be just what the doctor ordered. -Original Message- From: Bob Perez [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 05, 2001 1:09 PM To: [EMAIL PROTECTED] Subject: eigrp and isdn routing question? [7:28219] Is ther a way that I can stop all eigrp traffic from passing on the ISDN when it is down and then to pass when the ISDN comes up? I have an access list that denies eigrp on the BRI and the interface is set as passive in the eigrp config. But I am having routing problems when I lose my serial line and the ISDN comes up. Nothing will route unless there is a hardcoded next hop for an address ip route ** ** * I would like to somehow pass eigrp info over the isdn when it comes up but not when it is down? Can this be done. I also do not want to do redistribute static because of default gateway issues. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28222t=28219 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Split Horizon and Frame [7:27679]
The real kicker is you must disable EIGRP split horizon on the interface of an NBMA network. If you disable it on the interface this will not work. You must use the no ipx split-horizon EIGRP command. The no ipx split horizon command doesn't mean squat to EIGRP. In an NBMA network, you should use EIGRP or create tunnels for RIP. Without the ability to disable split-horizon for RIP you will never pass all the routing information out to the spokes. Of course all the rule about subinterfaces and such apply to split horizon. Just keep the NBMA thing in mind when using physical or multipoint interfaces. -Original Message- From: Lopez, James [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 7:36 AM To: 'McCallum, Robert'; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg; phil Subject: RE: Split Horizon and Frame Robert, For IPX RIP, it is my understanding that you can not turn off split horizon. For IP on frame interfaces, split horizon is turned on automatically for point to point interfaces but off by default for the physical and multi-point interfaces. some one please correct me if I am incorrect. JL -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 8:03 AM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); a bratchell; graham; john bermingham; jolash; kash; martin; nigel; paul frost; peter norberg; phil Subject: Split Horizon and Frame Folks, Quick question just to make sure I have things correct in my head. Please correct me if I'm wrong. O.k. FOR IPX every frame interface (physical, point, multipoint) split horizon is enabled by default. FOR IP physical frame interface split horizon is disabled and for point and multipoint split horizon is enabled by default. The above on ATM interfaces is it the same rules?? Cheers Robert McCallum Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27679t=27679 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Slimline 2 [7:27365]
What version of the IOS are you running? Some of the 12.0 versions have a cosmetic bug which shows an invalid SPID when actually, all is well. -Original Message- From: Pierre-Alex J. Guanel [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 1:02 PM To: [EMAIL PROTECTED] Subject: Slimline 2 [7:27365] I am using the Slimline 2 ISDN simulator from PDS technologies. I cannot get the SPID to be accepted. (See below) ISDN BRI0 interface dsl 0, interface ISDN Switchtype = basic-5ess Layer 1 Status: ACTIVE Layer 2 Status: TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHE TEI 64, ces = 1, state = 4(await init) spid1 configured, no LDN, spid1 sent, spid1 NOT valid I have not modifed the default phone numbers and configured on Slimline Below are my configs for bri0 interface BRI0 ip address 10.0.0.1 255.255.255.0 encapsulation ppp no ip route-cache no ip mroute-cache dialer map ip 10.0.0.2 dialer-group 1 isdn switch-type basic-5ess isdn spid1 Is there a default LDN number I have to configure? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27366t=27365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Frame Relay/ISDN Question [7:27386]
Cisco created the frame relay end-to-end keep alive command to address just the issue you describe. It actually sends a configurable keep alive between the end points to verify connectivity. Check out the Doc CD Wan Switching Guide. Look under frame relay and the entire keepalive command set is there. -Original Message- From: Joshua Gottlieb [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 4:00 PM To: [EMAIL PROTECTED] Subject: Frame Relay/ISDN Question [7:27386] Question, I have a network that is connected via frame relay. Each site also has BRI Lines setup from ISDN Dial-Backup. The backup interface BRI1/0 command is on the PVC Sub-Interface on each router. Occasionally, we will have a problem with our PVC and it will still show up, but we won't be able to route traffic over it. I'm trying to figure out a config so that if the traffic times out on the serial interface, it will DDR on the BRI line. The problem is, that with the Backup Interface command, the BRI line goes into Administratively down mode, so I don't think a floating static route will work. Any ideas? Thanks, Joshua Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27388t=27386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE One Day Lab FAIL [7:27067]
Cut and paste baby! Cut once, paste many. -Original Message- From: Courtney Alexander Foster [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 1:54 PM To: Bryan Ginman; Joseph Ezerski; McCallum, Robert; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: RE: CCIE One Day Lab FAIL You would have to waste a lot of time setting aliases on all the routers C. A. Foster Sr. Network Engineer x5910 -Original Message- From: Bryan Ginman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 2:27 PM To: Courtney Alexander Foster; Joseph Ezerski; McCallum, Robert; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: RE: CCIE One Day Lab FAIL Aliases are a God send for all you slow of fingers out there. ex. alias exec g sho ip int brief typing g will now issue show ip int brief to the cli Cheers, Bryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Courtney Alexander Foster Sent: Wednesday, November 21, 2001 2:13 PM To: Joseph Ezerski; McCallum, Robert; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: RE: CCIE One Day Lab FAIL I don't type that fast...but I am trying to master the short version of the commands...but commands like sh ip int br messes me up on routers with BRI interfaces C. A. Foster Sr. Network Engineer x5910 -Original Message- From: Joseph Ezerski [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 21, 2001 12:15 PM To: 'McCallum, Robert'; ''Ccielab' (E-mail)'; 'Cisco@Groupstudy. Com (E-mail)'; 'George'; 'Kev'; 'kevin'; 'sandra'; 'sandra1'; 'Warren' Subject: RE: CCIE One Day Lab FAIL For those that finished with an hour or so to spare, do you mind posting what your estimated typing speed is? I know it sounds funny, but I work with someone who can type 120 words a minute and it seems to make all the difference in a tight time situation like the lab. Thanks in advance, -Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of McCallum, Robert Sent: Tuesday, November 20, 2001 5:45 AM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: CCIE One Day Lab FAIL O.k. I sat the exam last week and failed but by not a lot. Silly mistakes killed me. For those of you who have still to experience the one day lab then please read ahead. Mostly everyone on this list stated that there was no time to do the lab or check anything. I found this to be so untrue it was unreal. Most people on the lab finished with an hour to go and I had more time than this to check and try to get the annoying things that didn't work to work (although I failed to get two things working)... So from that, my advice is if you are stuck on something, move on and work your way through the workbook. Once you get to the end you should have plenty time to fix (if you can) the problems you left. From my experience of Brussels everything was there. The proctors turned up when they should, answered any questions you asked, there were icons for each element you had to configure, there was paper, there were pens, pencils, sharpeners and erasers. Lunch was horrible although I don't think anyone was to bothered about lunch, so if you are a person who cannot go without lunch bring a packed lunch with you (just don't put your answers in your lunch box !!). All in all enjoy the experience and READ the questions (even the smallest detail). I am resetting in Feb next year and I reckon the pressure will really be on then. Most people fail 1st time anyway is what I can say this time but next time ?? Robert McCallum Ext 730 3448 DDI : 01415663448 Mobile : 07818002241 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=27067t=27067 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE One Day Lab FAIL [7:26926]
It sounds like you have the right attitude. Don't go in and think you are going to fail, YOU CAN PASS on the first attempt. The exam is very doable and is not overly tricky. A if I only had that first attempt back. Stay calm and focused and try not to be freaked out on the first attempt. I would probably say nerves cause more people to fail on their first attempt than anything else. Don't be nervous, this is easier said than done. REMEMBER THESE FEW THINGS: 1. It is only an exam and you can take it multiple times. 2. The proctors want you to pass and are there to clarify requirements and issues with equipment. 3. ASK THE PROCTOR questions! 4. Look at the exam as a challenge which attempts to verify you understand how the protocols and equipment work opposed to just knowing how to configure them. -Original Message- From: Courtney Alexander Foster [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:56 PM To: McCallum, Robert; 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: RE: CCIE One Day Lab FAIL I know most people fail the first time...BUT I am NOT planning on failing my first attempt. If I do, then fine...but I am not going into the test planning to fail...in late January I will let you know how my experience was. Anyway, Good luck on your next attempt. -CAF It's always darkest...right before it goes completely black -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 8:45 AM To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev; kevin; sandra; sandra1; Warren Subject: CCIE One Day Lab FAIL O.k. I sat the exam last week and failed but by not a lot. Silly mistakes killed me. For those of you who have still to experience the one day lab then please read ahead. Mostly everyone on this list stated that there was no time to do the lab or check anything. I found this to be so untrue it was unreal. Most people on the lab finished with an hour to go and I had more time than this to check and try to get the annoying things that didn't work to work (although I failed to get two things working)... So from that, my advice is if you are stuck on something, move on and work your way through the workbook. Once you get to the end you should have plenty time to fix (if you can) the problems you left. From my experience of Brussels everything was there. The proctors turned up when they should, answered any questions you asked, there were icons for each element you had to configure, there was paper, there were pens, pencils, sharpeners and erasers. Lunch was horrible although I don't think anyone was to bothered about lunch, so if you are a person who cannot go without lunch bring a packed lunch with you (just don't put your answers in your lunch box !!). All in all enjoy the experience and READ the questions (even the smallest detail). I am resetting in Feb next year and I reckon the pressure will really be on then. Most people fail 1st time anyway is what I can say this time but next time ?? Robert McCallum Ext 730 3448 DDI : 01415663448 Mobile : 07818002241 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26926t=26926 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how much dram and flash [7:26255]
Show version -Original Message- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 14, 2001 11:06 AM To: [EMAIL PROTECTED] Subject: how much dram and flash [7:26255] what command would tell me how much flash and memory i have. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=26258t=26255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: isdn simulation [7:25713]
There are three very popular simulators on the market. The Adtran 550 or 800, Teltone, and Arca Emutel. The Adtran is what is used in the CCIE lab and it is also the most expensive. It is modular and very reliable. The Teltone and Arca have two ports. I prefer the Arca because you can configure the ports as S/T or U. This is something the other two can't do. I've had an Arca and the Adtran and dollar for dollar I think the Arca is the best product. It is limited to two ports, but for testing this is all you should need. Firmware upgradeable and multiple switch type support. They have a sales office in San Francisco and they are very responsive. It will set you back $1500 - $2000 but you can resell it close to purchase price when done. They hold their value pretty well. -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 08, 2001 2:36 PM To: Jim Brown Subject: RE: isdn simulation [7:25713] Jim Thanks for the info. That's what I was afraid of..I managed to mimic a t1 with back to back csu and was wondering If isdn works the same way. I was looking at the ccie lab book and it had an adtran box. --- Jim Brown wrote: This is the big stickler. The only way is with an actual ISDN line that could be shared by both routers or purchase a simulator. There aren't any cheap simulators either. -Original Message- From: James [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 08, 2001 2:11 PM To: [EMAIL PROTECTED] Subject: isdn simulation [7:25713] Hello everyone, Forgive my ignorance on this one... I am wondering that if someone has a practice lab at home, say 2 2503 with BRI interface, how would isdn connection be simulated ? Appreciate any information on this. Thanks __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25717t=25713 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: worst company [7:25033]
CheckPoint = (great product) - (any support infrastructure). It is without a doubt the least supported product by a manufacturer I have ever seen. I have outstanding TAC cases over a year old! They charge a fortune for support and maintenance, which you must have, and you get nothing for it. The only thing that actually keeps it running are the private boards and mailing lists. It is extremely easy to use though and they own 60% of the market? There are things you can do with CheckPoint that Cisco cannot even begin to emulate. -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 01, 2001 11:23 PM To: [EMAIL PROTECTED] Subject: OT: worst company [7:25033] Hello, I had a very bad experience with Checkpoint and am wondering if anyone had the same problem. One of my clients wanted to try Checkpoint VPN-1 so I filled out online eval form a month ago. A sales rep called me the next day and said a reseller would contact me in 5-10 days (5-10 minutes would make more sense). I didn't hear nothing in 3 weeks so I filled out online eval form again (I lost that rep's phone number) and another sales rep called me said the same thing. Now another week passed and I still didn't hear nothing. My client is very unhappy so he decide to go with Cisco. Is Checkpoint's business so good that they couldn't handle or what? Anyway, Checkpoint lost my client and I would never work with them again. Jim __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25060t=25033 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT:RE: worst company [7:25033]
All I use are Nokia's. It is a great appliance. Nokia recently changed their fee structure for direct support. I think your eyes might pop out of your head when it comes time to renew. -Original Message- From: Eric Rivard [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 10:48 AM To: [EMAIL PROTECTED] Subject: RE: worst company [7:25033] I agree Checkpoint's support is terrible, and Cisco provides great support for any of their products. I like Checkpoint because how flexible it is, the features it provides and the great logging features of it. But it is very expensive. Most of my clients run a PIX as a firewall, mainly because of the price, but when my clients need to have a lot of functionality like multiple vpns, e-mail stripping, etc, Checkpoint is the best for that (my biased option. :) ). Although Checkpoint's support is terrible Nokia provides excellent support for Checkpoint. If you buy a Checkpoint firewall, I highly recommend running it on the Nokia IP platform because of how easy it is to set up and Nokia's support is great. They know more about Checkpoint than Checkpoints engineers do. Every time I have called Nokia, an engineer was on the phone resolving my issue in about 60 secs. Not only that but they are friendly too (something you don't see often.). -Original Message- From: root Sent: Fri 11/2/2001 8:42 AM To: [EMAIL PROTECTED] Cc: Subject: Re: worst company [7:25033] Marshal Schoener wrote: Agreed, however there is great 3rd party support available for Checkpoint from many vendors. UUNet has a very good support program for Checkpoint. No matter who is supporting it though, Checkpoint's license procedure is horrible! I once went 6 months from eval license to eval license because we couldn't get a permanent license to work properly. That being said, in my opinion, there is no better firewall. Regards, -Original Message- From: Jim Brown [mailto:[EMAIL PROTECTED]] Sent: Friday, November 02, 2001 9:56 AM To: [EMAIL PROTECTED] Subject: RE: worst company [7:25033] CheckPoint = (great product) - (any support infrastructure). It is without a doubt the least supported product by a manufacturer I have ever seen. I have outstanding TAC cases over a year old! They charge a fortune for support and maintenance, which you must have, and you get nothing for it. The only thing that actually keeps it running are the private boards and mailing lists. It is extremely easy to use though and they own 60% of the market? There are things you can do with CheckPoint that Cisco cannot even begin to emulate. -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 01, 2001 11:23 PM To: [EMAIL PROTECTED] Subject: OT: worst company [7:25033] Hello, I had a very bad experience with Checkpoint and am wondering if anyone had the same problem. One of my clients wanted to try Checkpoint VPN-1 so I filled out online eval form a month ago. A sales rep called me the next day and said a reseller would contact me in 5-10 days (5-10 minutes would make more sense). I didn't hear nothing in 3 weeks so I filled out online eval form again (I lost that rep's phone number) and another sales rep called me said the same thing. Now another week passed and I still didn't hear nothing. My client is very unhappy so he decide to go with Cisco. Is Checkpoint's business so good that they couldn't handle or what? Anyway, Checkpoint lost my client and I would never work with them again. Jim __ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com I have you beat, I waited 8 months for a perm. license from Checkpoint. -Andrew [EMAIL PROTECTED] [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25099t=25033 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP addressing Subnetting [7:24712]
Who needs to worry about subnetting with the one day exam? (disclaimer: this is only a joke, no flames please) -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 12:19 PM To: [EMAIL PROTECTED] Subject: Re: IP addressing Subnetting [7:24712] Good.. but you can't have a subnet with 31 bits that would leave 2 hosts and the network address and the broadcast would use them up, so you end up with 0 hosts per subnet. For point-to-point serial links, you'd usually use a /30 (255.255.255.252) which gives you 4 addresses per subnet (1 network, 1 broadcast, and two hosts) Mike W. Mike, your answer has been correct for a long time. However, let me cite a recent RFC with a lead author from Cisco: 3021 Using 31-Bit Prefixes on IPv4 Point-to-Point Links. A. Retana, R. White, V. Fuller, D. McPherson. December 2000. I believe some recent IOS versions, primarily intended for carriers, will support /31 on point-to-point media. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24849t=24712 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written - scoring method [7:24272]
I don't think each question counts as a single point. I believe some are weighted different than others. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, October 26, 2001 1:10 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Written - scoring method [7:24272] It's a scale from 0-100, and I believe each question counts as one point. At least I seem to remember getting 100 questions. :-) Robert 10/26/01 12:44:44 PM Hi All, I apologize in advance is I am asking anybody to violate the NDA, but I think this quesiton is pretty sanitary. Is the CCIE written scored on a scale between 1-1000, or is it like the CCNP exams where the scale is 300-1000? Thanks, Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24285t=24272 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE latest Number [7:24031]
Looks like the numbers have come close to a screeching halt. On August 30th, they were handing out the low 8100's. -Original Message- From: kwock99 [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 24, 2001 10:46 AM To: [EMAIL PROTECTED] Subject: Re: CCIE latest Number [7:24031] Hi Jim, Thanks for your info. Just checking if the CCIE number is keep on going without re-use the number. Hence, when I look at the number and make a comparison and I will know when the CCIE got cerification. Do I correct? Thanks. Francis - Original Message - From: Jim Yam To: Sent: Thursday, October 25, 2001 12:40 AM Subject: Re: CCIE latest Number [7:24031] I have a coworker just got his CCIE last Friday and his number is 8285. kwock99 wrote in message news:... Anyone knows what is the latest CCIE number or where to check the latest number? Thanks. Francis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24036t=24031 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Has anyone failed the CCIE Written? [7:21970]
I would say the requirement of the CCNP/CCNA for CCIE written/lab attempts is only a matter of time. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 11:01 AM To: [EMAIL PROTECTED] Subject: RE: Has anyone failed the CCIE Written? [7:21970] Ruben, I'd like to ask you if you already hold any Cisco certifications like CCNA, CCNP, etc. or if you're going for the CCIE written from scratch. Personally I would think that it would be an enormous help to have at least CCNP before attending the CCIE written (and lab), unless you're born with a router in one hand and a switch in the other - but I know that Cisco do not demand you to have any certifications. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Ruben Arias [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 11:29 AM To: [EMAIL PROTECTED] Subject: RE: Has anyone failed the CCIE Written? [7:21970] Twice! I did my first try last year, haven't read all the books recommended in this list and of course failed. 10 months later I thought I was prepared to try it again. It was a completely different exam. I think I will not violate NDA by telling you, you have to know RIF, besides that the exam deals with technology, everything stated in the blue print is tested. After the second try,I was much frustrated, because I was sure I passed and didn't know what else to study, I started all over again, I am studying from all books again, browsing CCO more carefully. This is a hard exam, I'm sure next time will be also different. Saludos Ruben Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22074t=21970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Has anyone failed the CCIE Written? [7:21970]
LB also promised they would never go to a one day lab? What was once considered outlandish and foolish has become reality. I honestly believe in the future the NP will be a requirement to attempt the IE. This is only my opinion. Extended the testing stream another 5 exams and countless copies of Cisco Press materials. Just remember e-mail [7:21970] in 24 months. -Original Message- From: EA Louie [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 5:14 PM To: [EMAIL PROTECTED] Subject: Re: Has anyone failed the CCIE Written? [7:21970] I don't think they'd do that - the CCIE written is being revamped to 'fill in the gaps' from the things that have been removed from the CCIE Lab, and has always been a separate certification track from the NA/NP track. -e- - Original Message - From: Jim Brown To: Sent: Thursday, October 04, 2001 10:07 AM Subject: RE: Has anyone failed the CCIE Written? [7:21970] I would say the requirement of the CCNP/CCNA for CCIE written/lab attempts is only a matter of time. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 11:01 AM To: [EMAIL PROTECTED] Subject: RE: Has anyone failed the CCIE Written? [7:21970] Ruben, I'd like to ask you if you already hold any Cisco certifications like CCNA, CCNP, etc. or if you're going for the CCIE written from scratch. Personally I would think that it would be an enormous help to have at least CCNP before attending the CCIE written (and lab), unless you're born with a router in one hand and a switch in the other - but I know that Cisco do not demand you to have any certifications. Ole ~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~ http://www.RouterChief.com ~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~ -Original Message- From: Ruben Arias [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 11:29 AM To: [EMAIL PROTECTED] Subject: RE: Has anyone failed the CCIE Written? [7:21970] Twice! I did my first try last year, haven't read all the books recommended in this list and of course failed. 10 months later I thought I was prepared to try it again. It was a completely different exam. I think I will not violate NDA by telling you, you have to know RIF, besides that the exam deals with technology, everything stated in the blue print is tested. After the second try,I was much frustrated, because I was sure I passed and didn't know what else to study, I started all over again, I am studying from all books again, browsing CCO more carefully. This is a hard exam, I'm sure next time will be also different. Saludos Ruben _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22140t=21970 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISDN Troubleshooting [7:20403]
I had a problem similar to this in Canada with an ISDN circuit. Try placing a 9 in from of the dial string. Like office phones when you need to grab an outside line. My dial strings looked like 913035551212. The 9 to grab an outside line and then the full dial string with the 1 prefix for long distance if required. Please let me know the outcome. I'm interested. -Original Message- From: Michael Gergov [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 9:12 AM To: [EMAIL PROTECTED] Subject: ISDN Troubleshooting [7:20403] Hi everyone, I was troubleshooting a DDR Backup with ISDN line, here is what happened. Location 1 was setup to initiate the call, Location 2 to accept it . (I went trough the config n+1 times). The connection was never established. I set up the syslog server and debugging of Q931. Here is the excerpt out of the syslog. DISCONNECT pd = 8 callref = 0xC9 Cause i = 0x81D8 - Incompatible destination Signal i = 0x03 - Network congestion tone on I put 1 in front of the dial string xxx-xxx-, and it changed to the following. DISCONNECT pd = 8 callref = 0xF4 Cause i = 0x82A2 - No channel available Signal i = 0x03 - Network congestion tone on DISCONNECT pd = 8 callref = 0xA2 Cause i = 0x80C1 - Bearer capability not implemented Signal i = 0x03 - Network congestion tone on Than I reversed the configuration-Location 2 calling Location 1 - It was working just the way it supposed to. I am not an ISDN specialist,so can someone tell me, what my problem with the first setup was? Many Thanks, Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20426t=20403 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Ugly Access Lists [7:19996]
10.0.200.32 mask 0.255.0.15 -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 12:59 PM To: [EMAIL PROTECTED] Subject: Ugly Access Lists [7:19996] I just had to write the ugliest access list I've ever personally configured. I had to allow the following traffic: - First octet must be 10 - Second octect can be anything - Third octect must start with 200 - Fourth octet must be in the .32 subnet, assuming a /27 mask length. Using a single permit statement, how would you write this? I know how I did it, but for those of you needing some access list practice (and who actually feel like doing this sort of exercise at this time), I'd like to see how you would do it. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20001t=19996 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: spid and ldn numbers [7:19752]
You call the LDN, the local directory number. The SPID identifies the circuit between the router and the CO/Simulator switch. The SPID goes no further. -Original Message- From: Lists Wizard [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 7:31 AM To: [EMAIL PROTECTED] Subject: spid and ldn numbers [7:19752] Hi Group, I am realy confused about spid and ldn numbers. Which one will a remote user use to dial into my isdn router? Thanks Lw __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19764t=19752 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: filtering ospf [7:19856]
How about a passive interface with a neighbor statement. Changes the behavior from multicast to unicast, thereby eliminating traffic to the rouge router. -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 3:06 PM To: [EMAIL PROTECTED] Subject: filtering ospf [7:19856] Anyone remember how to ACL ospf? basically I have area 0 on one interface of a router that touches another company's area 0 (we're splitting) And I want to stop sending them updates and stop receiving updates from them. The real kicker is that I still have another router on that side in area 0 that WAS vendor supported and I can not make any changes to it. (therefor area 0 must remain for it to communicate properly) I seem to recall reading about filters designed just for this scenario but I can not find them in conf t Anyone else know? -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19859t=19856 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: filtering ospf [7:19856]
Let me rethink that one change the interface type with the ospf interface command to non-broadcast and use a neighbor statement to select the router on the multi-access segment you would like to form and adjacency with. -Original Message- From: Jim Brown [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 3:33 PM To: [EMAIL PROTECTED] Subject: RE: filtering ospf [7:19856] How about a passive interface with a neighbor statement. Changes the behavior from multicast to unicast, thereby eliminating traffic to the rouge router. -Original Message- From: Patrick Ramsey [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 13, 2001 3:06 PM To: [EMAIL PROTECTED] Subject: filtering ospf [7:19856] Anyone remember how to ACL ospf? basically I have area 0 on one interface of a router that touches another company's area 0 (we're splitting) And I want to stop sending them updates and stop receiving updates from them. The real kicker is that I still have another router on that side in area 0 that WAS vendor supported and I can not make any changes to it. (therefor area 0 must remain for it to communicate properly) I seem to recall reading about filters designed just for this scenario but I can not find them in conf t Anyone else know? -Patrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19871t=19856 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Back to back ISDN [7:19414]
Can't they share a ISDN line? Doesn't the protocol allow for multiple ST devices assigned different endpoints on the same circuit? Most NT1s have multiple ST connections. I'm only speaking from a theoretical standpoint and could be completely way off base, but couldn't two routers share and single ISDN circuit. A very fair B channel for each? -Original Message- From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:15 AM To: [EMAIL PROTECTED] Subject: RE: Back to back ISDN [7:19414] Two telephones have two telephony links... and they can be linked together using a bus... but without POTS service, they can't call each other, can they. All the bus does is enable multiple ISDN devices to be able to connect to the ISDN service (which is provided either by a telco or a simulator). And yes, I visited the URL you posted. The ISDN BRI service and ISDN cloud are key components of that excerpt. -- Leigh Anne -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:40 AM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: Back to back ISDN [7:19414] Yes, but an ISDN BRI line has two B channels. A POTS line has one channel. Did you visit the URL in my previous post? -Original Message- From: Leigh Anne Chisholm [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 11:36 AM To: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: Back to back ISDN [7:19414] Let me give you an analogy as to what you've described. I take a little gizmo that splits my telephone outlet into two outlets (I use one of these for my answering machine and telephone). I can plug two telephones into the gizmo, but can they call each other? Without telephone service, no. But I have my own bus where I can connect multiple telephony devices... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Cotts Sent: Tuesday, September 11, 2001 10:34 AM To: [EMAIL PROTECTED] Subject: RE: Back to back ISDN [7:19414] See the following: http://www.isdnzone.com/info/bri.htm As I mentioned in a previous off line post, if you have an NT-1 device with multiple connection points (s bus?) then you can connect several devices to it. Configure each with its own B channel SPID. I have not done this but everything that I read indicates that it can be done. Try it. -Original Message- From: Rick Harville [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 10:15 AM To: [EMAIL PROTECTED] Subject: Back to back ISDN [7:19414] I have received several responses sofar expressing a great interest in the solution. Back to back ISDN over a single ISDN line seems to be a very acceptable approach to simulating DDR. Unfortunately, nobody seems to be able to confirm that it can be done. A seach of archives reveals discussions but no real verification that this is possible. The p If anyone has actually done this please respond as there seems to be a great interest in doing this. Once again, the question is, can you connect two BRI (st) interfaces through a NT1 device using only a single ISDN line? I have 2 Cisco 2503's with st Bri. Im using Motorola NT1 device with a single U interface and 2 ST ports. I have at my disposal a single ISDN line from SW Bell. I would like to split the spids at the nt1 device and practice my DDR with only one spid on each router. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19444t=19414 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Routing and Bridging [7:19472]
int e0 ip address X.X.X.X Y.Y.Y.Y int e1 bridge-group 1 int s0 ip address X.X.X.X Y.Y.Y.Y int s1 bridge-group 1 bridge 1 protocol ieee (or dec) -Original Message- From: Russ Kreigh [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 11, 2001 2:24 PM To: [EMAIL PROTECTED] Subject: Routing and Bridging [7:19472] Hello all - I need to bridge E1 to S1 on a router, and route E0 to S0, how can I do this? This router config is the same on each end. END A END B E0-S0 -- S0-E0 E1-S1 -- S1-E1 (Bridge) Thanks -Russ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19479t=19472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Passed the CCIE Written! 850 [7:19304]
One day all the way, unless you are willing to take within the next few weeks. There are dates open this month. -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, September 10, 2001 2:25 PM To: [EMAIL PROTECTED] Subject: Re: Passed the CCIE Written! 850 [7:19304] Congratulations!! That's very cool! As far as the lab, last time I checked CCO stated that any labs scheduled after Sep. 1 would be the one-day lab. If that's still the case, then you're stuck with the new lab. It may have changed, though. Check out CCO to find the details. Regards, John Tom Keough 9/10/01 1:59:33 PM Thanks to all who responded to my question regarding time pressure and the written... I passed with a score of 85%!!! What a relief. When I got home with my registration number in hand I went to the Cisco web site and tried to register for the lab. Too soon, the error message says it will take 3 to 5 days for my results to make it to the registration database...;-( I want to see if I have a choice of a one day or two day lab date, anyone know? BTW I could go back to review my answers! I marked six that I guessed at and at the end of the exam I still didn't know them, not much help for me. Thanks again, Tom Tom Keough, CCNP, MCSE [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19310t=19304 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SE Practice Lab v1.0GG [7:16852]
Does anyone have the solution for this lab? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16852t=16852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Boson Test Question [7:16895]
If the question were worded, In OSPF, the DR is chosen with, I might agree with the Boson answer, but it seems incorrect with the question stated as such. It is fairly ambiguous, but I wouldn't worry about it. You obviously understand the concept and that is what is really important. I wouldn't think the exam would be so ambiguous or tricky. -Original Message- From: Wright, Jeremy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: Boson Test Question [7:16895] In OSPF, the DR is chosen by A. MAC B. Hello Protocol C. Priority D. IP I chose C but Boson says B. Obviously I have read a 1000 times that the DR is elected by highest priority, so is Boson wrong here or am I mis-interpreting the way the question is worded (typical Cisco).. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16898t=16895 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ip ospf network [7:16589]
The network types must match so the OSPF timers will match and the routers will form neighbor adjacencies. There are different reasons why you would want to use each network type, but the important thing is they all match, or more correctly the timers all match. If routers are not neighbors they will not exchange routing information, breaking the routing process. In your situation you could make them all point-to-multipoint, broadcast, or non-broadcast. -Original Message- From: Jim Coyne [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 1:32 PM To: [EMAIL PROTECTED] Subject: ip ospf network [7:16589] I have a frame relay network setup with all point-to-point connections on sub-interfaces. I get the same result if I use ip ospf network point-to-point as I do when I don't use it. What is the point (no pun intended) of this command if it gives me the same results as without it? I also noticed that one of the the routers in my lab has version 10.3 IOS and the ip ospf network command doesn't let you set point-to-point, only point-to-multipoint, non-broadcast and broadcast. How would I make a version 10.x router work with the 12.x routers that have ip ospf network point-to-point set? (and please don't say upgrade the IOS) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16594t=16589 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Written Exam [7:2137]
It has been a while since I sat the written. If I remember correctly, the tricky part was select the correct answers. The operative word answers being plural. It could be one, two, three You either know it or you don't. -Original Message- From: Rayappa Mayakunthala [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 18, 2001 11:06 AM To: [EMAIL PROTECTED] Subject: RE: CCIE Written Exam [7:2137] Would it at least state in the braces that this question has multiple answers? Rayappa. -Original Message- From: Saleem Nathoo [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 26, 2001 10:55 PM To: [EMAIL PROTECTED] Subject: RE: CCIE Written Exam [7:2137] Hi, It does not state how many answers it wants for the question. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Vincent Chong Sent: Thursday, April 26, 2001 1:13 PM To: [EMAIL PROTECTED] Subject: CCIE Written Exam [7:2137] Hi; I know the exam is Multiple Choice. The questions will stated that how many answer is looking for or not? Thanks Vincent FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify us immediately. You should not copy it or use it for any purpose, not disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco International Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16469t=2137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: To CSU/DSU or not to CSU/DSU [7:16368]
If you have the right chassis you could use an Integrated T1 MFT card, which I believe, allows splitting of voice and data. -Original Message- From: dragi radovanovic [mailto:[EMAIL PROTECTED]] Sent: Friday, August 17, 2001 7:53 AM To: [EMAIL PROTECTED] Subject: RE: To CSU/DSU or not to CSU/DSU [7:16368] Jim, look at it from this perspective: with an external CSU/DSU you will have two possible point of failure: the CSU/DSU and the serial interface (WIC-1T). If you go with wic-1dsu-t1, and something happens on that link, it is easier to troubleshoot the problem on the wic-1dsu-t1. The problem with this card is that you can't split voice and data, not can you play with cable lenghts. Regards, Dragi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16396t=16368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Basic and Primary Rate ISDN Emulator for sale [7:12411]
You can buy a modular Adtran Atlas 550 cheaper than this unit. It will support IP, Frame, POTS, BRI, and PRI? -Original Message- From: SCollinson [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 15, 2001 8:42 AM To: [EMAIL PROTECTED] Subject: Basic and Primary Rate ISDN Emulator for sale [7:12411] Have a look at the following ebay auction for the best priced basic and primary rate emulator you are going to find, that also comes with a warranty. There is no reserve on the auction and you can buy independent of the auction. No need to fight it out with others, mail me and we will send you a personal quote. We are the number 1 UK distributor for these products, so this means you get the best deal around. Products can be shipped world wide. Please read the details on the e-bay auction and mail us with any further queries. Regards Steve Collinson http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItemitem=1254938863 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12426t=12411 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AGS+ crossed over to 2610, Serial cable length issue? [7:10812]
Which interface is providing clock for the connection? I don't see a 'clock rate X command under either interface? -Original Message- From: Tim Medley [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 03, 2001 8:51 AM To: [EMAIL PROTECTED] Subject: AGS+ crossed over to 2610, Serial cable length issue? [7:10810] I've finally decided to sit down and try to troubleshoot what I thought was a faulty serial port on my AGS+. I have a 2610 with a WIC-2T connected to my AGS+ via a CAB-SS-V35MT and a CAB-VCF. The CAB-VCF is from pacific cables and is a 26pin DCE to a V.35 winchester cable. The CAB-VCF is 6 feet long and the CAB-SS-V35MT is 10 feet long; so I have a 16 foot crosover cable. When I cable the two routers together and just configure a simple point to point connection, with the following config: AGS+ int s2 ip address 100.100.100.1 255.255.255.252 encap ppp no shut 2610 int s0/0 ip address 100.100.100.2 255.255.255.252 encap ppp no shut The serial interfacces come up/up but then after a second or two line protocol goes down on both sides and they become up/down. I thought the AGS+'s serial interface was bad (I had a bad applique a while back). So I moved to a different interface on the AGS+, same situation. I then decided to try a different router, I replaced the AGS+ with a CGS, and I got the same results. I now think the issue is with the cable. a) I could have a bad cable. b) the cable I have could be two long. I have replaced the CAB-SS-V35MT, with no luck. What kind of issues would I see if the cable was too long? Would I see the issue I am experiencing? I'm getting ready to call Pacific Cable and order another CAB-VCF. tim Tim Medley - CCNP+Voice Network Architect VoIP Group iReadyWorld 704-943-3615 - Phone 704-943-3660 - Fax 877-6-iReady - Helpdesk Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=10812t=10812 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNA scoring [7:10407]
Sit the IE written and let me know what you think. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Friday, June 29, 2001 9:12 AM To: [EMAIL PROTECTED] Subject: CCNA scoring [7:10407] I passed CCNA yesterday with a 946/1000(there is no integer divisible by 65 that would give me this score so I know its curved). I did not think I was doing well throughout the exam yet I got a good score. When it started, I was told that you need 849/1000 based on a score that ranges between 300 and 1000. So is this graded on a curve? If I got 3 wrong would my score be 62/65= 954/1000? I don't think it works that way. I overstudied thinking I needed at least 55/65 to pass but I do not think this was the case. Why would they grade on a curve? If you can't answer 85% of the questions I think you should fail. Are the CCNP exams graded on this weird scale and as easy to pass as well? I recieved my MCSE a few months ago and honestly think the scenario questions on those test were harder than any of the questions on th CCNA.Coming from a Computer Science background at Rutgers, I can guarantee the midterms and finals on my networking courses there were 100 times more challenging than these exams.I barely needed a pen and paper throughout the whole CCNA. Anyway before I digress any further I just wanted to know how the grading worked on the CCNP and the scores required to pass. Thanks. Sam Sneed CCNA # 3,324,567,892 MSCE # 5,324,324,332 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=10408t=10407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No-Export [7:9565]
Ahh, but does the neighbor/peer configuration include the send community statement? -Original Message- From: Bradley J. Wilson [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 2:54 PM To: [EMAIL PROTECTED] Subject: Re: No-Export [7:9565] Sounds like you've got it. AS 100 sends a route to AS 200 with the no-export tag set. AS 200 takes the route, and uses it, but doesn't send it out to AS 300. AS 300 is either kept in the dark, or learns about the route via a different path. - Original Message - From: Rossetti, Stan To: [EMAIL PROTECTED] Sent: Friday, June 22, 2001 4:39 PM Subject: No-Export [7:9565] Can someone explain what exactly the no-export command is used for in BGP. I am having problems getting this comand to work the way I think it is supposed to work. Maybe I am off base in my definition of it, but I am using Halabi's book as reference. Basically I have a peering session with a bgp peer and I am advertising a single route to them. This route is then taken by my peer and being readvertised to the world and back into my network at another location (asymetrical routing). I have a hard time getting my bgp neighbor administrator to make changes for me, so I want to stop the advertisement of the bgp route outside my neighbor's network (as number) using the no export command. Is this the correct application for no export or are there better ways of skinning this cat? Where is my logic being lead astray? Thanks in advance for any help. Thanks Stan Rossetti NASA - PriSMS Advanced Technology Group Voice: (256) 544-5031 Email: [EMAIL PROTECTED] Beeper: 544-1183 pin 0112 CCDA, CCNA, CCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9571t=9565 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE LAB EXAM Arrangement [7:5158]
If you score less than 20 points on your first day you must wait 6 months. If you fail and score more than 20 points the candidate can reschedule the lab in as little as 1 month. You must attempt the lab at least once within the first year of passing the written or the candidate must sit the written again. The candidate has a total of three years to successfully pass the lab after passing the written. -Original Message- From: Mich [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 19, 2001 9:01 PM To: [EMAIL PROTECTED] Subject: CCIE LAB EXAM Arrrangment [7:5158] If a person fial the Lab exam the first time, hhow long does he have to wait before a retry? Is ther any upper limit of retry ateempts? Mic FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5159t=5158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: back-to-back t1 with wic-1dsu-t1? [7:3633]
I believe clock source internal on one of the cards is all you need to bring them up. Please post the 'show interface' results from both routers and the related configs. What pinouts did you use for the cross-over cable? What LEDs are illuminated on the cards with the cable plugged in? Are you sure the interfaces are not in a shutdown state? -Original Message- From: Neil Schneider [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 08, 2001 10:47 AM To: [EMAIL PROTECTED] Subject: back-to-back t1 with wic-1dsu-t1? [7:3633] I am trying to set up 2 t1 wics back to back to simulate a t1 wan connection. I have a T1 crossover cable, clock source is internal on one card, but I get nothing, down and down. Is anyone doing this and willing to share a configuration? Or give me a hint as to what may be wrong Thanks Neil Schneider CCNP CCSI (setting up a CCIE lab) FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3635t=3633 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Switches/cables [7:3673]
It is sort of like the ratings on tires. You should buy something like a Z rated tire for high speeds on an automobile. You can buy a cheaper tire, but it probably won't hold up at 150mph. It will work fine for cruising around, but watch out when you try to push it to the limit. Those connectors will work but errors and other issues can effectively reduce your net speed. -Original Message- From: John Chang [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 08, 2001 2:08 PM To: [EMAIL PROTECTED] Subject: Switches/cables [7:3673] I looked at my G4 mac and the Apple System Profiler says 100Mbps/full duplex. The 3548 XL switch says 100Mbps/full duplex. How could that be possible when the patch panel connectors are 10Mbps and the connector on the wall is 10Mbps. The cable is Cat 5. I thought everything was suppose to be 100Mbps for the switch and the computer to register it as 100Mbps/full?? So, what gives? Thanks. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3675t=3673 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
Security holes in lower layers? Where did you come up with that, your Cisco rep? -Original Message- From: Eugene Nine [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 03, 2001 5:01 PM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] PIX goes up to layer 4, so it won't do things like URL filtering. Checkpoint (or other SW) can do higher layer protection but may not be as well at the lower layers (due to security holes in the OS, etc) Eugene Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Asked sincerely, what advantages do you see in provisions PIX plus checkpoint? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 03, 2001 2:47 PM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] It depends on your security policy , design and needs , generally what we advice our customers is checkpoint + pix together Hatim badr a icrit : Hi , I would like to know the pluses and minuses of each product . Currently We are using checkpoint and I want to convince my management to switch to cisco PIX firewall . Thanks Hatim Get free email and a permanent address at http://www.netaddress.com/?N=1 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=3186t=2878 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878]
On the flushing noise. It sounds more like job security to me! Which is better, to have an effective, understandable security policy that is easily managed through a GUI, or a complex command line driven attempt at a security policy. The job security is in not making stupid mistakes in policy design/implementation. An incident or compromise related to a stupid policy mistake is the quickest way out the door. As far as the PIX GUI is concerned, I was privileged enough to take a look at a beta of it a month ago. It is strikingly similar in layout to the CheckPoint GUI. It is definitely a step in the right direction. Had Cisco been more generous on trade-in values I would be the latest convert to the PIX cult. CheckPoint's biggest downfall is support. It downright stinks. If anything can topple them from their perch support will be it. There is no TAC to call and get a person who can answer your question. The top support people are in friggin'' Israel working 9-5 hours for god's sake. You do the math and timezone conversion. They are both great products, but when someone starts saying one is more secure than the other, hold on! A couple parting questions for stimulating conversation Can you manage and install policy to multiple PIX firewalls simultaneously? (With a $15K add-on) How often do your throughput needs exceed the ~80Mb threshold of CheckPoint? Who has 52% market share? The right product for the right environment. -Original Message- From: Allen May [mailto:[EMAIL PROTECTED]] Sent: Friday, May 04, 2001 10:05 AM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] I installed the GUI for the PIX but haven't used it yet. Letting something else build my config just seems weird ;) Almost like job security making a flushing noise...rofl. - Original Message - From: Maness, Drew To: Sent: Friday, May 04, 2001 10:29 AM Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] I don't think it is security holes at a lower layer. Checkpoint installs what they call a shiv between the network and data link layer to protect the IP stack. And if you were to take advantage of OS security flaws you would be doing it at the Session Layer and above, not the lower layers. About five years ago it used to be the case the application based firewalls did not protect the network as well as packet filtering. But that was because people didn't really understand what a firewall was. Most people considered a proxy server as a sort of firewall. I remember a client telling me they were protected because they used reserved ip address and M$ proxy. In fact at the time M$ was marketing their proxy server as a poormans firewall. But today firewalls protect the IP stack. And most people know that a proxy is not a firewall. So this hardware based is better than software based stuff does not ring true. When someone asks me which is better Pix or Checkpoint, I tell them it depends. I can find you studies that says Pix has better throughput than Checkpoint and vise versa. The real difference between them is that Checkpoint has a gui interface and Pix has the o'l command line. You can pretty much do the same thing with them, so what it comes down to is what are you or your staff more comfortable configuring. Are you a cisco shop, buy the pix, are you an NT/Unix shop, buy Checkpoint. Beyond that it is all marketing semantics. In fact I have heard, but not seen, that their is a new gui interface for the Pix. Anyone used it lately? I haven't had time to work with it, since I'm preparing for this little know lab called CCIE or something like that. What's an IGP? (oh my brain is starting to hurt...) -Original Message- From: Jim Brown [mailto:[EMAIL PROTECTED]] Sent: Friday, May 04, 2001 7:45 AM To: [EMAIL PROTECTED] Subject: RE: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] Security holes in lower layers? Where did you come up with that, your Cisco rep? -Original Message- From: Eugene Nine [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 03, 2001 5:01 PM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] PIX goes up to layer 4, so it won't do things like URL filtering. Checkpoint (or other SW) can do higher layer protection but may not be as well at the lower layers (due to security holes in the OS, etc) Eugene Chuck Larrieu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Asked sincerely, what advantages do you see in provisions PIX plus checkpoint? Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 03, 2001 2:47 PM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX vs Checkpoint FIrewall-1 [7:2878] It depends on your security policy , design and needs , generally what we advice our customers is checkpoint + pix together Hatim badr
RE: ISDN BRI up but does not ping [7:2712]
I scanned the message and noticed the configs at the bottom. You only applied a dialer-group on the dialing end. My testing and observation determined that you need a dialer-group statement on the remote end also. If you do not define any interesting traffic for the remote end it will not send any packets back to the host that initiated the call. I always assumed you only needed to define interesting traffic to initiate a call, so why would I need the dialer-group statement on the remote end? When initially goofing around with ISDN I noticed this behavior. I could not find it documented anywhere. I just assumed if the connection is up why do I need to define interesting traffic for the remote end. This drove me crazy for a few hours. List, please correct me if I'm crazy. I noticed this behavior with 12.0 IOS. -Original Message- From: Jaeheon Yoo [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 01, 2001 3:57 PM To: [EMAIL PROTECTED] Subject: Re: ISDN BRI up but does not ping [7:2712] Hi, Shoaib. First of all, you have to check if the ping packet is ever received by the remote end, is it possible to debug ip packet at the remote end? If it's not possible, check it at the center site with this. access-list 110 permit ip 130.1.1.0 0.0.0.255 130.1.1.0 0.0.0.255 debug ip packet detail 110 If it's ever really sent to the remote end, then check if your isdn interface of the remote end has any access-lists configured, which may block return ping(echo reply) or any policy routing on that matter. From your post, I have found nothing wrong with ISDN configuration. But one thing is missing at the remote end, you have to add dialer-group command to reset idle timer when interesting packets are passed. But I guess this is not directly related to your current problem. Please let me know how you solved the problem, if it's done. Regards, Jaeheon On 1 May 2001 14:43:19 -0400, [EMAIL PROTECTED] (Shoaib Waqar) wrote: I have traced the route as well, the data is not passing across the ISDN link. I also have used extended ping, but it does not ping. Shoaib --- Albert Lu wrote: Do you know whether data is going across the link at all? Try a trace to the other side, and see what route the packet takes. Albert -Original Message- From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 1 May 2001 10:15 To: Albert lu Cc: [EMAIL PROTECTED] Subject: RE: ISDN BRI up but does not ping [7:2712] Yes i also have used an access-list to prevent eigrp to initiate call, and it dials on a ping event, as shown by the 'deb dialer events' shoaib --- Albert Lu wrote: Try using debug dialer events to see if the dialing actually takes place when you ping. If the dialer doesn't come up, then it could be a dialer problem. If it does come up, and dialing fails, then it could be an isdn problem. Albert -Original Message- From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 1 May 2001 9:54 To: Albert lu Cc: [EMAIL PROTECTED] Subject: RE: ISDN BRI up but does not ping [7:2712] I have tried dialer profiles, legacy DDR with dialer mao statement and with floating static route too, but still same result, could not ping the neighbor. Offcourse there is a dialer-list statement to initiate call: dialer-list 1 protocol ip permit Shoaib --- Albert Lu wrote: I personally think that using dialer profiles are better than hard coding the interface. It is also true that there is no dialer-list command to dial for interesting traffic, and you don't have a route to use the bri interface so it wouldn't know when to dial. Wouldn't you need a dialer map command for interfaces, rather than specify dialer string? Albert -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shoaib Waqar Sent: Tuesday, 1 May 2001 6:15 To: [EMAIL PROTECTED] Subject: ISDN BRI up but does not ping [7:2712] I am getting trouble in ISDN bri link. I have a Central site Router 3640 with 12.1.8 IP/IPX plus IOS. the route has 4 port BRI module. The remote site is having 2503, all u know that it has 1 port BRI. remote site is running 11.2.1 version of IOS. The call is placed using simple DDR commands as: Cisco 3640 Router = Int bri 2/0 ip add 130.1.1.1 255.255.255.0 encap ppp dialer idle-timeout 300 dialer fast-idle 300 dialer string dialer-group 1 Remote site (2503): === Int bri 0 ip add 130.1.1.2 255.255.255.0 encap ppp dialer idle-timeout 300 dialer fast-idle 300
RE: Beware of VINCENT CHONG [7:1631]
Hey guys why don't you take this offline. Above and beyond the fact this is beyond the scope of this group, I'm fairly certain you are infringing on somebody's copyright. -Original Message- From: Vincent Chong [mailto:[EMAIL PROTECTED]] Sent: Monday, April 23, 2001 1:00 PM To: [EMAIL PROTECTED] Subject: Re: Beware of VINCENT CHONG [7:1631] 1)Is it Canadian way to trade material? Change price when they want to? 2)What a guy, RAM G, agree on selling the solution lab at 50. When you paid him 50, changed his mind, you had to pay 75. Please see below. 3)I photocopied and well packed material, who paid for the expense, I am victim. 4) I could not receive paypal becasuse paypal do not support international bank a/c in some country. You can check paypal. 5) I will never trade materia to anyone. Only sell or buy. I purchased 17 lab { USD.210 }scenarios from Solution Labs www.solutionlabs.com All the lab does contain answer key. It is in hard copy format. I am not trying to make profit out of these labs. I just want to recover minimal cost on these labs. I am willing to sell all the labs for USD.50. I will make photo copies of 400 Pages document and surface mail to your address. Let me know if it interests you. RamG Hello Gang Just want to keep you all informed on the board not to deal in any form of TRADE {CCIE Material }or BUYING accessories from VINCENT CHONG. I had a bad experience today. We had entered into an agreement to trade CCIE materials. I sent him soft copy of my materials and requested him to make hard copy of his material. The price for hard copy of his material was mutually agreed at USD.22. I sincerely sent him the money through pay pal. To my surprise he has declined accepting the money and is not interested to send the material. Like a KID he sent me this reply Quote I will send back your material and I do not want to trade anymore. I will removed from my hard disk. Is this the way CHINESE behave. Surprised. This is not a complaint. Beware of this GUY - VINCENT CHONG. Thanks / RamG FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1637t=1631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure ACS [7:1125]
_c/scprt2/sctacac.htm#xtocid2173216 watch the wrap! Enable TACACS to Use a Specific IP Address You can designate a fixed source IP address for all outgoing TACACS packets. The feature enables TACACS to use the IP address of a specified interface for all outgoing TACACS packets. This is especially useful if the router has many interfaces, and you want to make sure that all TACACS packets from a particular router have the same IP address. Command: ip tacacs source-interface subinterface-name -Original Message- From: Ken Yeo [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 18, 2001 1:10 PM To: [EMAIL PROTECTED] Subject: CiscoSecure ACS [7:1125] Anyone has experience with CiscoSecure ACS? I have a question: Under Network Configuration/Network Access Server Ip address, which internet's ip address you use for the field? I tried loopback, and all physical interfaces. Only the interface sending packet back to ACS server work. There must be a better way, if not there will be no redundancy, what if the link goes down? Please advice, Thanks, Ken FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1131t=1125 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sup I IOS Upgrade Will Not Take [7:113]
I thought the 4.5(8) image required 20MB? If not I wasted some money on memory. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 PM To: [EMAIL PROTECTED] Subject: Sup I IOS Upgrade Will Not Take [7:113] I'm upgrading my 5000 (Supervisor I WS-X5009) from 2.4(4) to 4.5.(8). I checked the IOS size type before trying to load (4 FLASH 8 RAM), so I'm pretty confident this part (IOS) is correct. When I load the image "Life Is Grand," until the switch reboots to accept the new version. It seems as though the new uploaded image has disappeared, the switch comes up in the old version. The new image does not register in the Sho Version Sho Flash output. This is a Sup I, so I cannot point the switch to a particular IOS version (though it does not appear to be in FLASH) like possible with a Sup II's. Any advice is welcome !!! Thanks Everyone Phil PS- here is the Sho Ver CAT5K shv er WS-C5000 Software, Version McpSW: 2.4(4) NmpSW: 2.4(4) Copyright (c) 1995-1997 by Cisco Systems NMP S/W compiled on Jan 23 1998, 11:54:52 MCP S/W compiled on Jan 23 1998, 12:14:52 System Bootstrap Version: 2.1 Hardware Version: 1.9 Model: WS-C5000 Serial #: 003627851 Module Ports Model Serial # Hw Fw Fw1 Sw -- - -- - -- --- --- 1 2 WS-X5009 003627851 1.92.1 2.1(4) 2.4(4) 2 12WS-X5213A 006491956 2.01.4 2.4(4) Module DRAMFLASH NVRAM UsedAvailable -- --- --- --- --- - 18192K 4096K256K 99K 157K Uptime is 0 day, 0 hour, 22 minutes FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=116t=113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sup I IOS Upgrade Will Not Take [7:113]
The image requires 16MB of memory. The only upgrade SIMM available is a 16MB module. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/c5krn/sw_rns/78_ 5861.htm#xtocid135692 Extracted from link above: Release 4.x Memory Requirements These memory restrictions apply when running supervisor engine software release 4.x: All of the 4.x Catalyst 5000 family supervisor engine software releases require a minimum of 16-MB RAM installed on your supervisor engine. All Catalyst 5000 family supervisor engines with at least 16-MB DRAM fully support software release 4.x. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 4:26 PM To: [EMAIL PROTECTED] Subject: Re: Sup I IOS Upgrade Will Not Take [7:113] Just checked my download folder image 4.5(8) is 2.773 KB. The CCO had no minimum memory listed in the download information. If we were talking routers, 4 FLASH/ 8 RAM should be enough (even compressed). Any takers here ??? Thanks Phil - Original Message - From: "Jim Brown" To: Sent: Tuesday, April 10, 2001 9:07 PM Subject: RE: Sup I IOS Upgrade Will Not Take [7:113] I thought the 4.5(8) image required 20MB? If not I wasted some money on memory. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 10, 2001 3:49 PM To: [EMAIL PROTECTED] Subject: Sup I IOS Upgrade Will Not Take [7:113] I'm upgrading my 5000 (Supervisor I WS-X5009) from 2.4(4) to 4.5.(8). I checked the IOS size type before trying to load (4 FLASH 8 RAM), so I'm pretty confident this part (IOS) is correct. When I load the image "Life Is Grand," until the switch reboots to accept the new version. It seems as though the new uploaded image has disappeared, the switch comes up in the old version. The new image does not register in the Sho Version Sho Flash output. This is a Sup I, so I cannot point the switch to a particular IOS version (though it does not appear to be in FLASH) like possible with a Sup II's. Any advice is welcome !!! Thanks Everyone Phil PS- here is the Sho Ver CAT5K shv er WS-C5000 Software, Version McpSW: 2.4(4) NmpSW: 2.4(4) Copyright (c) 1995-1997 by Cisco Systems NMP S/W compiled on Jan 23 1998, 11:54:52 MCP S/W compiled on Jan 23 1998, 12:14:52 System Bootstrap Version: 2.1 Hardware Version: 1.9 Model: WS-C5000 Serial #: 003627851 Module Ports Model Serial # Hw Fw Fw1 Sw -- - -- - -- --- --- 1 2 WS-X5009 003627851 1.92.1 2.1(4) 2.4(4) 2 12WS-X5213A 006491956 2.01.4 2.4(4) Module DRAMFLASH NVRAM UsedAvailable -- --- --- --- --- - 18192K 4096K256K 99K 157K Uptime is 0 day, 0 hour, 22 minutes FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=126t=113 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 2610 Serial Interface Puzzler
I don't think that module is even supported in the 2600's. Someone correct me if I'm wrong, but can't you only use the NM-1E or NM-2W, not a NM-1E2W in the 2600's -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 3:42 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: 2610 Serial Interface Puzzler Those modules are numbered from right to left, but only includes installed modules, I believe. If you had two installed, they would be--from left to right--1/1 and 1/0. "Gareth Hinton" [EMAIL PROTECTED] 3/23/01 2:50:43 PM Hi All, Can anybody please explain the following: I've been messing with a 2600 with an NM1E2W running 12.1(5)T I put a WIC1T in to slot W0, so this understandably became Serial 1/0. Powered down, removed WIC1T and restarted then WR MEM so any config for S1/0 is gone. Powered down. Inserted WIC1T into slot W1. This also came up as S1/0 as opposed to what I would have expected (S1/1). I had successful connections on S1/0 while WIC1T was in either slot. I'd be interested to see what happens with two WIC1T's in but had to get the router on line before I could get hold of another WIC1T. Anyone know the reason for this? Thanks, Gareth _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sample CCNA test question..bogus?
I believe the "best" answer, this is always the kicker, is D. We all know we are searching for the best answer, or the one the test designer thinks is correct. It is the only one that is not a broadcast or network address using the /19 mask. It is a poorly worded question, but we are faced with those on any test. -Original Message- From: Craig Columbus [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 15, 2001 11:00 AM To: John Neiberger Cc: [EMAIL PROTECTED] Subject: Re: Sample CCNA test question..bogus? John's right on track here. When using the /19 notation with 172.16.0.0, you're referring to that specific network. 172.16.0.0/19 is not the same network as 172.16.64.0/19. Reading this question a little bit differently, I can see that perhaps there is a typo...if the question used a /18 instead of a /19, then answer "A" would be correct. If you want to make answer "D" correct, you either need to rephrase the question to "Which one is a valid host using 172.16.64.0/19?" or rephrase the question to "Which one is a valid host using 172.16.0.0/17?", which would allow for ALL of the answers to be correct. Craig At 10:13 AM 3/15/2001 -0700, you wrote: I disagree. Valid hosts in 172.16.0.0/19 are: 172.16.0.1 through 172.16.31.255 I guarantee you that any other interpretation will make life miserable for you eventually, especially in a production environment where you actually use CIDR or VLSM. A good example would be if you were running BGP in a production environment that actually connected to the internet. Let's say you were Joe's ISP and were assigned 172.16.0.0/19. This is *very* specific...you can only advertise 172.16.0.1 through 172.16.31.254. Most likely, 172.16.32.1 through 172.16.63.254 is going to be assigned to someone else. If you followed your logic and advertise the entire 172.16.0.0/16, you will be getting some nasty phone calls or nastygrams in your email box. Companies tend to get a little upset with you if you start advertising their address block. In that spirit, I assume when a test question says something as specific as 172.16.0.0/19 that they *really* mean it. John "Lowell Sharrah" [EMAIL PROTECTED] 3/15/01 9:54:56 AM I believe that answer D is correct and here is why Vaslid hosts in the network 172.16.0.0/19 are as follows 172.16.64.1-172.16.95.254 172.16.128.1-172.16.159.254 172.16.192.1-172.16.223.254 172.16.32.1-172.16.63.265 172.16.160.1-172.16.191.254 172.16.96.1-172.16.127.254 .255 is broadcast "John Neiberger" [EMAIL PROTECTED] 03/15/01 11:19AM I think I'll side with those who say there is no correct answer, but there is an answer that's closer to being correct than the others. :-) The question is asking for a valid host in the 172.16.0.0/19 range. Answer D is not in that range! It is in the 172.16.64.0/19 network. Valid host addresses in the 172.16.0.0/19 range are: 172.16.0.1 through 172.16.31.254 I would agree that by making a subtle adjustment to the question, answer D is the only answer possible. Given a /19 prefix length, the only possible host address given in the answers is D, which forces us to change the question to fit the answer. This just appears to be a poorly worded question that not only allows you to figure out the most-correct answer eventually but also forces you to deduce what the actual question is in the first place. g In other words, it's a typical Cisco test question! Regards, John "Arthur Simplina" [EMAIL PROTECTED] 3/15/01 8:46:27 AM d. 172.16.80.255 This belongs to subnet 172.16.64.0 with host range of 172.16.64.1 - 172.16.95.254. Arthur From: "Bruce" [EMAIL PROTECTED] Reply-To: "Bruce" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Sample CCNA test question..bogus? Date: Thu, 15 Mar 2001 15:11:07 +1100 Q. Which one of the following is a valid host using the address of 172.16.0.0 /19? a. 172.16.32.0 b. 172.16.64.0 c. 172.16.63.255 d. 172.16.80.255 Which one and why? (I say none of them. Am I going mad?) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and
RE: ISDN Simulator
What you have here is a contradiction in terms. There are no cheap simulators. Black Box sells a simulator that I know nothing about, but they do offer 20% for you first purchase. This brings the price down around $1700 I think. If you check the archives, there is mention of a company in Dallas that resells the every popular Teltone. This is supposed to be one of the cheaper outlets to purchase this simulator. I chose the Emutel because of the software reconfiguration of the ports between S/T and U. I don't think the Teltone does that. The Emutel also is completely configurable with respect to numbers and such. I think the Teltone is a fixed number configuration. I'm sure someone will correct me if I'm wrong. The Emutel is around $2000 and you can purchase them from a company in San Francisco. And then there is the Adtran Atlas 550, with modules it is more expensive than any of the above, but leaves you with unlimited configurations for your lab. When its time to do PRI, T1, etc. this unit is your man for the job. -Original Message- From: nicolas bishop [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 15, 2001 3:01 PM To: [EMAIL PROTECTED] Subject: ISDN Simulator If someone could recommend a good-cheap ISDN simulator it would be greatly appreciated. cheers. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccie written
365.25 days -Original Message- From: Lopez, Robert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 14, 2001 1:15 PM To: '[EMAIL PROTECTED]' Subject: ccie written After successful completion of the CCIE written exam, is there a time limit as to when you must take the CCIE lab. Thanks! Robert M. Lopez Network Planning Ann Arbor Data Center Pfizer Global Research Development _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
WTB: NM-1E
Sorry for posting this here, but I thought is semi-appropriate. This is gear for my home lab. I'm looking for an Ethernet module for a 2600 series router and I think this is the only one that is supported. I have checked E-bay for a while and there are none to be found. Can anyone help me out, retail hurts! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]