CCIE Security Lab schedule FYI [7:52281]

[John Dorffler]

I thought I should share some info with the group, especially those
interested in pursuing the Security CCIE. I passed the written last week,
and the system finally updated last night so that I could register for the
lab. By the way, all lab types can be registered for on the web now.
According to the online system, the first available date to take the
Security lab in San Jose (the only North American site that offers the
Security lab) is, ironically, April 1, 2003. That is over 7 months away.
Extrapolating, if I have to schedule another date (I'm not so arrogant to
assume I will pass the first try, but you never know...) I won't be able to
take it again until November 1, 2003. I don't know if Cisco is planning to
add more seats in San Jose or other locations anytime soon, so if you are
thinking about taking the Security lab you better plan ahead, way ahead.

My $0.02,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52281t=52281
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: dot1Q bridged across two 1721's? [7:47440]

[John Dorffler]

I just helped a friend with almost the exact same problem. They have two
sites connected via a T1 but want use the DSL connection at one site. They
have workstations at each end and want to use the same subnet. Since they
don't have any other use for the T1 I used a modified configuration similar
to Example 3 in the link below:

http://www.cisco.com/warp/public/701/37.html

This gives an example of using transparent bridging to get traffic between
two Ethernet interfaces separated by routers and a T1. The thing that the
article does not mention is that you need to turn off IP routing on the
interfaces doing the bridging. In my case I could just use no ip routing
(I never thought I would use that command on a live network), but you may
need something more granular like IRB. The Caslow book has some simple
explanations of IRB.

Sincerely,
John Dorffler
CCIE #6677


Jeffrey Reed  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have a scenario where I want to move part of two VLANs to a remote
 building off campus. These two VLANs are already part of my internal
network
 and due to some layer 8 constraints, we cant put them on new subnets once
 we move them to the new building. The VLANs need to be at both the remote
 office as well as the core of the network. Connectivity will be
facilitated
 by a T1 and a pair of 1721s. I know the 1721s will run 802.1Q, but can I
 bridge the two VLANs across the T1? I know its not a good idea to send
 broadcasts across an expensive T1, but were dealing with folks who do not
 care.

 I wasnt sure how the WAN side would handle dot1q tagging. Thanks for any
 thoughts!!


 Jeff Reed
 Confidential e-mail for addressee only.  Access to this e-mail by anyone
 else is unauthorized.  If you have received this message in error, please
 notify the sender immediately by reply e-mail and destroy the original
 communication.  1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47561t=47440
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Simple multicast server and client? [7:46874]

[John Dorffler]

I am looking for simple multicast server and client applications that can be
used to test multicast configs on Cisco routers. I have seen a few different
ones in various classes that I have taken but forgot to get a copy while I
was there (doh). I know some exist out there that run on Windows and are
quite small, but I can't seem to find them. I know that I can run IP/TV or a
similar big app but that is overkill and requires a lot of resources. Does
anybody have a URL for one to download, freeware preferably?

Thank you,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46874t=46874
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Teltone TLS-x question for the group [7:45692]

[John Dorffler]

I have been thinking about buying a Teltone TLS (telephone line simulator)
and wanted to get your opinions on which model to get and which model to
avoid. I want to play with async dialup connections using routers and
modems, but after reading the specs on each model I am confused as to which
model would be good enough. I suppose I could get a -5 (the top model), but
do I really need it to just dial between two routers? I just want to have
one router dial a number and connect to another router, or simulate dialing
in to a router to manage it remotely. And please don't tell me to just use
two real phone lines :p

Thanks,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45692t=45692
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: static route for port 21 [7:45682]

[John Dorffler]

Way off topic:

1. Priscilla mentions ephemeral ports at the end of this post. I just saw
Scanners this weekend and the drug they use to give people wacky
telepathic powers was ephemerol. Apparently it gives you the ability to
make people's heads explode, just like networking can at times!

2. Priscilla, please tell me you cut and paste that stuff from somewhere and
don't just reel it off from memory (e.g. the 10-step FTP process below). If
you do reel it off from memory, do you use some herbal memory supplement or
something?

-John


Priscilla Oppenheimer  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Although I can't answer your question, I can tell you how FTP works and
 maybe that will help. I can believe that it has problems in your
situation!
 ;-)

 FTP does not use both TCP and UDP. It does, however, open multiple TCP
 connections.

 Assuming you are using Active (non-passive, aka PORT mode), here's what
 happens:

 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
 on the server. The client uses an ephemeral (short-lived, not well-known,
 greater than 1024) port as its source port.
 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
 on the client.
 3. The client sends an ACK. The client uses this connection to send FTP
 commands and the server uses this connection to send FTP replies.
 4. When the user requests a directory listing or initiates the sending or
 receiving of a file, the client software sends a PORT command that
includes
 an ephemeral port number that the client wishes the server to use when
 opening the data connection. The PORT command also includes an IP address,
 which is usually the client's own IP address, although FTP also supports a
 third-party mode where a client can tell a server to send a file to a
 different host. (Third-party mode is rarely used.)
 5. The server sends a SYN from port 20 to the client's ephemeral port
 number, which was provided to the server in the client's PORT command.
 6. The client sends a SYN ACK from its ephemeral port to port 20.
 7. The server sends an ACK.
 8. The host that is sending data uses this new connection to send the data
 in TCP segments, which the other host ACKs. (With some commands, such as
 STOR, the client sends data. With other commands, such as RETR, the server
 sends data.)
 9. After the data transfer is complete, the host sending data closes the
 data connection with a FIN, which the other host ACKs. The other host also
 sends its own FIN, which the sending host ACKs.
 10. The client can send more commands on the control connection, which may
 cause additional data connections to be opened and then closed. At some
 point, when the user is finished, the client closes the control connection
 with a FIN. The server ACKs the client's FIN. The server also sends its
own
 FIN, which the client ACKs.

 Notice that an additional command (DIR, in your example) opens another
data
 connection. (In Active mode, these data connections come from the server's
 port 20.)

 Now, if you're using Passive mode, the client opens the data connection,
 from an ephemeral port to an ephemeral port on the server. Here are the
 steps:

 1. The client sends a TCP SYN to the well-known FTP control port (port 21)
 on the server. The client uses an ephemeral port as the source port.
 2. The server sends the client a SYN ACK from port 21 to the ephemeral
port
 on the client.
 3. The client sends an ACK. The client uses this connection to send FTP
 commands and the server uses the connection to send FTP replies.
 4. When the user requests a directory listing or initiates the sending or
 receiving of a file, the client software sends a PASV command to the
server
 indicating the desire to enter passive mode.
 5. The server replies. The reply includes the IP address of the server and
 an ephemeral port number that the client should use when opening the
 connection for data transfer.
 6. The client sends a SYN from a client-selected ephemeral port to the
 server's ephemeral port number, which was provided to the client in the
 reply to the client's PASV command.
 7. The server sends a SYN ACK from its ephemeral port to the client's
 ephemeral port.
 8. The client sends an ACK.
 9. The host that is sending data uses this new connection to send the data
 in TCP segments, which the other host ACKs. (With some commands, such as
 STOR, the client sends data. With other commands, such as RETR, the server
 sends data.)
 10. After the data transfer is complete, the host sending data closes the
 data connection with a FIN, which the other host ACKs. The other host also
 sends its own FIN, which the sending host ACKs.
 11. The client can send more commands on the control session, which may
 cause additional data connections to be opened and then closed. At some
 point, when the user is finished, the client closes the control connection
 with a FIN. The server ACKs the client's FIN. The server also sends 

Re: Diffrences between buildin and NM 10/100 Ether [7:45152]

[John Dorffler]

Yeah, someone else busted me down on my comment. I checked with my friend,
and he had a 1720, not a 1750, and it wasn't new, so your observation about
the difference between the -0 and the -1 models may be what tripped me up.

Sincerely,
John Dorffler
CCIE #6677

s vermill  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 John Dorffler wrote:
 
  The FE interfaces that support VLAN trunking all use a chipset
  that supports
  trunking. Not all router models and not all modules that have
  100Mbps
  interfaces use the required chipset. The best way to determine
  whether a
  router or module supports trunking is to read the release notes
  for the
  hardware. There is always a grid that lists the versions of IOS
  that are
  supported on that hardware along with the individual features
  that each
  version supports. Its a little tedious, but it can help prevent
  buying
  hardware that doesn't do what you assume it should do. I
  recently checked on
  the 1700 series and the 2620/2621 and discovered that the
  172x/175x does NOT
  support trunking while the 262x does. I am not sure about the
  new rack-mount
  1760s.

 I have several 1720s that do not support trunking but I understand that
the
 new 1721 does.

 It is also rumored (urban legend?) that there are one or
  two 10Mb
  interfaces on some router/module that supports trunking. I
  wouldn't attempt
  that in a production environment, but in a study lab it would
  be cool.
 
  My $0.02,
  John Dorffler
  CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45261t=45152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Odd thought on HSRP [7:45302]

[John Dorffler]

I worked at an ISP that had many customers with dual Ethernet connections.
Some of these customers wanted to do what you described, and it worked fine,
as long as the customer configured HSRP so that we could put up static
routes to the customer's networks behind their routers using the HSRP
gateway as the next hop address. The only issue, and it was minor, was
making sure the customer's subnets were advertised to the Internet.

Sincerely,
John Dorffler
CCIE #6677

Chuck  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 got to thinking about this for one reason or another.

 fundamentally, we look at HSRP as a means of providing failover from LAN
 stations to redundant WAN links, as illustrated:

 wan_link_1  wan_link_2
|  |
 router_1 (HSRP MAC/IP) router_2
   |--|
   workstations



 suppose, however, I have a topology wherein I want downstream routers to
 have HSRP protection:


 wan_link_1  wan_link_2
|  |
 router_1 (HSRP MAC/IP) router_2
   |--|
  | workstations|
  |   |
   router_3 router_4
  |   |
 downstream_group_1   downstream_group_2

 If I were to set the quad zero route to the HSRP address configured for
 routers 1 and 2, think this would work?


 I'm wondering what the implications might be. any thoughts?

 Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45309t=45302
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Diffrences between buildin and NM 10/100 Ethernet modules [7:45152]

[John Dorffler]

The FE interfaces that support VLAN trunking all use a chipset that supports
trunking. Not all router models and not all modules that have 100Mbps
interfaces use the required chipset. The best way to determine whether a
router or module supports trunking is to read the release notes for the
hardware. There is always a grid that lists the versions of IOS that are
supported on that hardware along with the individual features that each
version supports. Its a little tedious, but it can help prevent buying
hardware that doesn't do what you assume it should do. I recently checked on
the 1700 series and the 2620/2621 and discovered that the 172x/175x does NOT
support trunking while the 262x does. I am not sure about the new rack-mount
1760s. It is also rumored (urban legend?) that there are one or two 10Mb
interfaces on some router/module that supports trunking. I wouldn't attempt
that in a production environment, but in a study lab it would be cool.

My $0.02,
John Dorffler
CCIE #6677

TMS  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello

 Did 10/100 Ethernet interfaces build in above Cisco routers have
 any diffrences between NM 10/100 Ethernet interfaces (ex.NM-1FE2W) ?
 I talking with friend, and He said that build in Ethernet intefaces
 didn't support VLAN encapsulations like dot1q/ISL. My question
 is regarding interfaces in:

 1720
 2620
 3661
 7200VXR I/O Controller with 1 FastEthernet

 --
 TMS




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45152t=45152
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Diffrences between buildin and NM 10/100 Ether [7:45089]

[John Dorffler]

I must disagree. I have a study friend that bought a 1751 recently, brand
new, and discovered that it does not support trunking. We looked at the
release notes for the latest versions of IOS for the 1751 and could not find
any reference to trunking. We believe that the 1751 was never meant to do
trunking, it is positioned to be a SOHO router. You will also notice that
there is no Enterprise image for a 17xx router, which also implies reduced
functionality.

My $0.02,
John Dorffler
CCIE #6677

Alexander Kharkats  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Any fast Ethernet interface on Cisco router supports VLAN trunking. You
may
 need to use IP Plus IOS for that.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45155t=45089
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Diffrences between buildin and NM 10/100 Ether [7:45089]

[John Dorffler]

Grrr. I searched through the release notes here

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/1700/1751/175
1rlsn/index.htm

and could not find anything on trunking. Okay, new moral here: do multiple
searches with different keywords.

Sorry,
John

M.C. van den Bovenkamp  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 John Dorffler wrote:

  I must disagree. I have a study friend that bought a 1751 recently,
brand
  new, and discovered that it does not support trunking. We looked at the
  release notes for the latest versions of IOS for the 1751 and could not
 find
  any reference to trunking.

 You didn't look very hard, then:


http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/1700/1751/175
1swg/index.htm

 Note the last two links on that page...

 Regards,

 Marco.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45161t=45089
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Solution to RIP default routing problem [7:44944]

[John Dorffler]

Thanks for all the input on this. BTW, here is what I had on the router
trying to inject the default route:

router rip
 network 192.168.12.0
 network 192.168.23.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.12.1

On a set of 2500 routers, this did not work as planned using 12.1.x. I tried
12.1.15 and 12.1.13, both GD releases. When I backed down to 12.0.20, it
worked as expected. Strangely, this config worked on my 4000 routers using
12.1.13.

I don't know whether to chalk this up as a bug in the 12.1 code for the 2500
series (I was using the IP only image in each case) or that Cisco is
starting to phase this feature out. In my mind it is obnoxious to assume
that you want to automatically inject the default route into RIP (or any IGP
for that matter), so I hope that Cisco is indeed removing it.

Thank you,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44944t=44944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RIP default routing [7:44863]

[John Dorffler]

In both the Caslow (1E p. 349) and Solie (p. 625) books it is stated that if
you are running RIPv1, and if you put a default route using ip route
0.0.0.0 0.0.0.0 on one of the routers, a default route is automagically
injected into the RIP process. I am sure I have seen this before working as
a lab-rat (oops not that again) but I cannot reproduce it now. I am using
three 2500 series routers and have tried all combinations of statements and
wiring. I am now wondering if it is a matter of IOS versioning. I just put
on the IP version of 12.1.15, which was just put out a few days ago. Has
anybody got this to work, and if so, with what version of IOS? By the way,
ip default-network works just fine.

Thank you,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44863t=44863
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boson CCIE BootCamp [7:44780]

[John Dorffler]

Thanks to Ebay and other sources of equipment I would strongly recommend
against going to a bootcamp like that, especially for $8000. You will get a
much better return on investment buying books and equipment to use at your
convenience. The drawback would be that you would not get the input of an
instructor, but I think you could find personal help somewhere else much
cheaper and just as useful. Even if you go to a bootcamp you will still need
many hours of additional practice on real equipment to pass the CCIE lab. I
guess it depends on who is paying, what your goals are, and what may be
available for free at work, online, etc.

My $0.02,
John Dorffler
CCIE #6677

Dave Shine  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Does anyone have any input on the CCIE bootcamps for
 the lab. Is this worth the money?  I dont want to dish
 out $8000 large for nothing.

 - Me

 __
 Do You Yahoo!?
 LAUNCH - Your Yahoo! Music Experience
 http://launch.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44861t=44780
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Boson CCIE BootCamp [7:44780]

[John Dorffler]

Thanks to Ebay and other sources of equipment I would strongly recommend
against going to a bootcamp like that, especially for $8000. You will get a
much better return on investment buying books and equipment to use at your
convenience. The drawback would be that you would not get the input of an
instructor, but I think you could find personal help somewhere else much
cheaper and just as useful. Even if you go to a bootcamp you will still need
many hours of additional practice on real equipment to pass the CCIE lab. I
guess it depends on who is paying, what your goals are, and what may be
available for free at work, online, etc.

My $0.02,
John Dorffler
CCIE #6677

Dave Shine  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Does anyone have any input on the CCIE bootcamps for
 the lab. Is this worth the money?  I dont want to dish
 out $8000 large for nothing.

 - Me

 __
 Do You Yahoo!?
 LAUNCH - Your Yahoo! Music Experience
 http://launch.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44861t=44780
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Operation Firmware is invalid? Please help...Urgent [7:44711]

[John Dorffler]

Your problem is spooky, I just had the exact same problem with a 1924 the
other day. Same symptoms, same inability to use XMODEM to upgrade the flash.
I discovered that not all null modem cables are made the same, strangely
enough. Do a search on CCO and you will find a variety of pinouts. I finally
found a null modem cable with the same pinout that is specified in the 1900
documentation for release 5.x:

http://www.cisco.com/univercd/cc/td/doc/product/lan/28201900/1928v5x/icg5x/c
sspec.htm

When I use the correct(!) null modem it cable it works fine.

Sincerely,
John Dorffler
CCIE #6677

Justin M. Clark  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Cisco ws-c1900 switch.  Using db9F-rollover-db9F or null modem cable I can
 connect to the console port and get into Diag Console fine, but when I try
 to just plug in and configure the switch it just starts spitting out
 ATQ0H0 in hyperterminal PE.  I hunted around and a couple places that I
 found said try updating the firmware.  So I hit cisco's site and
downloaded
 cat1900A.9.00.04.bin which was the only 1900 firmware I could find,  The
 previous version was 5.34.  So anyway, I did the XModem firmware upgrade,
as
 soon as it asks me to send the file it kicks back an error that says
 Transfer cancelled by remote system (convenietly after it has erased
 existing firmware) and then prints out:
 Operation firmware version:  0.00Status: Invalid
 Boot firmware version:  1.10
 WARNING!!! Operation Firmware is invalid.
 Upgrade firmware to enable switch operation.

 Im stuck at this point, does anyone know what to do or how to get a copy
of
 the firmware that works on this switch?  and then at that point what kind
of
 cables, etc do i need to configure the darn thing.

 If anyone can get back to me in a hurry or has a version of the firmware
 that DOES work on this model it would be greatly apprecieated as this
switch
 is dead in the water, along with the LAN that is suppost to be connected
to
 it.

 Thanks,
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44711t=44711
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Operation Firmware is invalid? Please help...Urgent [7:44719]

[John Dorffler]

Two other things. This is only a problem (as far as I know) on the older
1900s with the DB-9 console port. The other issue, and I have sorta
confirmed it, is that you can't load anything older than about 5.37 on the
older 1900s. I was able to do that with my old 1924, but it gags when I try
to upload 9.0. If anybody has any additional info on the limitations of the
older 1900s, please post because I can't find anything more on CCO.

Sincerely,
John Dorffler
CCIE #6677

Justin M. Clark  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Cisco ws-c1900 switch.  Using db9F-rollover-db9F or null modem cable I can
 connect to the console port and get into Diag Console fine, but when I try
 to just plug in and configure the switch it just starts spitting out
 ATQ0H0 in hyperterminal PE.  I hunted around and a couple places that I
 found said try updating the firmware.  So I hit cisco's site and
downloaded
 cat1900A.9.00.04.bin which was the only 1900 firmware I could find,  The
 previous version was 5.34.  So anyway, I did the XModem firmware upgrade,
as
 soon as it asks me to send the file it kicks back an error that says
 Transfer cancelled by remote system (convenietly after it has erased
 existing firmware) and then prints out:
 Operation firmware version:  0.00Status: Invalid
 Boot firmware version:  1.10
 WARNING!!! Operation Firmware is invalid.
 Upgrade firmware to enable switch operation.

 Im stuck at this point, does anyone know what to do or how to get a copy
of
 the firmware that works on this switch?  and then at that point what kind
of
 cables, etc do i need to configure the darn thing.

 If anyone can get back to me in a hurry or has a version of the firmware
 that DOES work on this model it would be greatly apprecieated as this
switch
 is dead in the water, along with the LAN that is suppost to be connected
to
 it.

 Thanks,
 Justin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44719t=44719
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Security Books [7:44347]

[John Dorffler]

Don't bother with the CSISS book, it is rehash from the other books. The
first four you mentioned are all you need to pass the CSS1 tests - it's all
I used (and hands-on, of course). In my opinion the CSS1 tests are pretty
simple, all of the questions are straight out of the four coursebooks. As
far as the Security written, dunno. I heard reading all of the RFCs is
pretty entertaining...

My $0.02,
John Dorffler
CCIE #6677

Brian Zeitz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have most of the Cisco security books now. MCNS, PIX, VPN, CIDS etc.
 etc.,
 the one book I don't have is Cisco Secure Internet Security Solutions.
 Looking though the table of contents, it looks like some of the same
 stuff
 from the books I already have. Do you think this book is worth getting
 if I
 already have these other security books? This is listed for the reading
 list
 for CCIE Security as well.

 Also I don't see any books for CCIE Security in particular, would it be
 possible for Cisco to make a library for people perusing this track?  Or
 maybe the books I have for CCNP  CSS1 are some of the same books needed
 for
 CCIE Security. Any suggestions for a book list for someone who would be
 attempting a CCIE security written exam? Of course I am also have/doing
 hands on stuff, and lab work. I know there are some guides from
 CCbootcamp,
 i guess that is what most people are using.

 I was also looking at the Open Cable book, not that I am working on
 that,
 just thought it would be neat to learn some things about the TV/Cable
 industry in my spare time J



 Brian




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44402t=44347
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sorta off topic: news group readers [7:43738]

[John Dorffler]

I am tired of the limitations of Outlook Express as a news client and was
wondering what I should use as a replacement. I would like to keep a simple
archive of messages pulled off of groupstudy, and I am finding that OE is
not the way to go.

Thank you,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43738t=43738
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Running routing protocols on Windows [7:43124]

[John Dorffler]

Howard, thanks for the reply. I've already been playing with Zebra a little
bit and I like it so far. I was hoping to find any Windows-based routing
services to have one more tool in the toolbox. A Unix/Linux server is not
always around when you need one...

John Dorffler
CCIE #6677

Howard C. Berkowitz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 At 11:28 AM -0400 5/2/02, John Dorffler wrote:
 Does anybody know whether there is software available somewhere that lets
 you run IP routing protocols on a Windows computer? I know that Windows
2000
 supports RIP and OSPF, while UNIX/Linux supports BGP. Is there something
 that lets you run IGRP, EIGRP, or BGP on Windows? I think that would be
 useful if you needed to inject routes into a lab environment when a spare
 router is not available.
 
 Thank you,
 John Dorffler
 CCIE #6677

 Let me answer a little indirectly.  I forget the name of it, but
 Microsoft does have a licensed port of Bay RS, which at least runs
 RIP and OSPF.  The Bay software does support BGP, but I don't know if
 Microsoft's implementation does.

 If you're willing to use the PC with *NIX, you have some major
 alternatives. There is the Multithreaded Routing Toolkit (MRT) and
 old versions of GateD at www.merit.edu. There is GNU Zebra at
 www.zebra.org.   Last time I looked, these both supported RIP, OSPF,
 ISIS, and BGP. Might be some multicast.

 There are commercial-grade versions of both:  see www.nexthop.com and
 www.ipinfusion.com.  These are apt to have more recent stuff such as
 traffic engineering extensions, MPLS, etc.

 Most of the early development was on NetBSD, but you're pretty safe
 assuming they will run on Linux or FreeBSD.

 Of the two, I most recently used Zebra, which has a command language
 more Cisco-like than GateD, which is Juniper-like (there's a fair bit
 of GateD tradition in JunOS heritage). At the time, Zebra's BGP was
 probably a little stranger than GateD, but both have pros and cons.

 Merit also has something called BGPsim, which specifically generates
 BGP updates but is not a BGP routing process -- it lets you do
 things, however, such as generating bad routes or arbitrary AS paths.

 I should be working with Zebra and BGPsim in the next couple of weeks
 to set up an Internet simulator, along with routers.  I'll have more
 recent data then.

 --
 What Problem are you trying to solve?
 ***send Cisco questions to the list, so all can benefit -- not
 directly to me***



 Howard C. Berkowitz  [EMAIL PROTECTED]
 Chief Technology Officer, GettLab/Gett Communications
http://www.gettlabs.com
 Technical Director, CertificationZone.com http://www.certificationzone.com
 retired Certified Cisco Systems Instructor (CID) #93005




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43217t=43124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Running routing protocols on Windows [7:43124]

[John Dorffler]

Does anybody know whether there is software available somewhere that lets
you run IP routing protocols on a Windows computer? I know that Windows 2000
supports RIP and OSPF, while UNIX/Linux supports BGP. Is there something
that lets you run IGRP, EIGRP, or BGP on Windows? I think that would be
useful if you needed to inject routes into a lab environment when a spare
router is not available.

Thank you,
John Dorffler
CCIE #6677




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43124t=43124
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]