Re: Pix static mappings to the inside [7:50500]
I would agree in their suggestion to use ACL's instead of conduits. What you want to look up is actually called port redirection. John Kaberna CCIE #7146 (R/S, Security) Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You can use the single IP address on your outside interface without a problem. If your outside address is 200.200.200.200 and you have a mail server on your inside 10.1.1.1 and a telnet server on your inside 10.2.2.2, you can do this: static (inside,outside) tcp 200.200.200.200 smtp 10.1.1.1 smtp static (inside,outside) tcp 200.200.200.200 telnet 10.2.2.2 telnet conduit permit tcp 200.200.200.200 255.255.255.255 eq smtp any conduit permit tcp 200.200.200.200 255.255.255.255 eq telnet any Hth, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: Ciaron Gogarty [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 8:29 AM To: [EMAIL PROTECTED] Subject: Re: Pix static mappings to the inside [7:50500] I not sure what code your using, but Cisco recommend using Access-lists instead of conduit statements. Just create a typical cisco access-list (except don't invert your masks) and apply it inbound to the outside interface and you will get the same result as your conduits!! C - Original Message - From: Elijah Savage III To: Sent: Friday, August 02, 2002 4:23 AM Subject: Pix static mappings to the inside [7:50500] I have my pix 501 firewall working but I have yet to be able to get static mapping working. I try this Static outside ip address inside ip address Conduit permit tcp outside ip inside ip eq 25 any When I issue these commands I can get mail into my mail server behind the pix but it breaks my nat. I have read that it is not good to use your outside global ip address for static mapping but if you only have 1 static ip address how else can you do it. With me only having one static ip will this work? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50551t=50500 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS 1 Training [7:50184]
I would suggest just going through the Cisco Press Books and trying to build a small lab. Get yourself a PIX 501, a couple of routers and a switch, and an NT server to run the eval copy of CS ACS. There is no reason to shell out thousands of $$$ to be trained on a entry to mid-level cert. John Kaberna CCIE #7146 (R/S, Security) Curious wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys I am interesting in taking CSS 1 training, Please let me know if you recommend any insitute in New York City Area. Thanks, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50414t=50184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - speculating on Lab equipment [7:48268]
That is why the CCIE program should adopt a similar rule to the CISSP. You must have 3 years (as of this January it's 4 years) of verifiable experience in security to take the CISSP. Cisco should require that candidates have at least 4 or 5 years of Cisco experience prior to qualifying for the lab. If a person lies they are automatically forbidden from ever attempting the CCIE again. The lab rat problem would be for the most part solved. You might have a few liars, but when those people blow up someone's network they could be reported to Cisco so that they can investigate if the person lied about their experience. John Kaberna CCIE #7146 (R/S, Security) nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... just did some looking around on CCO. checking the current state of the art for IOS images for the 25xx routers we all know and love so dearly. it's looking like the images are getting so bloated that pretty soon they will exceed the physical limits of the router flash and dram. this could be disastrous to all us lab rats ;- I know this is going to sound so bad when I say this. But maybe that's the point - to cut down on the number of lab-rats. Yeah yeah, I know a bunch of you are going to read that and immediately jump all over me. You're going to say things like People should be allowed to learn what they want and Information wants to be free and that kind of thing. All I have to say is this. Learning how to be, say, a doctor is not free - it's unbelievably expensive. Not everybody who wants to be a doctor is allowed to be one. You can't just decide that you want to learn surgery and then just expect somebody to give you a bunch of cadavers so you can start cutting them up. You can't just walk into a hospital and demand that somebody start teaching you medicine. And this is true of just about any profession - law, investment-banking, pharmacy, engineering, pro-athlete, you name it. The fact is, all professions operate on the principle of exclusion. Yes, I know that sounds rough, but that's life. Not everybody who wants to be a doctor gets to be a doctor. Not everybody who wants to play pro-football actually gets to play pro football. And, yes, not everybody who wants to be a network guy (especially the senior network guy) actually gets to be the network guy. Somewhere along the line, exclusion has to take place for that profession to remain attractive. If it's medicine we're talking about, then the exclusion takes place in getting admitted to med school, and then the grueling years of medical training which has the effect of excluding people who aren't mentally tough enough to make it. If it's pro sports, it's the harsh selectivity odds of being good enough to play professionally. And everybody accepts this. For example, you don't see any huge outcry for med schools to use open-admissions policies, where anybody who applies is automatically accepted. So the point is this. If network engineering is to remain a viable profession, then exclusion has to take place somewhere. You can debate how this exclusion is to take place. Should it be done through the lab-exam (which is what it was, say, in 1995)? Should it be done through years of actual high-end practical networking experience (which is what it was before the CCIE program, and what it is returning to, now that the lab-rat phenomena has sprung into being)? Should it be some other way? But, somehow and somewhere, it has to be done. of course, the images would be MUCH smaller if Cisco were to remove the code for things like Apollo, Vines, DEC, IPX, and IGRP.. :- however, it is probably not very easy to remove code, and why would they bother? so at what point do all of us students get screwed -when the required images become so large that the 25xx is no longer viable? images capable of running BGP, EIGRP, ISIS, RIP, and DLSw+ seem to require an enterprise version. some of those images are pushing up over 16 megs now. see what I mean? See above. BTW - anyone checked the auction prices for 25xx equipment lately? Token ring stuff is going for well below 200. Even the ethernet stuff - 2501's and 2513's - seem to be going for less than 400. big change in the buyer's favor in the last year or so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48293t=48268 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISSP [7:48095]
If you don't have 3 years of INFOSEC experience you are not eligible to take the exam. They are changing that rule to 4 years in January. I think being a college freshman it will be difficult to convince them you were working in infosec all through high school. Of course that assumes you are coming straight from high school. http://www.isc2.org/cgi/content.cgi?category=18 John Kaberna CCIE #7146 (R/S, Security) Jarred Nicholls wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If there are any CISSP certified professionals out there, I would like to talk to you one on one about the certification. I am very interested in obtaining this cert in the future (I want to go into security). I am going to be a freshman in College in the fall incase anyone was wondering why I said I wanted to go into security. So please if anyone has this certification e-mail me at [EMAIL PROTECTED] Jarred Nicholls CCNA, CCNP Routing Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48238t=48095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISSP [7:48095]
If you don't have 3 years of INFOSEC experience you are not eligible to take the exam. They are changing that rule to 4 years in January. I think being a college freshman it will be difficult to convince them you were working in infosec all through high school. Of course that assumes you are coming straight from high school. http://www.isc2.org/cgi/content.cgi?category=18 John Kaberna CCIE #7146 (R/S, Security) Jarred Nicholls wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If there are any CISSP certified professionals out there, I would like to talk to you one on one about the certification. I am very interested in obtaining this cert in the future (I want to go into security). I am going to be a freshman in College in the fall incase anyone was wondering why I said I wanted to go into security. So please if anyone has this certification e-mail me at [EMAIL PROTECTED] Jarred Nicholls CCNA, CCNP Routing Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48239t=48095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISSP [7:48095]
If you don't have 3 years of INFOSEC experience you are not eligible to take the exam. They are changing that rule to 4 years in January. I think being a college freshman it will be difficult to convince them you were working in infosec all through high school. Of course that assumes you are coming straight from high school. http://www.isc2.org/cgi/content.cgi?category=18 John Kaberna CCIE #7146 (R/S, Security) Jarred Nicholls wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If there are any CISSP certified professionals out there, I would like to talk to you one on one about the certification. I am very interested in obtaining this cert in the future (I want to go into security). I am going to be a freshman in College in the fall incase anyone was wondering why I said I wanted to go into security. So please if anyone has this certification e-mail me at [EMAIL PROTECTED] Jarred Nicholls CCNA, CCNP Routing Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48240t=48095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Setting up a lab w/ [7:48213]
It really depends on what your goal is. If your goal is CSS-1 then it's nice to have the equipment, but it's certainly not necessary. The Cisco Press books and some practice tests are easily sufficient if you are familiar with the Cisco security products. You should not need lab guides or equipment for the CSS-1. You will need to build a real lab (or rent rack time) for the CCIE though. It would also be highly beneficial to buy a commercial lab product. You can definitely do it with just CCO if you want to spend the time to compile all the information and write your own labs. Generally you will find that its not worth saving the few hundred bucks to do all that work on your own. I would suggest pursuing either Checkpoint or Cisco first. I would go for whatever is used more at your daily job. Keep in mind there are a LOT more resources for Cisco than Checkpoint. John Kaberna CCIE #7146 (R/S, Security) Kevin O'Gilvie wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I currently have a pix 515, and a checkpoint FW1 for my home lab.. I am looking for some ideas on how i should set this up for the best learning experience.. I currently have a cable modem connection and no static IP's.. Indeed i will purchase routers, but before I do I wanted to ask the experts ( Thats you guys of couse!!).I want to accieve my cisco security certifications as well as checkpoint..Please list the material I should purchase as well as some great lab guides.. Thanks A million, -Kevin CCNA 2.0, BCRAN, Switching 2.0 _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48243t=48213 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS firewall feature set for Cisco 2514 [7:47523]
Unless I'm not reading this right, they will support it til 2007. http://www.cisco.com/warp/public/cc/general/qrg/eol_ai.htm Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... No Rick that guy is MOST mistaken some of the 2500 series has been EOS'd. However cisco is pledging software support until 2005. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Sent: Wednesday, June 26, 2002 8:31 PM To: [EMAIL PROTECTED] Subject: Re: IOS firewall feature set for Cisco 2514 [7:47523] Where did you find info that Cisco does not support 25xx series anymore? I have 156 support contracts on 2509, 2511, and 2520's. I also just finished a network wide upgrade of IOS on these same boxes. I am concerned that Cisco just announced this and this leaves me with a serious problem. S M wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm looking for Cisco 2514 IOS w/ firewall feature set. Cisco doesn't supports 25xx series anymore. Does anyone point me in the right direction to get the software. Thanks SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47564t=47523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Cisco vis a vis World Com [7:47505]
The Cisco guys are saying that UUNet converted a lot of stuff to Juniper and a few other vendors. Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Not too long ago, John Chambers was quoted in one of the networking magazines talking about erosion of margins, and partners who sold very cheaply. The talk on the street was that it was no secret he was talking about WorldCom, who have been notorious for their pricing of Cisco products as an inducement to use worldCom data circuits. I believe what used to be UUNet is a major user of Cisco equipment. that's one reason I asked about UUNet's viability. WCOM is going to end up selling assets, and it seems to me that the ISP is about the best asset they have. The network / fiber assets only contribute to the current fiber glut, so become less of a source of hope for revenue from sales. As far as what's in the carrier networks themselves, maybe this is less important to Cisco, as no carriers use their stuff anyway? ;- BTW Juniper stock is not looking real good right now at all. Nor Ciena. John Kaberna wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Talking with a couple of my students (employees at Cisco) WCOM is mostly a Nortel shop. They said that ATT and Sprint are Cisco Powered Networks so they are the big providers that Cisco is interested in. This is not official or anything from Cisco it's just what these guys are telling me. Chuck wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So far today I have seen no word from Cisco on its exposure to World Com. the other so called players in the networking industry - Redback, Nortel, and Lucent, have all said they have very little on the line with WorldCom. Of course, these are companies with one foot in the grave already. WorldCom is one of Cisco's MAJOR customers. Cisco stock is back close to it's low of the last year. Maybe Cisco believes nothing needs be said? Maybe Cisco figures they can still sell their stuff through other channels? As an employee of another of Cisco's major customers, maybe this bodes well for me? with WorldCom out of the way, and no longer selling at cost to steal my customers, maybe my own business will pick up? Sheesh, this is scary. Anybody out there know how what used to be UUNet is doing? Viable? Any repercussions through the ISP world? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47512t=47505 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS firewall feature set for Cisco 2514 [7:47523]
www.cisco.com It is most certainly still supported and available if you have download privileges. Did you even check? S M wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm looking for Cisco 2514 IOS w/ firewall feature set. Cisco doesn't supports 25xx series anymore. Does anyone point me in the right direction to get the software. Thanks SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47524t=47523 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Problem [7:47363]
You cannot filter using FQDN. You can use websense to block certain URL's though. Mamoon Dawood wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I the PIX firewall, Can I make an access list using the FQDN (eg: www.yahoo.com) instead of using IP address, since I want to permit users to only enter some sites, I think the problem is that we can not configure a name server, Kindest Regards, Mamoon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47418t=47363 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
Shahid is absolutely right. You do not need to go to training for this. The MCNS, PIX, and VPN exams are pretty easy if you read the CP books and have some experience with them. For IDS you can pass using just the Cisco Press book if you have a good memory. You're better off getting an NT4 server and downloading an eval copy of CSPM to get comfy with the GUI. If you really have trouble with the IDS part you should consider finding out how to build an IDS Sensor out of a Solaris box. It can be done. :) Shahid Muhammad Shafi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Trust me, u dont need classes. Just study 4 books from Cisco Press and ull do it fine. I passed 3 exams in 15 days and only one to go. If u appear for MCNS, 95% CSVPN is covered and 75% Pix is covered. For IDS i am myself studying. Shahid [EMAIL PROTECTED] wrote: Since I can't get my cheap company to send me to classes, I have to do self-study go get my Cisco Security Specialist Certification. Does anyone have any suggestion which books would help for each of the exams? Thank you in advance, Joy Shahid Muhammad Shafi Every man dies; not every man really lives remember, if God bringz u 2 it, He WILL bring u thru it!!!- Please help feed hungry people worldwide http://www.hungersite.com/ A small thing each of us can do to help others less fortunate than ourselves - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47419t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1 exams [7:47308]
It used to be up on securityie.com but it got taken down. I would rather not post it here. Email me off list. -- Peter Walker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any chance of a hint? None of the search phrases I can think of are turning up any hits on google. Having just passed the CCIE security written exam this morning I may be interested in how to do this for my home lab. Thanks Peter --On Tuesday, June 25, 2002 3:37 PM -0400 John Kaberna wrote: you should consider finding out how to build an IDS Sensor out of a Solaris box. It can be done. :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47426t=47308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie real-time questions [7:47436]
You forgot to post the NDA you agreed to before you started the test. -- Jerry Yu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just failed the 305-001, but I remember the following tricky questions. pls. offer your opinion or answers to them. thanks. jyu 1) A network administrator is using debug commands to check the performance of a network. What steps can the administrator take to ensure that the debug will not require too much CPU, or at least that she will not have to reboot the router to disable debug? (mulitple answer) A. Make the debug command as specific as possible B. Use the max-time parameter of the debug command C. In configuration mode, enter 'scheduler interval 15' D. Configure a loopback to channel debug traffic 2) NETBEUI is: A. A routable protocol B. A non-routable protocol designed for small networks C. A routing protocol designed for large networks D. A data-link layer protocol 3)In a Distance Vector protocol, counting to infinity: A. Calculates the time tacken for a protocol to converge B. Checks to make sure the number of route entries do not exceed a set upper limit C. Counts the packets dropped during a routing loop D. Sets an upper limit for hop count, so that routing loops can be broken if this limit is reached 4)A network contains 2000 IPX services. Remote sites connected via 56 Kbps lines intermittently lose the ability to logon to some NetWare servers. The problem may be fixed by: A. Filtering SAPs at the remote routers B. Filtering SAPs at the central router C. Filtering SAP type 4 D. Configuring ipx maximum-paths 2 at the central router 5) In FDDI, the characteristics of 4B/5B Encoding include: (multiple answer) A. Sending 4 bits of information using a 5 bit symbol B. Increasing the clock rate of the transmitter and receiver to 125 Mhz, which establishes an effective data rate of 100Mbps C. Increasing the distance between two FDDI stations to more than 2km, when using multimode fiber D. Providing a workaround for the Optical Bypass Relay 6)The purpose of Fast Link Pulse[FLP] signals is: A. To identify link quality and shutdown the Ethernet port of the computer if the quality of a link is poor B. To indicate that collisions has occurred in the Ethernet segment - this is also known as a 'jam' signal C. To auto-negotiate the capabilities of Fast Ethernet devices connecting via 100BaseT technology D. To support the proprietary implementation of Gigabit Ethernet of some vendors Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47441t=47436 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IDS Questions [7:46639]
PIX's and routers capable of running IDS run a very limited version of IDS. I believe they only catch 59 signatures which isn't very much. It's not bad for a small company that has a PIX that would like to start down the path of having a true IDS some day. I'm not sure what you mean about Snort being recognized by the PIX. I would guess that you mean shunning which the PIX does not support regardless of whether you use Snort or a Cisco IDS solution. Only the routers support shunning. I personally use Snort for my small-medium clients since it's free, has a large install base, and can run on multiple platforms. If I have a client that is an all Windows shop I can put in on Win2k. If they are pro-Unix, I can put it on Linux or even Solaris. There is a lot more flexibility than some of the other IDS solutions for a lot less money. I doubt that I would desire an MS solution even if they did come out with one. I don't trust Bill when it comes to security. Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I read that the 2600 router (or definitely higher model routers) have IDS built in, but if you bought any Pix Firewall it wouldn't have IDS. Am I mistaken on this? So the most people who want IDS who cannot afford / justify (just yet) and IDS box are using Snort? I have a pix 515UR, and if I read correctly, it has the capabilities to interface to an IDS box, but it is not an IDS box itself. Also, if I use Snort as an IDS, will the pix be able to recognize it? Maybe Microsoft will come out with a tool of this nature, which is free (not really free, but included with OS) like some of the built in components in 2000. If I have some misinformation here, I have not read my 1000 page IDS book as of yet, but I am working on MCNS. I found a document that will allow me to install Snort on Windows 2000, that is my current plan for implementing IDS. Can anyone give me the pros and cons of Snort Vs. Cisco IDS system? What other alternatives should I be looking at. My company does not really need an IDS as of yet, but I am doing this just for fun and for learning about security/IDS. Hope my pro-Microsoft attitude is OK in the group. I like working on routers and security, and don't spend a lot of time tweeking around with Operating Systems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46641t=46639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IDS Questions [7:46639]
I stand corrected on the shunning part (thanks Glenn). You can use shun with 6.1, but I am not sure about the details for allowing this to happen dynamically using CSPM. I hesitate to ever implement dynamic shunning as a savvy attacker can use that to shun valid sources as a form of DoS. John Kaberna wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... PIX's and routers capable of running IDS run a very limited version of IDS. I believe they only catch 59 signatures which isn't very much. It's not bad for a small company that has a PIX that would like to start down the path of having a true IDS some day. I'm not sure what you mean about Snort being recognized by the PIX. I would guess that you mean shunning which the PIX does not support regardless of whether you use Snort or a Cisco IDS solution. Only the routers support shunning. I personally use Snort for my small-medium clients since it's free, has a large install base, and can run on multiple platforms. If I have a client that is an all Windows shop I can put in on Win2k. If they are pro-Unix, I can put it on Linux or even Solaris. There is a lot more flexibility than some of the other IDS solutions for a lot less money. I doubt that I would desire an MS solution even if they did come out with one. I don't trust Bill when it comes to security. Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I read that the 2600 router (or definitely higher model routers) have IDS built in, but if you bought any Pix Firewall it wouldn't have IDS. Am I mistaken on this? So the most people who want IDS who cannot afford / justify (just yet) and IDS box are using Snort? I have a pix 515UR, and if I read correctly, it has the capabilities to interface to an IDS box, but it is not an IDS box itself. Also, if I use Snort as an IDS, will the pix be able to recognize it? Maybe Microsoft will come out with a tool of this nature, which is free (not really free, but included with OS) like some of the built in components in 2000. If I have some misinformation here, I have not read my 1000 page IDS book as of yet, but I am working on MCNS. I found a document that will allow me to install Snort on Windows 2000, that is my current plan for implementing IDS. Can anyone give me the pros and cons of Snort Vs. Cisco IDS system? What other alternatives should I be looking at. My company does not really need an IDS as of yet, but I am doing this just for fun and for learning about security/IDS. Hope my pro-Microsoft attitude is OK in the group. I like working on routers and security, and don't spend a lot of time tweeking around with Operating Systems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46646t=46639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IDS Questions [7:46639]
I don't see why you'd get flamed for that except maybe from a die-hard Cisco employee and even then I doubt it. I prefer Snort a lot more than Cisco's IDS because of price and I do prefer the fact that you have nearly an entire industry of security people that work on Snort. There are very few seasoned security people that don't have a fair amount of experience with Snort. There are few shops out there that rely solely on Cisco IDS. If I had the choice though, I would probably run them both. It wouldn't hurt and it sure would make you feel good to catch an alarm on one IDS that was missed by the other. Peter Walker wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I hope I dont get flamed for this ... but I would like to ask a similar but different question. What reason is there to choose Cisco IDS over Snort. I just dont see Cisco IDS as having much in the way of advantages over Snort other than a Cisco label and a high price tag (and yes both of those can be percieved as advantages) Of all of the Cisco kit I have worked with the IDS system is the only one I cant see myself recommending to someone. Peter Walker --On Friday, June 14, 2002 7:13 PM -0400 Ken Diliberto wrote: Brian, We can both justify and afford a commercial IDS but choose Snort. What do see as drawbacks to Snort? Brian Zeitz 06/14/02 03:02PM So the most people who want IDS who cannot afford / justify (just yet) and IDS box are using Snort? I have a pix 515UR, and if I read correctly, it has the capabilities to interface to an IDS box, but it is not an IDS box itself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46660t=46639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab Exam Changes - Token Ring [7:46481]
It will be Ethernet only. No TR interfaces at al will be in the lab. Khalsa Singh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks Ryan, I'm confused, so when cisco says, no token ring in the CCIE lab from oct 2002 but DLSW will be there, what does that mean. Should we expect to configure DLSW on TR-to-TR network or Eth-to-Eth network or WAN or both in the Lab Khalsa Singh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE lab, my question is, do I still have to buy cisco routers with Token Ring interface to practise DLSW since it is going to be in the lab after Token Ring is completely out thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46508t=46481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The end of Token Ring etc [7:46497]
It's going to be replaced with more QoS and basic security stuff. No new topics, just an expansion of existing topics that aren't covered in as much detail. nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Michael Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It's just occured to me that with that one announcement Cisco has made all the Token Ring stuff sold on Ebay, for various home labs, worthless.and saved me a pretty penny. Well, as far as it saving you money, the answer is (as always in the Cisco world)...it depends. In particular, it depends on what exactly they are going to replace all those TR questions with, and we won't know until the first guinea-pigs try the new lab out in October. For example, what if the new lab is really really heavy into voice? Then everybody with a home-lab would have to buy voice stuff, which is a hell of a lot more expensive than TR gear. Mike Graham CCNP, CCDP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46520t=46497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix don't route [7:46356]
You should be able to do exactly what you said as long as you have at least 2 public IP addresses. Use one for the interface and all regular users and use the other IP for the two servers. Create two different nat and global pairs. John Kaberna CCIE #7146 (R/S, Security) NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com Wayne Jang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, The Pix don't route, but can I do this? I have a 2 server 20 user small office. I have a Pix 506 sitting in front of a 2621 with a T1 and a DSL link to the Internet. I'm not looking to load balance or even do redundancy. I just want traffic from the servers to use the T1 and I want traffic from the users to use DSL. I could use access-lists on the 2621 to direct the traffic based on source address, but how will the 2621 know where the traffic came from? Won't all traffic have a source address of the Pix outside interface? What if I Nat the servers(on PIx) so that they will appear to have a different source IP than the users who will be behind the global outside address? I'll need more public addresses, but that would be fine. I can't get any help from Cisco Pre-Sales because they aren't sure. I can't get an engineer that knows more than me (not much). My fall back plan is to only use the 2621 and have a firewall IOS. But I would rather use the Pix, especially because we have already quoted the above solution and are working to save face. Thanks -- Wayne Jang Advanced Computer Technologies, Inc. 108 Main Street Norwalk, CT 06851 Wk 203-847-9433 Cell 203-943-6603 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46357t=46356 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix don't route [7:46356]
What happens when the T1 provider goes down? Those IP's will no longer be reachable and the servers will be down. Without BGP I don't see how you are going to get the DSL circuit to take over the IP's that the T1 provider advertises. Assuming you have BGP, I would thing that policy routing and using different global addresses would get the job done. Sounds to me like the only barrier is getting BGP. Kent Hundley wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Wayne, I would suggest disabling NAT on the PIX and performing your NAT on the router. This eliminates the problem of not knowing what packets originate from the servers. Then, setup Policy-Based Routing (PBR) on the router. You didn't post your config, so I assume you have 2 legal addresses, one from each ISP and you don't have your own address space. If you want to setup inbound services you'll have to setup static NAT on the router for the services you want to allow. For outbound the PBR it's pretty simple: int s 0 interface to T1 int e 0 interface to DSL int ip policy route-map test access-list 100 any route-map test permit 10 match ip address 100 set int s 0 route-map test permit 20 For outbound traffic packets from the servers will be sent out the T1 as long as it is up, all other traffic will be forwarded normally. You'll want to set your routing so that the DSL line is the preferred path for all traffic. If the T1 goes down, the traffic from the servers will be sent out the DSL. Additional problems that I see are if your servers are to be accessible from the Internet, you will need to have static translations setup for your services on both the T1 and the DSL. You can do this, but the issue becomes name resolution and which address is returned to users on the Internet. It's probably safer to just setup the translations for the T1 and leave it at that. (you could play some games if you ran your own DNS, but things get complicated pretty quickly) You don't need the FFS on the router as long as everything is behind the PIX (although it shouldn't hurt) and you don't need the link between the router and the PIX to be have a public address space as long as you do the NAT on the router. Of course, you also will want to harden the Internet facing router if you have not already done so. One more thing, it's not really accurate to say the PIX doesn't route. People say this all the time and what they really mean is that the PIX doesn't support routing protocols and some fancy routing techniques like PBR. However, the PIX does perform layer 3 forwarding based on its routing table, this means, by definition, it is routing. It just doesn't have the same features and functions for layer 3 forwarding that cisco routers have. (this is kind of a nit, but saying the PIX doesn't route tends to confuse people) HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wayne Jang Sent: Wednesday, June 12, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: Pix don't route [7:46356] Hi, The Pix don't route, but can I do this? I have a 2 server 20 user small office. I have a Pix 506 sitting in front of a 2621 with a T1 and a DSL link to the Internet. I'm not looking to load balance or even do redundancy. I just want traffic from the servers to use the T1 and I want traffic from the users to use DSL. I could use access-lists on the 2621 to direct the traffic based on source address, but how will the 2621 know where the traffic came from? Won't all traffic have a source address of the Pix outside interface? What if I Nat the servers(on PIx) so that they will appear to have a different source IP than the users who will be behind the global outside address? I'll need more public addresses, but that would be fine. I can't get any help from Cisco Pre-Sales because they aren't sure. I can't get an engineer that knows more than me (not much). My fall back plan is to only use the 2621 and have a firewall IOS. But I would rather use the Pix, especially because we have already quoted the above solution and are working to save face. Thanks -- Wayne Jang Advanced Computer Technologies, Inc. 108 Main Street Norwalk, CT 06851 Wk 203-847-9433 Cell 203-943-6603 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46379t=46356 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Training Documents? [7:46298]
There is also a free lab #23 at www.ccbootcamp.com/download lab23beta_configs.zip lab23beta_preconfigs.zip newhintslab23beta.doc newlab23beta.doc newlab23beta.vsd John Stamos wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, I'm new to the list and was wondering if there are any good websites that offer free training material? Thank you! -John - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46368t=46298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Training Documents? [7:46298]
Go to www.fatkid.com if you want free CCIE labs. You didn't specify what kind of material you're looking for. John Stamos wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, I'm new to the list and was wondering if there are any good websites that offer free training material? Thank you! -John - Do You Yahoo!? Sign-up for Video Highlights of 2002 FIFA World Cup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46309t=46298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: which is the best Router for the following tasks [7:46288]
2611 if you want Ethernet and 2621 if you want Fast Ethernet. I generally don't like to work with anything under a 2600. You can also look at the 1751. The problem with the 17XX series is they aren't rack mountable. Fab Perez wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi news I need to pickup a Router with the following features: _ 2 Ethernets _ 1 V.35 Serial / Sync _ QoS _ Load Balancing (EIGRP ?) _ NAT _ Firewall Thanks in advance. -- Fab Perez .net .admin www.inet.co.cr [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46310t=46288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: port needed open for dlsw (tcp encap) [7:34981]
2067 John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm ME wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... With dlsw, useing tcp encap, what tcp ports do I need open in an access-list to allow dlsw to work? TCP 2065 by itself is not enough. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34982t=34981 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hiding an computer ( ip address ) using acces [7:34992]
Plus if there are other hosts on the same LAN a router won't help as it doesn't interfere with traffic local to the LAN. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Ken Diliberto wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Beth, My choice would be filtering on the machine. If you're using UNIX, there are several IP filtering (and free) products. You could also tailor the routing table in the machine to only allow it to find your other machine. Why tax the router? Ken beth 02/09/02 04:01PM I am adding a computer to my network that i do not want accessible via network to anyone but myself. Can someone suggest best ways to do this, is this possible on the router level via access list? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34992t=34992 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Security certification [7:34904]
It's value is fairly high although it's still a written test. It's fairly well known and most security people that work in the government have it. It is based mainly on theory not practical hands-on so it's a guide start prior to doing the more specialized vendor specific certs. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCIE R/S and Security 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Simon Yang (ITeX) wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... There is one certification called CISSP (certified information system security professional). Does anybody family with it? How's it value? Any comment/suggestion? Thanks -Simon CCNP, MCSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34905t=34904 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: help me with the pix problem! [7:33287]
Are you reading your other thread? Several people have pointed out your problems. Please check the responses to your original post. You still have the same problems that people told you how to fix. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm cage wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi,everybody. My envirment is: the outside interface of pix 525 is connected to the fibre-ethernet transceiver ,no router availble, and the dmz interface of the pix is connected to several severs like www,dns,etc. The inside interface is connected to the lan, no proxy availble. When I finished my configure, I met some problem: 1 The dmz servers traffic can not be out. And at the same time,they can not ping the outside interface address correctly. 2 the inside lan nodes can not ping the dmz interface address,but can ping other server in the dmz correctly. I know I should use the nat commands to bring the traffic of dmz to the outside, but since the outside address provided by the isp are private ones, so I have to use NAT (dmz) 0, but why the dmz traffic can not be out? I hope the design is not wrong. the following is my config,help me,please. sh conf : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit tcp any host 202.99.33.69 eq smtp access-list acl_in permit tcp any host 202.99.33.72 eq www access-list acl_in permit tcp any host 202.99.33.66 eq domain access-list acl_in permit tcp any host 202.99.33.67 eq domain access-list acl_in permit icmp any any access-list ping_acl permit icmp any any pager lines 30 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto shutdown interface ethernet4 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu intf3 1500 mtu intf4 1500 ip address outside 210.82.34.29 255.255.255.0 ip address inside 192.168.4.1 255.255.255.0 ip address dmz 202.99.33.254 255.255.255.0 ip address intf3 127.0.0.1 255.255.255.255 ip address intf4 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 pdm history enable arp timeout 14400 global (dmz) 1 202.99.33.73 netmask 255.255.255.0 nat (inside) 1 192.168.4.250 255.255.255.255 0 0 nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 static (dmz,outside) 202.99.33.69 202.99.33.69 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.72 202.99.33.72 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.66 202.99.33.66 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.67 202.99.33.67 netmask 255.255.255.255 0 0 access-group acl_in in interface outside access-group ping_acl in interface dmz access-group ping_acl in interface inside route outside 0.0.0.0 0.0.0.0 210.82.34.25 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:3be86ece2c90058e0c9190f986717d63 pixfirewall# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33315t=33287 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX % DNS Doctoring [7:33331]
Godswill I believe he is asking about the alias command since that is specifically used for DNS doctoring. But, if his clients are on the same network as the DNS server it won't work. But, as you said, I'm not quite sure what he is asking. http://www.cisco.com/warp/public/110/alias.html You are also sort of incorrect if you are saying that you can't adjust the DNS timers. You can't adjust the specific DNS timers themselves, but you can adjust the UDP timer. I'm not sure if that's what you meant. You are very correct that 2 minutes is an eternity and I think that is way too long to have a UDP connection open. Just change the UDP timeout conn as shown below. The example is changed to one minute. timeout conn 1:00:00 half-closed 0:10:00 udp 0:01:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Godswill HO wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, It really depends on what you want to do or implement for the DNS. The DNS guard on PIX is enabled by default and it cannot be disabled not configured. It help to prevent against DoS attacks by tearing down the UDP conduit on the PIX firewall as soon as the DNS response is received not waiting until thee the default UDO timer has expire which is 2 minutes( almost an eternity in the computer world). The other doctoring you can do on DNS is on CBAC (Context Based Access Control). Here you can alter the default DNS timeout which is 5 seconds by using: #IP inspect dns-timeout It simplyly specifies the length of time a DNS name lookup session will still be managed after no activity. In case you need further help, feel free to ask specific questions. Regards. Oletu - Original Message - From: Dante Martins To: Sent: Saturday, January 26, 2002 4:58 PM Subject: PIX % DNS Doctoring [7:1] Somebody knows how to do DNS doctoring on PIX I have the DNS on DMZ with static and the clients workstations are on inside interface. Dante This email has been scanned for all viruses by the MessageLabs service. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33346t=1 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Works 2000 amp; Cisco Works for Windows [7:33321]
Cisco Works for Windows is basically Whats Up Gold with Cisco View. It's pretty much a waste of money if you ask me. It's not very reliable and your Log viewer refreshes periodically erasing your entire screen for a couple of seconds. There is no way to highlight an event so you can see which events come in are new. It's a little hard to explain, but it's very annoying and hard to manage. It's nothing like HP Openview. I only use it on my laptop so I can quickly setup Syslog and SNMP traps at customers sites. I would never recommend it to use on a regular basis. I don't believe there is an eval copy, but your local reseller should be able to hook you up with a demo at their office. But, if you want to see 99% of what it will do, download an eval copy of What's Up Gold from www.ipswitch.com Getting a copy of CiscoWorks for Solaris is not possible unless your organization does a LARGE amount of business with Cisco or if your reseller does you a favor. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Jonathan Mian wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Gang, Is there such a thing as an eval copy...I'd like to know what this thing looks like since I've heard/read so much about. Alos is there an eval copy for Cisco Works for Windows? All the best, Jon Mian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2t=33321 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet to inside through VPN [7:33589]
You cannot telnet to the inside address from the outside even over a VPN AFAIK. Just use SSH to the outside if you have RADIUS or TACACS. Otherwise you'll have to SSH or Telnet to a host on the inside of the PIX and then Telnet back in. So, if you have a router or switch on the inside of the network just go to it first and then back to the inside interface of the PIX. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Dante Martins wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I telnet to PIX inside interface from the VPN (I.E. from 10.128.128.0 telnet 172.16.3.252). I have tried using telnet command: telnet 10.128.128.0 255.255.255.0 inside but still no working. Can you help me? Dante CONF MAIN PIX PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ1 security10 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 nameif ethernet5 intf5 security25 enable password *** encrypted passwd ** encrypted hostname MAIN fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list 101 permit ip 10.128.128.0 255.255.224.0 172.16.3.0 255.255.255.0 access-list 102 permit ip 10.128.128.0 255.255.224.0 192.168.3.0 255.255.255.0 access-list 103 permit ip 10.128.128.0 255.255.224.0 10.250.1.0 255.255.255.0 access-list 103 permit ip 10.128.128.0 255.255.224.0 10.249.0.0 255.255.240.0 access-list 104 permit ip 10.128.128.0 255.255.224.0 10.250.11.0 255.255.255.0 access-list 105 permit ip 10.128.128.0 255.255.224.0 10.250.95.0 255.255.255.0 pager lines 24 logging on interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto interface ethernet4 auto shutdown interface ethernet5 auto shutdown mtu outside 1500 mtu inside 1500 mtu DMZ1 1500 mtu intf3 1500 mtu intf4 1500 mtu intf5 1500 ip address outside 200.219.100.2 255.255.255.0 ip address inside 10.128.159.253 255.255.224.0 ip address DMZ1 10.255.255.254 255.255.224.0 ip address intf3 10.250.11.254 255.255.255.0 ip address intf4 127.0.0.1 255.255.255.255 ip address intf5 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address DMZ1 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 failover ip address intf5 0.0.0.0 pdm history enable arp timeout 14400 global (outside) 1 200.219.100.100-200.219.100.199 global (outside) 1 200.219.100.200 global (DMZ1) 1 10.255.224.10-10.255.224.70 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0 alias (inside) 200.219.100.26 10.255.224.3 255.255.255.255 alias (inside) 200.219.100.30 10.128.128.30 255.255.255.255 alias (inside) 200.219.100.31 10.255.224.9 255.255.255.255 alias (inside) 200.219.100.54 10.255.224.4 255.255.255.255 static (inside,outside) 200.219.100.26 10.128.128.26 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.30 10.128.128.30 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.31 10.128.128.32 netmask 255.255.255.255 0 0 static (inside,outside) 200.219.100.54 10.128.128.54 netmask 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp host 200.219.100.30 eq www any conduit permit tcp host 200.219.100.30 eq domain any conduit permit udp host 200.219.100.30 eq domain any conduit permit tcp host 200.219.100.31 eq www any conduit permit tcp host 200.219.100.31 eq domain any conduit permit udp host 200.219.100.31 eq domain any conduit permit tcp host 200.219.100.26 eq 161 any conduit permit tcp host 200.219.100.26 eq 162 any conduit permit udp host 200.219.100.26 eq snmp any conduit permit udp host 200.219.100.26 eq snmptrap any conduit permit tcp host 200.219.100.54 eq domain any conduit permit udp host 200.219.100.54 eq domain any conduit permit tcp host 200.219.100.54 eq 22 any route outside 0.0.0.0 0.0.0.0 200.219.100.1 1 route outside 10.0.64.0 255.255.224.0 10.128.159.252 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius snmp-server host inside 10.128.128.21 snmp-server location mainsite snmp-server contact support@mainsite snmp-server community pixpix snmp-server enable traps floodguard enable sysopt connection permit-ipsec sysopt ipsec pl-compatible no sysopt route dnat crypto ipsec transform-set strong esp-des esp-sha-hmac
Re: pix problem [7:33184]
1. How do your inside users get out? There is no global command for inside. You should test that first before you work on the DMZ stuff. It's a little easier to get working and it verifies that you know how to configure NAT/PAT. 2. I don't think this is a problem, but I would match your nat (dmz) 0 with your statics. What I mean is if you are going to use a nat (dmz) 0 202.99.33.0 255.255.255.0 then make your static static (dmz, outside) 202.99.33.0 202.99.33.0. You have specific static's for each host which you don't need. It should work even if they are not the same, but I typically try and follow the documentation. Since I haven't tested them not matching my suggestion is to do what is in the command reference. 2. If you have servers on the DMZ that you want to translate to a global address then you will need a nat (dmz) 1 command. 3. When you say you are trying to connect what are you trying to do? Ping, www, smtp, etc. You only allow ICMP from your DMZ to anywhere. If you are trying to connect to the web server from the outside then the inbound connection will be permitted, but the return traffic will not. 4. Enable logging and check your logs. It will give you very good details on what is going on if you choose debugging. Just log to Syslog or the buffer. I didn't test any of these suggestions so I'm not 100% sure. But, if you get logging going that will definitely point you in the right direction of what is wrong. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm cage wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The following is my configure of pix 525, now the nodes in the dmz can not connect to the outside, why? and do i have to use the NAT command to the traffic from the dmz to the outside. It seem that the pix cant route the dmz traffic to the outside. help me! please! sh conf : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 nameif ethernet3 intf3 security15 nameif ethernet4 intf4 security20 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit tcp any host 202.99.33.69 eq smtp access-list acl_in permit tcp any host 202.99.33.72 eq www access-list acl_in permit tcp any host 202.99.33.66 eq domain access-list acl_in permit tcp any host 202.99.33.67 eq domain access-list acl_in permit icmp any any access-list ping_acl permit icmp any any pager lines 30 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto interface ethernet3 auto shutdown interface ethernet4 auto shutdown mtu outside 1500 mtu inside 1500 mtu dmz 1500 mtu intf3 1500 mtu intf4 1500 ip address outside 210.82.34.29 255.255.255.0 ip address inside 192.168.4.1 255.255.255.0 ip address dmz 202.99.33.254 255.255.255.0 ip address intf3 127.0.0.1 255.255.255.255 ip address intf4 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address dmz 0.0.0.0 failover ip address intf3 0.0.0.0 failover ip address intf4 0.0.0.0 pdm history enable arp timeout 14400 global (dmz) 1 202.99.33.73 netmask 255.255.255.0 nat (inside) 1 0 0 nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 static (dmz,outside) 202.99.33.69 202.99.33.69 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.72 202.99.33.72 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.66 202.99.33.66 netmask 255.255.255.255 0 0 static (dmz,outside) 202.99.33.67 202.99.33.67 netmask 255.255.255.255 0 0 access-group acl_in in interface outside access-group ping_acl in interface dmz route outside 0.0.0.0 0.0.0.0 210.82.34.25 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:3be86ece2c90058e0c9190f986717d63 pixfirewall# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33260t=33184 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSPFA Exam question [7:32390]
Regardless of whether it is covered on the exam or not you should know it. Besides, it's very easy. If you end up with your CSS1 and don't know how to do a PIX upgrade off the top of your head that isn't a good thing. Just pay attention to old code that doesn't allow you to copy tftp flash. Also remember that if you are changing your license features you need to upgrade from boot mode. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Robert wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am currently studying for the PIX exam. I am using Cisco's exam outline as a guide. The outline does not mention 'upgrading OS versions' as a topic on the exam, yet it is clearly covered in the book at some length. Is the outline correct? Just checking... Thanks, Robert Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32483t=32390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco security books [7:31393]
The MCNS book is very good for introducing Cisco security. The Designing Network Security book is ok, but it will put you to sleep if you have a security background. I definitely would say it's not imperative that you have it. If you plan on pursuing the CSS1 certification the IDS book from Cisco Press is pretty good too. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Doug Korell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone have input on good overall Cisco security books? I saw two books on Cisco's website called Designing Network Security and Managing Cisco Network Security. Anyone have an opinion on these? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31434t=31393 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: disabling telnet access to catalyst switches [7:31499]
Sorta. Just enable the use of permit lists and then don't create any entries. I do this to disable Telnet and enable only SSH. Works like a charm. switch (enable) set ip permit enable telnet John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm hdinh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys / Gals Just a quicky, Is there (are there) command(s) in the catalyst 5000 and 6000 series where you can disable telnet to the switches... Thanks, h __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31511t=31499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT Request; LAN/WAN monitoring software [7:31227]
It depends what kind of monitoring you are talking about. If you are looking for a cheap SNMP solution you should take a look at WhatsUp Gold. To analyze traffic patterns take a look at MRTG. Why can't you consider HP OV? They do have an NT version and I believe the cost is about 4k. It's pretty fairly priced I think. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Michael Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... A bit off topic, but would appreciate any suggestions - Looking for a software solution, not UNIX based, that has capabilities to centrally monitor hardware and network traffic on a small LAN/WAN network, that contains HP switches, Cisco routers and Compaq servers. HPOV is not an option, end user is not UNIX guru, and network is Win2k based. Any suggestions would be most appreciated. Regards, Michael Smith Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31249t=31227 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX FW question [7:31054]
You should be able to connect the PIX directly to your cable modem. I know it works no problem with my DSL modem. I don't see why it would be any different as long as you have an Ethernet connection to your cable modem. As far as having your web server be accessible that is no problem with one IP address. Just use port redirection. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Bogdan Ungureanu wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I have a PIX 501 and a single network segment 192.168.1.0 including a Linux with web server and mail server.I want to protect the internal network from outside ,giving access only to web server and give access to outside not to everyone. I have a single real address 209.x.x.x My questions: Can I connect the PIX directly on Internet via a cable modem instead using a router (as a default gateway)? If a give to Linux system a private address 192.168.1.3, the users from outside will be allowed to access the web server? Thank you, Regards, Bogdan Ungureanu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31074t=31054 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP OVER DDR [7:30965]
Try dialer watch. That is what is recommended for EIGRP. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Instructor for 5-day CCIE class for ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Barry wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does EIGRP have a command to allow for routing over a DDR network, like the OSPF Demand statement or snapshot routing. How do you make the routes not age out with EIGRP over DDRThanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31076t=30965 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: About ACS 2.3.5 for UNIX [7:30002]
He asked about running it on Solaris 8. If he's like me, the thought of using any security product on Windoze is frightening. I personally do not want NT/2000 handling any security if I can help it. That's why I still run 2.3.6 on Solaris. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Ocsic wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Why not use ACS 3.0 ? It is released! fmxiao Hi all in group anyone can answer the question below. does Cisco ACS 2.3.5 (for UNIX) can install and run under solaris 8 ? thx in advance. Roy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30042t=30002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: About ACS 2.3.5 for UNIX [7:30002]
I'm running 2.3.6 on Solaris 8 with no problems. However, it's a lab and not a production environment. I do use it daily though as it is my TACACS server for all my networking devices in the lab. Try moving up to 2.3.6 if it's still available for download. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm fmxiao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all in group anyone can answer the question below. does Cisco ACS 2.3.5 (for UNIX) can install and run under solaris 8 ? thx in advance. Roy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30008t=30002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: OT: Call Manager and Military DSN [7:29805]
Thanks for the great info Paul. 1. Is the Call Manager a DSN compliant switch? 2. Do you have to order a separate DSN compliant trunk from the Telco? John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Paul Werner wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... DSN is not exactly what I would refer to as tapping into the local telco. DSN (Defense Switched Network) replaced AUTOVON (Automatic Voice network in the mid to late 1980s and through the early 90s). AUTOVON was set up to principally be a voice only network, and in many case over analog switch facilities. DSN converted it over to all diigital, and included voice, video, and data over the same trunks. The key difference between DSN and a regular commercial call is they go over different trunks and they terminate at DSN compliant switches. There are several things different about DSN compliant switches, but the key difference is the use of precedence, and precedence codes. They have no real counterpart in a commercial trunk, other than an operator interrupt for an emergency. With DSN, the end user can preempt a trunk and knock another user off the line with the proper precedence level. Some folks out there who know their RFCs and remember the early 760 series standards may recognize those precedence levels. They are: FLASH OVERRIDE (FO) -FO takes precedence over and preempts all calls on the DSN and is not preemptible. FO is reserved for the President of the United States, Secretary of Defense, Chairman of the Joint Chiefs of Staff, chiefs of military services, and others as specified by the President. FLASH (F) -FLASH calls override lower precedence calls and can be preempted by FLASH OVERRIDE only. Some of the uses for FLASH are initial enemy contact, major strategic decisions of great urgency, and presidential action notices essential to national survival during attack or preattack conditions. IMMEDIATE (1) -IMMEDIATE precedence preempts PRIORITY and ROUTINE calls and is reserved for calls pertaining to situations that gravely affect the security of the United States. Examples of IMMEDIATE calls are enemy contact, intelligence essential to national security, widespread civil disturbance, and vital information concerning aircraft, spacecraft, or missile operations. PRIORITY (P) -PRIORITY precedence is for calls requiring expeditious action or furnishing essential information for the conduct of government operations. Examples of PRIORITY calls are intelligence; movement of naval, air, and ground forces; and important information concerning administrative military support functions. ROUTINE (R) -ROUTINE precedence is for official government communications that require rapid transmission by telephone. These calls do not require preferential handling. When I was involved in DSN communications in Europe, my unit had a Flash precedence phone line, mainly because we had a special mission (which is about all I can say). We had the capability of bumping everybody off the DSN network save for the CINC US Army Europe and a few other folks. You will most likely have to deal with the issue of precedence. Also, access to a commercial line is normally done with dialing a 9 first (typical for trunk access); DSN usually uses an 8 - Your mileage may vary; check your local listings. Finally, DSN uses a slightly different dial plan than the rest of the universe (go figure:-) While you may be able to access the US with a country code of 001, or Germany with a country code of 49, that's not how it's done with DSN. Access is determined by regions, and each region has its own country code. The regions are: Canadian Section Caribbean Section CONUS Section European Section Pacific/Alaska Section Southwest Asia Section All of the above information is public knowledge and freely available. Anything more is likely classified, and not subject to posting on this list. In case it isn't already clear at this point, DSN is totally separate from the PSTN. HTH, Paul Werner I am working on an IP telephony solution and I need to hook in to the DSN. From my current understanding DSN is sent out to the local telco via the PSTN and is routed from there. This would make for a fairly simple dial plan in Call Manager. Has anybody heard anything different about how DSN is setup to work? Get your own 800 number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29883t=29805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subject: OT: Call Manager and Military DSN [7:29805]
Hi Nigel. Paul and I had an offline discussion and neither of us are quite sure of the answer but he knows someone that probably does. They do not have an existing switch so the Call Manager will need to hook up to a DSN trunk somehow. If you're really interested in the outcome I'll post what I find out. I am ex-military also but I didn't deal with this kind of stuff when I was in. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Nigel Taylor wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... John, When I suggested the solution we used to implement VoiP support with DSN, I was only making reference to the operational configuration required to support VoIP itself. Having been in the military(AF) for some eight years I do know of the information Paul mentioned. In our implementation we had access to the Government Demarc(switch) which was already supporting DSN. The question then would be if the solution you're providing is going to interface with a switch that already supports existing DSN calling. In this case the trunk that is used for DSN service is pretty much transparent like allthe other trunks.In that case the 8 prefix used in dialing DSN would pretty much identify the calls that will ride the trunk designated for DSN. Nigel former SSgt(seperated) :- From: John Kaberna Reply-To: John Kaberna To: [EMAIL PROTECTED] Subject: Re: Subject: OT: Call Manager and Military DSN [7:29805] Date: Fri, 21 Dec 2001 13:59:05 -0500 Thanks for the great info Paul. 1. Is the Call Manager a DSN compliant switch? 2. Do you have to order a separate DSN compliant trunk from the Telco? John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Paul Werner wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... DSN is not exactly what I would refer to as tapping into the local telco. DSN (Defense Switched Network) replaced AUTOVON (Automatic Voice network in the mid to late 1980s and through the early 90s). AUTOVON was set up to principally be a voice only network, and in many case over analog switch facilities. DSN converted it over to all diigital, and included voice, video, and data over the same trunks. The key difference between DSN and a regular commercial call is they go over different trunks and they terminate at DSN compliant switches. There are several things different about DSN compliant switches, but the key difference is the use of precedence, and precedence codes. They have no real counterpart in a commercial trunk, other than an operator interrupt for an emergency. With DSN, the end user can preempt a trunk and knock another user off the line with the proper precedence level. Some folks out there who know their RFCs and remember the early 760 series standards may recognize those precedence levels. They are: FLASH OVERRIDE (FO) -FO takes precedence over and preempts all calls on the DSN and is not preemptible. FO is reserved for the President of the United States, Secretary of Defense, Chairman of the Joint Chiefs of Staff, chiefs of military services, and others as specified by the President. FLASH (F) -FLASH calls override lower precedence calls and can be preempted by FLASH OVERRIDE only. Some of the uses for FLASH are initial enemy contact, major strategic decisions of great urgency, and presidential action notices essential to national survival during attack or preattack conditions. IMMEDIATE (1) -IMMEDIATE precedence preempts PRIORITY and ROUTINE calls and is reserved for calls pertaining to situations that gravely affect the security of the United States. Examples of IMMEDIATE calls are enemy contact, intelligence essential to national security, widespread civil disturbance, and vital information concerning aircraft, spacecraft, or missile operations. PRIORITY (P) -PRIORITY precedence is for calls requiring expeditious action or furnishing essential information for the conduct of government operations. Examples of PRIORITY calls are intelligence; movement of naval, air, and ground forces; and important information concerning administrative military support functions. ROUTINE (R) -ROUTINE precedence is for official government communications that require rapid transmission by telephone. These calls do not require preferential handling. When I was involved in DSN communications in Europe, my unit had a Flash precedence phone line, mainly because we had a special mission (which is about all I can say). We had the capability of bumping everybody off
Re: NetworkForce.com CCIE Lab Scenario [7:29676]
Never even heard of them. Why not just do the CCBootcamp labs? It's only $650. I didn't want to spend 5k on a class either so I can't say that I blame you. Although I've felt like if I went to one of those classes I probably would have passed the first or second time instead of the third time. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Pham, James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, It's time to put the theory into practice and pay my dues on the journey to CCIE! I'm shopping around for the good guys that offer good CCIE Lab scenarios and lab rental at a reasonable rate. I think it would work better if I buy the CCIE lab scenarios that were designed for their rack. Had anyone ever used the NetworkForce CCIE Lab scenarios and their lab. How good are they? Any advices, comments on how to prepare for the real CCIE Lab. I don't have the luxury to pay $5,000 for the CCbootcamp class! Thanks, James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29749t=29676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Call Manager and Military DSN [7:29805]
I am working on an IP telephony solution and I need to hook in to the DSN. From my current understanding DSN is sent out to the local telco via the PSTN and is routed from there. This would make for a fairly simple dial plan in Call Manager. Has anybody heard anything different about how DSN is setup to work? John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29805t=29805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NetworkForce.com CCIE Lab Scenario [7:29676]
I bought Solution Labs and CCBootcamp labs when I was studying. I also did the Fatkid labs since they are free. I liked dealing with Marc and Brad at CCBootcamp so much that I now do some work with them. I paid for their labs and countless hours on their racks (with my own personal savings) and it was well worth it. If it wasn't worth it I certainly wouldn't still be working with them. All this hype about the new 1-day format is nonsense. The preparation difference is minimal. If you use any online rack it will already be cabled. The terminal server will probably already be configured too. So that only leaves IP addressing which should be a non-issue. If you need labs that already have IP addresses on them you're in trouble. The topics have not changed. Instead of taking an hour or so to do a drawing, terminal server, cabling, and IP addressing they immediately have the lab start with more complex configuration topics. The biggest change in my opinion is removing troubleshooting. None of the practice labs that I've seen incorporate a troubleshooting lab so I don't see much difference. What you should be asking is have they updated the labs to remove the old topics (appletalk, DECNET, ATM LANE, etc). I wasn't too happy seeing those topics in the labs when I started them last year. But, they are currently removing all those topics and updating the labs to the 1-day format since people seem to think that having their IP addresses ahead of time is important. I believe they aren't quite done with updating all the labs but they are coming along. Marc and Brad should comment on that. As far as the real exam I think some of the labs are comparable in difficulty. Since they try and write labs that cover as many tricks as they can think of there is bound to be some topics that are the same. John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Pham, James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi John, Thanks for your advice. Although I don't plan to fail the first time, but if I fail, I would not feel so bad, right? I'm trying to work out a deal for 200-hour rack rental. I'm not quite sure if CCBootcamp labs scenarios are updated enough to reflect the recent change of the 1-day lab and flexible enough to use on a non-CCBootcamp lab. I would appreciate if anyone who has used CCBootcamp lab scenarios and sit on the real 1-day CCIE lab can give some insight on this. How good and close are they compare to the real lab? I don't think this is violating the NDA, right? Does it worth the money? Thanks, James -Original Message- From: John Kaberna [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 10:48 AM To: [EMAIL PROTECTED] Subject: Re: NetworkForce.com CCIE Lab Scenario [7:29676] Never even heard of them. Why not just do the CCBootcamp labs? It's only $650. I didn't want to spend 5k on a class either so I can't say that I blame you. Although I've felt like if I went to one of those classes I probably would have passed the first or second time instead of the third time. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Pham, James wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, It's time to put the theory into practice and pay my dues on the journey to CCIE! I'm shopping around for the good guys that offer good CCIE Lab scenarios and lab rental at a reasonable rate. I think it would work better if I buy the CCIE lab scenarios that were designed for their rack. Had anyone ever used the NetworkForce CCIE Lab scenarios and their lab. How good are they? Any advices, comments on how to prepare for the real CCIE Lab. I don't have the luxury to pay $5,000 for the CCbootcamp class! Thanks, James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29825t=29676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Call Manager and Military DSN [7:29805]
Have you done this already Nigel? Any problems with calling routing for the DSN? John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Nigel Taylor wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That's pretty much it.. John Nigel - Original Message - From: John Kaberna To: Sent: Thursday, December 20, 2001 3:42 PM Subject: OT: Call Manager and Military DSN [7:29805] I am working on an IP telephony solution and I need to hook in to the DSN. From my current understanding DSN is sent out to the local telco via the PSTN and is routed from there. This would make for a fairly simple dial plan in Call Manager. Has anybody heard anything different about how DSN is setup to work? John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29835t=29805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Recommendations on CSPFA exam? [7:29715]
I used just the Boson tests and it was a total breeze. But, I also have several years of PIX experience. If you have solid PIX experience it's a walk in the park. If not, you might still be able to pass with just the Boson tests. The only CSS 1 exam that might give you a little trouble (assuming you just do the Boson practice tests) is the IDSPM exam. Otherwise they are pretty easy. Good luck. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Zeke Gibson wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hiyas, Thanks to all who provided tips for MCNS, I passed on Saturday ;) I tried to locate PIX-related material for CSPFA, the only book that looked good was Cisco Secure PIX Firewalls from Cisco Press, ISBN: 1587050358 It hasn't been released yet, should be out the 21st according to Amazon. I'm hoping my copy will show sometime after Christmas. Has anyone used the Boson tests for this exam? Has anyone run across any other references that were helpful? I have a PIX-506 and a PIX-501 available for practice, unfortunately of course both of these models are fixed-configuration 2 interface only, so no DMZ support. I've been working on them for the past few days and have configured IPSec between them both, worked on acccess lists /static / conduits / logging, configured about everything I could think of before I got a bit bored. I've deployed a total of 7 PIX's, some 515-UR's as well, and I scored perfect on the PIX sections on the MCNS exam, but I'm hoping the Cisco book will have some good scenarios to practice. Thanks for your comments and Happy Holidays all! -Zeke Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29748t=29715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE:How to Route using same subnet [7:29750]
Bridging? John Kaberna CCIE #7146 NETCG Inc. www.netcginc.com (415) 750-3800 Instructor for CCBootcamp 5-day class www.ccbootcamp.com __ CCIE Security Training www.netcginc.com/training.htm chan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, I got a local loop from Office A to Office B, But i would like to use the same subnet (192.168.1.1~254). I dun want to further subnet it. Is the a way to do it? Router A -Router B Range (192.168.1.1~128)Range (192.168.1.254) Office A Office B Is there a way to do the route using the same range for both office without subnet it?? Thanks Chan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29751t=29750 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF/Frame -Network Type [7:28550]
Randy did you try and specify OSPF neighbors? That should solve your problem. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 McHugh Randy wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 4 routers with a frame switch inbetween them and configured r1 is the hub router with 2 dlci with one sub int to r2 and r3 and then 1 dlci with another sub int going to r4. r3 is the only router with physical interface and r1,r2,r3 all have sub interfaces and the dlci statements. R3 requires map statments to reach r2 and r4 . My questions is about the network type used in OSPF . If I change all frame ospf int network type to point to mulit point all my routes show up and OSPF works fine, but if I use all non broadcast OSPF net type then OSPF routes and are not there and OSPF does not work right. This lab calls for me to use the non broadcast OSPF network type. Does anyone know how I can make this config work using the non broadcast OSPF network type instead of point to multipoint? Thanks in advance. Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28554t=28550 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: contractor rate [7:28260]
I would also add that don't believe everything you read. I saw some CCNA/CCNP's with only a few years experience saying they bill $150-200 an hour. Sure that might have been true a year or two ago (although that's a ridiculous rate to pay for a mid level engineer) and probably for very short term contracts (like a couple of hours). I highly doubt any of them were paid that much for a contract of any length. With the number of unemployed and somewhat desperate people out there I would say $90-120 an hour for a W2 is excellent in the Bay Area. I think you will find there are a lot of guys with comparable experience that are willing to work for less. A Unix buddy of mine was charging $130-150 an hour last year and this year I've seen him work for as low as $42 an hour! If you have a stable job for something reasonably close to that I wouldn't be too anxious to make a move. Its not unusual to start a new contract and have it terminated a month later. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In answer to your direct question, yes that rate is low historically for someone with 10 years experience (which in my opinion, vastly outweighs the worth of the CCIE) in the Bay. But then of course these are unusual times. And yes, in general, as a contractor you cannot expect to be working 40 consistent hours per week for 50 weeks. In fact, working 75% of the time is considered to be exceptional. And in this kind of economy, who knows? Q Y wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, folks, Just want to have a general feeling about the CCIE contractor rate in Bay area. It is a W2 position, so no accountant, lawyer overhead. Is $90 to 120 low? It is a 1 year contract. I have 10 year experience and have a job now. After browsing this list, i saw so many people talking about $150 and above. Based on my calculation, $100 and 40 hr a week is about $200k. That's aweful lots of money. Any suggestion? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28427t=28260 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Press IDS Book - Recommendation [7:28450]
I read it and thought it was very good. There are only about 350 pages of real material that you need to read. The other 550 pages is mostly fluff. If you read and understand most of what is in the book the test is pretty easy. But, I would suggest at least having a router that is capable of doing some IDS functions and you should definitely load CSPM on to a NT 4.0 box. You can probably still pass without doing that, but you will find it a LOT easier if you have the CSPM application available while reading the book. It would be bonus if you had an IDS sensor as well. But, getting one is not cheap unless you know how to build one. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Did anyone read this book? I want to learn an prepar for the IDS exam. Cisco Secure Intrusion Detection System, by Earl Carter, Rick Stiffler. Cisco Press; ISBN: 158705034X Thanks, Hugo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28482t=28450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX On A PC? [7:28342]
For the cost of buying a new low-end PC you can get a 501. So, unless you need multiple interfaces its not really worth it. Plus, the 501 can run 6.x code and you can't with a 2MB flash card. Unless you've got a spare PC with the required parts lying around your best bet is to probably spend $500 bucks on a 501. If you do plan on building your own, there's not much more to it than building a skeleton PC. That's why there isn't much more info about how to do it. If you know about basic PC hardware then you can figure it out. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone got more details on this please. I've seen various posts but never any details. Usually they die off at the expense of a flash card. I've got a 520 being flash upgraded from 2Mb to 16Mb, so I wouldn't mind having a play with the old 2Mb card if it's a go'er. Cheers, Gaz George Murphy CCNP, CCDP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks Geoff. I appreciate the reply. I would have never found that. Geoff Zinderdine wrote: Murphy, George wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Howdy Folks, I have seen some posts before about running PIX on a PC a FrankenPIX so to speak. Anyone have any references on how to do this?. I have a clone box to use but need to know how to steps Thanks for any help.. Hansang Bae posted this on the lab mailing list a while back, I will save him the cut and paste: Here are the components that make up: Cisco LocalDirector 430/416 Cisco Pix Firewall 520 MOTHERBOARD: Intel Motherboard SE440BX-2 $ 100 NETWORK INTERFACE: Intel Pro100/B 10/100 NIC PRO100/B$ 40 - OR - Osicom 4 Ethernet Port PCI OLN-2404TX $ 900 ISA FLASH CARD: 16MB ISA Flash Card (PEP) CISCO - $ 700 - OR - 4MB ISA Flash Card (??)?? $ --? hsb Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28485t=28342 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Press IDS Book - Recommendation [7:28450]
Yes Navin I know what an NFR is. :) But, most people do not work for resellers. That's why I didn't mention it. But, I wouldn't pay even 2k for something I can build for a lot less. The only reason to pay for one is so you can get the CD's with 2.5 and 3.0 on them. Unfortunately they cannot be downloaded. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 NKP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi John , IDS sensor is available in NFR (Not for resell) to partners and resellers of Cisco for USD 2000 less the standard discounts. This book is excellent for anyone who is preparing for CSIDS. Navin Parwal **** / John Kaberna wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I read it and thought it was very good. There are only about 350 pages of real material that you need to read. The other 550 pages is mostly fluff. If you read and understand most of what is in the book the test is pretty easy. But, I would suggest at least having a router that is capable of doing some IDS functions and you should definitely load CSPM on to a NT 4.0 box. You can probably still pass without doing that, but you will find it a LOT easier if you have the CSPM application available while reading the book. It would be bonus if you had an IDS sensor as well. But, getting one is not cheap unless you know how to build one. John Kaberna CCIE #7146 www.netcginc.com (415) 750-3800 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Did anyone read this book? I want to learn an prepar for the IDS exam. Cisco Secure Intrusion Detection System, by Earl Carter, Rick Stiffler. Cisco Press; ISBN: 158705034X Thanks, Hugo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28511t=28450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie security advice [7:25024]
It really depends if you have a solid background with Cisco security products. The core topics are basically going to be the same between the two labs. AFAIK, the major difference is desktop protocols are removed and security stuff is added. I personally think that they can make the security stuff a lot harder than the desktop stuff. You'll have to pick your poison. Ccbootcamp/NETCG will be coming out with a lab subscription service in a few weeks. We've already begun writing labs. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm ron conry wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... can someone advise me on whether to go to ccie security route or to ccie routing and switching route? i am hearing that ccie security lab already has waiting list till jan/feb 2002. are there any practice labs available for ccie security? thanks in advance. -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Have you downloaded the latest calling software from Net2Phone? Click here to get it now! http://www.net2phone.com/cgi-bin/link.cgi?157 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25116t=25024 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco pix courseware [7:24871]
Cisco should be coming out with Cisco Press books on most of the CSS1 exams soon. I believe the IDS and VPN books are already out. People sell copies on eBay all the time, but the prices tend to be around $150-$200 per book. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm William Harrison wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Joe, If you get more than one, would you forward it on to me at [EMAIL PROTECTED] Thanks Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Black Sent: Wednesday, October 31, 2001 5:29 PM To: [EMAIL PROTECTED] Subject: cisco pix courseware [7:24871] Just wondering if anyone out there is interested in selling their Cisco courseware training guides particularly interested in the CSPFA (firewall advanced) and VPN thanks JOe Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24992t=24871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mentor Technologies Info (am I screwed?) [7:24825]
Does anyone know the names of the Senior management that ran Mentor Tech? It would be interesting to see if these guys surface at other training or tech companies. That way we could make sure we avoid doing business with those companies. I don't know the details, but it almost seems like these guys should get prison sentences for grand theft. That had to see it coming and they surely collected as much money as possible to line their golden parachutes. If anyone has info on who these guys are please post it. I'm sure some disgrunted former Mentor employees lurk on this board and wouldn't mind letting us know. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm J wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just wondering if I am the only person caught up in the Mentor Technologies apparant bankruptcy. I have paid for ECP-1 in Falls Chuch on Nov. 12th, called Mentor to find out what was going on once I heard they were going under. Nobody answering the phone, mail boxes full, lines busy, in short, nobody is home. I've made calls to the Consumer Protection Division of Annapolis's Attorney General, they gave me the bankruptcy court's number, but I haven't gotten thru there yet. I'd love to hear it if anyone has any suggestions/advice on how to get my $4,000.00 dollars back. Wasn't smart enough to pay via credit card, sent them a check. Thanks, = Jason Lynch MCP,CCNA,CCNP+Security,CCIE Written __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24852t=24825 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Study matls needed for CCIE (Security) written exam [7:22194]
There isn't anything available yet dedicated to the CCIE Security exam except for my book. My book was released today as a beta version so a few testers and within a week or two the first edition will be available. In the meantime, I highly recommend getting your CSS 1 if you don't have solid security knowledge. Good luck! John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm tam selvam wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello friends, I am looking for guidance to prepare for CCIE (security) written exam, like what are the books i should study and and which syllabus to follow and any simulation testss avail . Can anybody can help me. Regds Selvam Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22194t=22194 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Written Security Book [7:22239]
I am the author of the CCIE Security book being resold by NLI. I followed the blueprint exactly with the exception of moving some of the chapters around. It didn't make sense for Chapter 1 to start with Security Protocols when I haven't covered the basics yet. The blueprint doesn't make any logical sense in terms of an order of what to study first. The only chapter that is probably light is the General Networking chapter which covers networking basics, routing protocols, routed protocols, ISDN, etc. Those topics have had entire books written about them and I don't think it would make sense to go in to any great explanation about them. Basically, what I'm saying is that some people may complain there's not a configuration example for BGP Confederations. Well, my answer to that is please read the Halabi book. He wrote nearly 500 pages on the subject of BGP. There is a lot of assumed knowledge since this is an 'Expert level' book. The reason the book is $200 is because we are going to offer free updates except for shipping and a small handling fee (this fee covers our cost to print the boot itself). I don't want to see people pay for version 1 and then expect them to pay for an updated version a couple months later. If people have general questions they can be posted here and I will answer them. If you think the answer would benefit the entire group please post it here. Otherwise, email me offline. The beta version was shipped to 5 people this afternoon. Within 2 weeks I expect to be done with version 1. It will be sent to the printers at that time and it should ship a few days after that. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm james mensah wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Brad, What is the dept of this book vis-`-vis the exams blueprint? The same like your CCIE R/S book? Just being curious Spio -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Ellis Sent: Friday, October 05, 2001 4:29 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Written Security Book [7:22239] Will, Hi! I used it to pass the written. However, I should inform you, that I am affiliated with the company that is publishing the book (Network Learning). It's a good book, it has lots of good information on it. It's still in beta-release format so there may be some minor mistakes that need correcting. thanks, -Brad Ellis CCIE#5796 Network Learning Inc [EMAIL PROTECTED] used Cisco: www.optsys.net William Gragido wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Here is the $64,000 though, is it worth the money? Has anyone on the list used it to pass the written? I am interested, very interested in the book if it is truly worth the expense. Thanks, Will -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Wright, Jeremy Sent: Friday, October 05, 2001 12:13 PM To: [EMAIL PROTECTED] Subject: CCIE Written Security Book [7:22239] Here is the link to the written security book that was floating around early. I'm leaning on going this direction along with some other books: http://www.optsys.net/specials.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22295t=22239 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Study matls needed for CCIE (Security) written exam [7:22298]
Dennis, They are reselling my book and will be handling publishing, printing, shipping, etc. I wrote all of the content with the exception of a couple of pages. We are also working together on the labs. I plan on posting a sample lab within a couple weeks also. See my other posts if you still have questions. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I believe CCBootCamp already has a study guide put together for this exam. All their other stuff is good, so I would assume this is too... --- Dennis -Original Message- From: John Kaberna [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 11:50 PM To: [EMAIL PROTECTED] Subject: Re: Study matls needed for CCIE (Security) written exam [7:22194] There isn't anything available yet dedicated to the CCIE Security exam except for my book. My book was released today as a beta version so a few testers and within a week or two the first edition will be available. In the meantime, I highly recommend getting your CSS 1 if you don't have solid security knowledge. Good luck! John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm tam selvam wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello friends, I am looking for guidance to prepare for CCIE (security) written exam, like what are the books i should study and and which syllabus to follow and any simulation testss avail . Can anybody can help me. Regds Selvam Make a difference, help support the relief efforts in the U.S. http://clubs.lycos.com/live/events/september11.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22298t=22298 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX - Flash Memory Upgrade [7:22209]
You can't get 6.x on a Classic, 1, or 510. The latest you can go on those is 5.3. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Simionato, Joao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This question is for you PIX Firewall experts. I have a Cisco PIX Firewall (probably it's a PIX Classic, I'm not sure) and I would like to upgrade its hardware. I have 8MB of RAM and 2MB of Flash Memory. I think I won't have problems to upgrade the RAM memory, but in the case of the Flash Memory I don't know if I can upgrade it because my 2MB of Flash is composed by 4 chips (EPROMs) each one containing 512KB of Flash memory, summarizing 2MB. I have no available sockets to insert more chips. Is it possible to find EPROMS in the market containing at least 2MB for each chip so that I can upgrade my Flash Memory to 8MB ? My new hardware configuration will provide me the possibility of upgrading my software from 4.1(5) to new software version 6.0 ? Thanks in advance, Joco Paulo Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22299t=22209 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Solution for Site to site Wireless connection [7:22101]
Can I see the quote? There is no way you should pay $7500 per router. I am sure I could get a quote at about 10k. Email me offline. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Daniel Ma wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... We deployed some wireless bridges with 11Mbps throughput. We are seeking solutions which are not too expensive to encrypt 11Mbps. However, we calculated the cost, if we use cisco 2600 with VPN card, for one pair, the price easily goes over $15,000. Could any one provide solution around or under $10,000. Regardless the brand of products, as long as it works fine. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22112t=22101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Routing Examples Book (For CCIE LAB) [7:22008]
There is no such book. You can either buy the books that explain the configurations like Caslow's book or you can do practice labs. If you don't do practice labs like ccbootcamp you are going to have a very tough time passing the test unless you are very experienced. Even books like Caslow's only scratch the surface of what you would need to know. The lab is not something you can braindump in to a book. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Ashraf Wagih wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, does any body know good books that gives only configuration examples on all topics that are covered in the CCIE LAB exams (configuration scenarios like the ones that found in the CCIE LAB exams, no/few theoritical view) Regards Ashraf Syatems Engineer CCNP Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=22017t=22008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall [7:21924]
There are a couple of books, but it depends on what level of detail you are looking for. There isn't a book that covers the CSPFF or CSPFA exams yet. Andrew Mason's Cisco Secure Internet Security Solutions book covers the PIX fairly well if I remember correctly. The MCNS book might cover it too, but I didn't look at that book since I passed that exam before there was an MCNS book. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Guy Russell wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have been hitting every bookstore, looking for PIX books... I would like to get training guides, or admin guides, or whatever is available,... Anything out there anyone could recommend, and where to get it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21930t=21924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall [7:21924]
That is a ridiculous amount of money to pay for CD's IMO. Let us know how interactive they are and how well it does when simulating commands. If it's a bunch of slides that's a rip off. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Robertson, Douglas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cisco have two CBT's in the Learning Store that you can purchase, I think they cost around $550-00 for the two. I am just starting to review them now so I can not say how good they are, but I got the recommendations from this list some time ago. Log on to Cisco CCO then go to certifications, then go to Cisco Learning Store, click on shop all items and then search for PIX this will give two results. Cisco Secure PIX Firewall Advanced (CSPFA)1.0 Cisco Secure PIX Firewall Fundamentals (CSPFF) 1.1 Doug -Original Message- From: Guy Russell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 03, 2001 3:42 PM To: [EMAIL PROTECTED] Subject: Pix Firewall [7:21924] I have been hitting every bookstore, looking for PIX books... I would like to get training guides, or admin guides, or whatever is available,... Anything out there anyone could recommend, and where to get it? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21932t=21924 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Expert Labs: Multiprotocol Challenge [7:21943]
I used the one for Basic Voice over IP last year before most rack rental companies had them in their racks. I thought it was very good although it was a lot more info than I needed for the CCIE lab. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Derrick Monahan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone seen or used the Cisco Interactive Mentor CDs ? There is a new one coming out this month more for the CCIE level called: Expert Labs: Multiprotocol Challenge If anyone has any input and think its worth the money let me know. There is also one for ISDN, but I do not know if it is any good. Thanks Derrick Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21947t=21943 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoSecureACS to control terminal access to routers [7:21960]
You will need to configure each NAS in the ACS. I am using ACS 2.3(6) for Unix and it handles TACACS+ authentication for my SSH connections to my routers. Try setting up your NAS in the ACS and see if that helps. If not, post the NAS config. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Dennis Bailey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if anyone has been able to use CiscoSecure ACS for controling access to router console and vty lines. I am currently running ACS 2.5 and am using it for authentication of dialup and vpn remote access users. I have been trying to figure out how to use it to control access to my routers but seem to get to a point where authentication fails and the message in the failed attemps log is unknown NAS Is it necessary to define every device in cisco secure for this to work? I know I must be missing something simple, I can get it to work fine when I configure it for terminal access on one of my remote access routers (which are defined as NAS in cisco secure) but nothing else. Any ideas, links, examples, abusewhatever you feel is appropriate :-) Thanks, Dennis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21960t=21960 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is the CCIE really worth it??? [7:3485]
As of last week there are 279,000 MCSE's worldwide. I don't know what the CCNP numbers which is probably the comparable certification to the MCSE. Everything else you said I completely agree with. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Comments inline: wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When I lost my job last year due to downsizing I weighed my options; MCSE or CCIE...finished CCNP on April 30th so I guess that tells you my choice... HOWEVER, after getting the CCNP I began doing some job hunting, EVERY potential employer wanted MCSE/MCP and didn't care one way or the other about Cisco certs. I'm 48 yrs. old and really didn't care much about the MCSE because of the perceptions you stated (an MCSE on every corner), however I read several Microsoft books this summer (NT, W2K Pro, Exchange 5.5 2000) but haven't attempted any exams. On a whim I took the CCIE written this past Saturday. Didn't pass but I do believe the exam is far to easy. YES, to easy!! I came up a couple answers short but really put no effort into preparing for the exam!! Anyway back to CCIE, aside from the CCNP studies, which I finished in the spring, I read mostly from the Cisco CD (Internetworking Technology Overview, Case Studies, Design etc) and Lou's Token Ring paper (Thank You Dennis for the TR quizzes) but DID NOT read any of the popular books i.e. Halibi, Caslow, Doyle endorsed here. I didn't read them for a reason and that was to see if I could pass WITHOUT their input and if I hadn't scr*^ewed up a couple security questions I would have passed AND THEN I would really have been PISSEDhaving a qualification to THE LAB and basically only theoretical knowledge base. I chose the CCIE route BECAUSE it was supposed to be the crown jewel of networking!!! my .02 worth Rick I'm not sure, but I think that you may have fallen into one of the most common traps in the IT cert world - which is believing that the CCIE written exam is comparable to the lab. I can assure you that the difficulty of the written is perhaps 5% as difficult as the lab exam, and perhaps less than 1%. Simply put, the difference between the written and the lab is like night and day, and anybody who has tried both would agree, I'm sure (does anybody out there who has tried both exams disagree?). About those books that you mentioned - Caslow, Doyle, Halabi, etc. I believe that when people recommended them, they were doing so for the lab exam. I can recall nothing in those books that was useful for the written. But I doubt that there is a single person who has passed the lab lately who has not read them. About your notion that the written is too easy, I agree completely. This has actually been well-known within the CCIE community - that the written exam was simply not getting the job done. Hence, Cisco is now rewriting the written and it is expected that it will be much harder and more representative of what the CCIE program will be all about. You also stated that the Microsoft certs are more useful in getting work than Cisco certs, implying that Microsoft certs are more useful than Cisco certs. I believe that it all comes down to the interactions of supply and demand that determines the value of anything in this world. It is most certainly true that there are more positions available for Microsoft trained people (higher demand), as a typical organization needs many more Microsoft admins than Cisco admins. But that's not the whole side of the story, because you have neglected the supply side of the equation. I would certainly agree that if there were an equal number of Cisco-certified people in the world as there are Microsoft-certified people, than the Microsoft cert would be more valuable. I don't recall the exact numbers, but I do know there this is not the case - there are many many more Microsoft-certified people than there are Cisco people. The proof of the pudding is in the eating. CCIE's tend to have better jobs than MCSE's do, and this is because of the disproportionately low supply of CCIE's vs. the supply of MCSE' that easily compensates for the lower demand. I'll give you an extreme analogy. My favorite spectator sport is NFL football. We all know that star NFL quarterbacks make millions. But is that due to some huge demand for QB's? Not really - there are only 32 NFL teams, so there is a worldwide demand of only 32 starting quarterbacks. So how is it that these guys, especially the stars, can make so much money? Simple - there are at most 50 or maybe 75 people in the world who can be legitimate NFL starting quarterbacks. Of that, maybe only 5-10 of them can legitimately be consi
Re: CCIE Security written [7:21641]
I'm going to take it in a couple weeks and the lab shortly after that. I know Brad Ellis took it and there is a specific group on Yahoo for the Security CCIE. Check this URL: http://groups.yahoo.com/group/cciesecurity John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Group, Has anyone taken the CCIE Security written exam yet? Failing that is anyone about to take it? Steven Dangerfield CCNP, CCSA, CSE Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21643t=21641 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is the CCIE really worth it??? [7:3485]
I'd like to add that I highly doubt that any of the JNCIE's have little to no experience. It's not like there is a ton of training materials and bootcamps out there. The JNCIE's have to rely on real experience far more than the CCIE or any other cert. But, I do think that 225k as an average is very high. I'd be willing to be it's not within 50k of that number. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Baker, Jason wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... and you forgot to add Juniper might fall over, due to economic reasons as they do not have a huge market share and might not be around in months/years to come. and 225k for a newly certified Juniper person with little to no experience is a bit much, so i am assuming that the person has more skills and knowledge, so this is not really comparable to the MCSE now is it ? AS you are not just comparing the cert you are comparing on the person knowledge/sill set which varies hence why you see people with different certs paid varying levels. What it is really boils down to, is how much each company is willing to fork out for employees and what they bring to the company. So saying the juniper cert will get you 225k is WRONG. -Original Message- From: nrf [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, 3 October 2001 7:26 am To: [EMAIL PROTECTED] Subject: Re: Is the CCIE really worth it??? [7:3485] By the same token, you could say that the Juniper JNCIE is completely worthless compared to the MCSE, cuz like you said there are a hell of a lot more Windows boxes to babysit than Juniper routers. Yet, the average JNCIE takes in well over $225,000 per annum, which is rather higher than the average MCSE, I would say (sure, some super-MCSE's make more, but I'm talking averages here). The reason behind this is clear to me - while there is clearly less demand for Juniper-trained people, this is easily compensated for by the ridiculously low supply of JNCIE's (17 at last count, 2 or 3 new ones minted every month). Or, yet another analogy. There is massive demand for low-skilled labor in the country, more than for CCIE's, more than for MCSE's, more than for anything.Flipping burgers, mopping floors, stocking shelves, bussing tables, picking fruit, that kind of thing. Every company could use an extra pair of hands. Sure, you can say that more companies have PC's to take care of, but not routers. But at the same time, even more companies don't have PC's to take care of, but have unskilled labor to do (i.e. restaurants, department stores, farms, supermarkets, etc.) So from the really high demand for this manual labor, can you assume that on average these jobs pay well (or at least higher than minimum wage)? No, of course not, and that's because of the massive amount of supply of unskilled labor out there, which keeps wages low.Almost anybody can mop a floor or bus a table. So the high demand is swamped by the gigantic supply of available manpower. The point is that you cannot look at the demand side alone, you must factor in the supply side as well. Now, there's no doubt, the market has crashed more for the CCIE than the MCSE. But even after the crash what I see is that CCIE's still pull in more than MCSE's do, and with much less competition (i.e. when my buddies apply for a Microsoft-admin job, there are 40-50 other dudes competing with them for the same job, but when I apply for a CCIE-type job, there are maybe only 2-3 candidates, and sometimes none) . This is a natural consequence that it is much harder to find a Cisco guy than a Microsoft guy, and this still compensates for the fewer Cisco jobs that are around. Now you might say that the demand for Cisco will continue to fall, and ultimately the CCIE will not mean much. Sure, that's absolutely possible. But then, you might also say that things might happen in the Microsoft world to make MCSE's less valuable. For example, Novell might make a comeback with Netware6 and eat into the market share of NT/2000. Microsoft might run into more trouble with the Justice Department, and this might hamstring them because they will be more worried about fighting in court than in developing their products, and competitors might use this valuable time to produce a viable competitive product (i.e. Linux with a version of Samba that is fully compatible with W2Kserver, including AD). The point is that nobody really knows what the future will bring, so it is difficult to make judgements based on what is going to happen in the future. We only know what is happening now, and right now, CCIE-level jobs still pay better than MCSE-level jobs, although admittedly the gap is not as wide a
Re: Is the CCIE really worth it??? [7:3485]
You have a fundamental flaw in your comparison of sales. You are only looking at 1 year of sales. If you compare the amount of equipment currently running you will find a much greater percentage than 22:1. I'm sure there are plenty of JNCIE's that make 200+ a year. But, I am just doubting that is an average that's all. I do not believe that the average JNCIE makes double what a CCIE makes. If that's really true I'm going to go learn Juniper. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm nrf wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, I can't prove that salary number to you. But just consider some of these facts. There are only 17 JNCIE's in the world right now . The demand for Juniper skills is clearly there, as according to Yahoo Finance, Juniper sold $1 billion of revenue in the last 12 months, so clearly somebody has been buying their stuff. Again, according to Yahoo, Cisco sold $22 billion of stuff in the last 12 months, for a ratio of 22:1 in sales vis-a-vis Juniper. A very simplistic assumption would be that if Cisco sells 22 times more stuff, then there should be 22 times more CCIE's than JNCIE's for the supply-demand curves of each to be equivalent. Yet right now, there are about 6500 CCIE's, for a ratio of about 380:1, or about 17 times higher than what would be the case if the supply-demand curves were equivalent. Now, we both know that CCIE's make good money. There is a lot of dispute about exactly how much, but we both know it's rather high. Now, consider a situation where the number of CCIE's was decreased to 1/17 of what it is now. In such a world. I don't think it is at all outrageous to think that CCIE's would make $225,000 a year, or even more, in that kind of world. Now I actually think that the above assumption is actually biased in favor of Cisco. This is because quite a bit of their revenue is drawn from products that have nothing to do with the CCIE program. For example the ONS optical stuff. Or IP telephony. Sales of this gear would imply a greater demand for people who know those skills, but not necessarily CCIE's (I, for example, know almost nothing about the ONS line). Whereas Juniper basically sells only routers, and router components. So there is a much clearer link between the JNCIE and Juniper sales than there is the CCIE and Cisco sales. I would actually argue that the real ratio of CCIE's to JNCIEs should actually be substantially less than 22:1, which therefore makes the accompanying analysis even more stark and slanted in favor of the JNCIE. John Kaberna wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'd like to add that I highly doubt that any of the JNCIE's have little to no experience. It's not like there is a ton of training materials and bootcamps out there. The JNCIE's have to rely on real experience far more than the CCIE or any other cert. But, I do think that 225k as an average is very high. I'd be willing to be it's not within 50k of that number. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Baker, Jason wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... and you forgot to add Juniper might fall over, due to economic reasons as they do not have a huge market share and might not be around in months/years to come. and 225k for a newly certified Juniper person with little to no experience is a bit much, so i am assuming that the person has more skills and knowledge, so this is not really comparable to the MCSE now is it ? AS you are not just comparing the cert you are comparing on the person knowledge/sill set which varies hence why you see people with different certs paid varying levels. What it is really boils down to, is how much each company is willing to fork out for employees and what they bring to the company. So saying the juniper cert will get you 225k is WRONG. -Original Message- From: nrf [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, 3 October 2001 7:26 am To: [EMAIL PROTECTED] Subject: Re: Is the CCIE really worth it??? [7:3485] By the same token, you could say that the Juniper JNCIE is completely worthless compared to the MCSE, cuz like you said there are a hell of a lot more Windows boxes to babysit than Juniper routers. Yet, the average JNCIE takes in well over $225,000 per annum, which is rather higher than the average MCSE, I would say (sure, some super-MCSE's make more, but I'm talking averages here). The reason behind this is clear to me - while there is clearly less demand for Juniper-trained
Re: CSS1 - Books available (my findings, what are yours...) [7:21635]
I am considering writing a book for the CSS1. Since I've already written the CCIE Security book a lot of the information will be repeated. But, I don't really want to compete with CP for the long term. However, as you stated they are still a ways from having all 4 books done. If I had enough interest I would probably put one out so that people don't have to wait several months. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Ole Drews Jensen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... After finishing my CCNP, I am now looking towards CSS1, but I cannot find many books out there. The only ones I have found that are made for the exams are all from Cisco Press, and only one of them are out. Two others are on the way, and the last one is not even on the drawing board yet. I have gathered my discoveries so far on http://www.oledrews.com/css1 - so if you know of a book that I have not listed, please let me know. Also, this list can be used by others going for the CSS1 to get a selection of books available. Another thing, all the exams except for MCNS has the exam number 9E0-57x - but the MCNS has 640-442. Could that mean that it is about to expire, but that Cisco has yet not notified about it? Thanks for any comments to this, Ole Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] http://www.RouterChief.com NEED A JOB ??? http://www.oledrews.com/job Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21635t=21635 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE-Security Written [7:21140]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would say the PIX will gain a lot of market share because of the 501 and 506. You can't get a Checkpoint box that will run on a decent box for the prices of the 501 and 506. Some may disagree on that. But, there's no reason not to get both Cisco and Checpoint certs. Checkpoint is a great product and it's not going away anytime soon. It really depends on what you think you'll be exposed to. John Kaberna CCIE #7146 NETCG Inc. Cisco Premier Partner www.netcginc.com (415) 750-3800 __ CCIE Security Training www.netcginc.com/training.htm Paul Jin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The word out on the street is that Brad Ellis here on the forum is going to start studying for it... Can u confirm brad? also, for those that are going to start on some security specialization, which do you guys think will be more in demand - Pix side or the Checkpoint side??? Nondisclosure violations to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBO7MHgEalz3dLMFzwEQJo5QCgwMxOTsGZ+HzC6G5ozoClU4v2LKAAoPGv 2ZR/JbyIcbV4aPcMKAkfItLV =cUiQ -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=21277t=21140 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Best Materials For CCIE Written and Lab Exams [7:16196]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Those are good starting points but as you get the hang of lab work you'll want to start doing Fatkid, Solution Labs, and of course ccbootcamp. John Kaberna CCIE #7146 NETCG Inc Cisco Premier Partner www.netcginc.com (415) 750-3800 Fax: 750-3900 __ CCIE Security Training: www.netcginc.com/training.htm CCIE Routing/Switching Training www.ccbootcamp.com George Murphy CCNP, CCDP wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Folks, I am seeking advice on materials for the CCIE written and lab exams. I have been considering the McGraw Hill All-In-One CCIE study guide as well as their CCIE Lab Practice Kit. I have been watching the published dates of these and considering that as a factor but would appreciate any suggestions or feedback from anyone who has found any of the resources available out there to be the best (CCPrep, Boson etc, etc). I have also read reviews on each one but value responses from this list more. Thanks for any assistance. Nondisclosure violations to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBO3sEWTeIsyIIPGJPEQJF5gCfZoACVevzTBrxMWgWKKIcBMmrgMYAn1li D20MZFX3WX2m7NcwDOyHb6SA =0IjA -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=16235t=16196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: HP Openview Training Materials
Sorry to bother the group with such an off-topic. I'm wondering if anyone has taken the NNM classes and has a copy of the training material they could copy or sell. Please email me offline so as to not further disturb the group. Thanks in advance. John Kaberna CCIE #7146 NETCG Inc www.netcginc.com (415) 750-3800 Fax: 750-3900 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Bye
Well the past couple weeks have been fun but reading through over 100 emails a day is too much. I thought this list might have helped me along but mostly it just wasted valuable time. There is never a shortage of stupid questions and people that don't know how to read the archives to get 80% of the questions answered. If I have to read one more question asking what book to read for the CCNA or some other test I'm gonna be sick. In the span of 6 days I read all the books and passed the pathetic CCNP. What a joke that test was. For those of you that asked me aboutthe Foundation test it was terribly easy. Anyone that even reads the material and half understands it will pass. As far as the whiners, snitches, and morons you know what I think of you. People like youallow me to command a higher and higher rate every few months cause no one wants to work with someone like that. Keep it up. I even had one crybaby by the name of Louie Belt tell me he was going to have me removed from this list and have my hotmail account terminated. LOL. Apparently he thought he was so influential that he had the power to terminate my accounts just cause I called him a name. :) Nice try. For those that I've had positive interaction with feel free to email me if you havequestions or want to chat. See ya. John
Re: Bye
You put a lot of thought in to that one huh genius. Another moron. sigh - Original Message - From: RHM To: John Kaberna ; [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 3:29 AM Subject: RE: Bye Are you gone yet?? rob -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John KabernaSent: Thursday, September 21, 2000 12:44 AMTo: [EMAIL PROTECTED]Subject: Bye Well the past couple weeks have been fun but reading through over 100 emails a day is too much. I thought this list might have helped me along but mostly it just wasted valuable time. There is never a shortage of stupid questions and people that don't know how to read the archives to get 80% of the questions answered. If I have to read one more question asking what book to read for the CCNA or some other test I'm gonna be sick. In the span of 6 days I read all the books and passed the pathetic CCNP. What a joke that test was. For those of you that asked me aboutthe Foundation test it was terribly easy. Anyone that even reads the material and half understands it will pass. As far as the whiners, snitches, and morons you know what I think of you. People like youallow me to command a higher and higher rate every few months cause no one wants to work with someone like that. Keep it up. I even had one crybaby by the name of Louie Belt tell me he was going to have me removed from this list and have my hotmail account terminated. LOL. Apparently he thought he was so influential that he had the power to terminate my accounts just cause I called him a name. :) Nice try. For those that I've had positive interaction with feel free to email me if you havequestions or want to chat. See ya. John
Re: Bye
Chris Don't be jealous. I've contributed plenty of useful info and I think there's several people that will attest to that.Maybe you don't read your emails. Never in my life have I failed a Cisco test. I have the stupid CCNA, CCDA, and CCNP. I just don't go around bragging about it like its a big deal. If you guys really want me to scan them to prove your a bunch of jealous idiots I will. - Original Message - From: Chris Larson To: RHM ; John Kaberna ; [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 8:12 AM Subject: Re: Bye Yeah no kiddin. I think you are really just angry at everyone because you can't seem to pass any of the tests. I have not seem a single post from you (John) with any relevant technical information at all. Just a bunch of angry sideways comments. All you have to do is study a little, drop the attitude and you will get certified someday. - Original Message - From: RHM To: John Kaberna ; [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 6:29 AM Subject: RE: Bye Are you gone yet?? rob -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John KabernaSent: Thursday, September 21, 2000 12:44 AMTo: [EMAIL PROTECTED]Subject: Bye Well the past couple weeks have been fun but reading through over 100 emails a day is too much. I thought this list might have helped me along but mostly it just wasted valuable time. There is never a shortage of stupid questions and people that don't know how to read the archives to get 80% of the questions answered. If I have to read one more question asking what book to read for the CCNA or some other test I'm gonna be sick. In the span of 6 days I read all the books and passed the pathetic CCNP. What a joke that test was. For those of you that asked me aboutthe Foundation test it was terribly easy. Anyone that even reads the material and half understands it will pass. As far as the whiners, snitches, and morons you know what I think of you. People like youallow me to command a higher and higher rate every few months cause no one wants to work with someone like that. Keep it up. I even had one crybaby by the name of Louie Belt tell me he was going to have me removed from this list and have my hotmail account terminated. LOL. Apparently he thought he was so influential that he had the power to terminate my accounts just cause I called him a name. :) Nice try. For those that I've had positive interaction with feel free to email me if you havequestions or want to chat. See ya. John
Re: Bye
I know what you mean. I've actually received a couple dozen emails directly of people that agree with me and want to keep in contact. So, I don't think the list was a waste of time. But, going forward I think it's just too many emails and too many battles of wits with the unarmed. As everyone knows there is no such thing as stupid questions only stupid people. :) I wish you the best in your future endeavors as well. John - Original Message - From: Circusnuts [EMAIL PROTECTED] To: John Kaberna [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 5:21 AM Subject: Re: Bye John- I honestly sincerely wish you the best. As far a your view on GroupStudy... I've been around for over a year now you are far from the first announce such a view. In fact, I remember that last fellow said he had read all the books was now a CCIE. Anywho- its not for everyone, but I have made friends "on this list" who have helped with resumes, setting-up interviews that led to jobs, meeting people in interviews that I realized I knew from this list, given me books, helped me figure out old Cisco equipment, helped me repair equipment, I've received lab advice, bought equipment from, sold equipment to, received helped with configs, "Oh Ya," I've had a couple of hundred question (some stupid) answered over the past year too. This has been my reward for weeding through the E-mails. I just hope I've been a gracious enough servant, to have given of what I have received :-) All the best !!! Phil - Original Message - From: John Kaberna To: [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 4:43 AM Subject: Bye Well the past couple weeks have been fun but reading through over 100 emails a day is too much. I thought this list might have helped me along but mostly it just wasted valuable time. There is never a shortage of stupid questions and people that don't know how to read the archives to get 80% of the questions answered. If I have to read one more question asking what book to read for the CCNA or some other test I'm gonna be sick. In the span of 6 days I read all the books and passed the pathetic CCNP. What a joke that test was. For those of you that asked me about the Foundation test it was terribly easy. Anyone that even reads the material and half understands it will pass. As far as the whiners, snitches, and morons you know what I think of you. People like you allow me to command a higher and higher rate every few months cause no one wants to work with someone like that. Keep it up. I even had one crybaby by the name of Louie Belt tell me he was going to have me removed from this list and have my hotmail account terminated. LOL. Apparently he thought he was so influential that he had the power to terminate my accounts just cause I called him a name. :) Nice try. For those that I've had positive interaction with feel free to email me if you have questions or want to chat. See ya. John **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bye
Don't be mad cause you've been studying for 6 months and still haven't accomplished what took me a week. :) Keep it up though dude. There is a scene in a movie that reminds me of you Juan. See if anyone can recognize it. Its not exact but a couple people will know it. Right now I'm washing lettuce. A few more months I'll be on fries. A couple of years. And I make assistant manager. And thats when the big bucks start rollin in. grin - Original Message - From: Juan Blanco [EMAIL PROTECTED] To: 'Chris Larson' [EMAIL PROTECTED]; John Kaberna [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, September 21, 2000 8:46 AM Subject: RE: Bye That seems to me the joke of the new millennium. -Original Message- From: Chris Larson [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 21, 2000 11:10 AM To: John Kaberna; [EMAIL PROTECTED] Subject: Re: Bye Yeah right. YOu read all the books and passed the test in 6 days. Sure ya did. - Original Message - From: John Kaberna mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Thursday, September 21, 2000 1:43 AM Subject: Bye Well the past couple weeks have been fun but reading through over 100 emails a day is too much. I thought this list might have helped me along but mostly it just wasted valuable time. There is never a shortage of stupid questions and people that don't know how to read the archives to get 80% of the questions answered. If I have to read one more question asking what book to read for the CCNA or some other test I'm gonna be sick. In the span of 6 days I read all the books and passed the pathetic CCNP. What a joke that test was. For those of you that asked me about the Foundation test it was terribly easy. Anyone that even reads the material and half understands it will pass. As far as the whiners, snitches, and morons you know what I think of you. People like you allow me to command a higher and higher rate every few months cause no one wants to work with someone like that. Keep it up. I even had one crybaby by the name of Louie Belt tell me he was going to have me removed from this list and have my hotmail account terminated. LOL. Apparently he thought he was so influential that he had the power to terminate my accounts just cause I called him a name. :) Nice try. For those that I've had positive interaction with feel free to email me if you have questions or want to chat. See ya. John **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and OSPF
Actually I wasn't even flaming you it just took a while for you to respond and I wanted to help right away. But, you had to start with the stupid comments. For someone that is trying to run an IGP on their Internet router with a PIX in between you've got little reason to say I'm useless. At least I know how to configure a PIX and design a proper network. I'll just add you to the list of the not so bright. John - Original Message - From: Nabil Fares [EMAIL PROTECTED] To: 'John Kaberna' [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, September 20, 2000 6:33 AM Subject: RE: PIX and OSPF John, I'm not asking you to do my work, especially you! You seem very useless at this point, repeating other members' comments. I thought this list is to get suggestions, and help each other out. Now, for the second part of your question, I would be more than happy to expalin why am doing this (let me know if interested). Sorry guys about this email to John. Nabil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Kaberna Sent: Tuesday, September 19, 2000 8:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: PIX and OSPF Ah yes Omar. Hey Fares we cannot do your work for you. Care to enlighten us why you would want to do this? John - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 4:41 PM Subject: RE: PIX and OSPF this is not my scenario. maybe there are no internet routers, and both are internals. just ask Nabil Fares [SMTP:[EMAIL PROTECTED]] -Mensaje original- De: John Kaberna [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 8:40 PM Para: Omar Baceski; [EMAIL PROTECTED] Asunto: Re: PIX and OSPF You are still not making any sense at all. Why do you want your internal network to share routing info with your Internet router? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 4:10 PM Subject: RE: PIX and OSPF because the pix will see the multicast traffic as broadcast, then dropiing it, then not getting any adjacency on the routers. I had have the same problem 2 weeks ago. exactly the same issue if you work with EIGRP. -Mensaje original- De: John Kaberna [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 7:35 PM Para: Omar Baceski; [EMAIL PROTECTED] Asunto: Re: PIX and OSPF Like Howard mentioned early. Why would you do this? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 3:05 PM Subject: RE: PIX and OSPF let me explain you must make a conduit that let pass the ospf unicast traffic from JUST one router to the other. and if you are really paranoid you can put md5 auth on both routers too. -Mensaje original- De: Howard C. Berkowitz [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 6:13 PM Para: [EMAIL PROTECTED] Asunto: RE: PIX and OSPF you can put an explicit neighboring between the routers to avoid using multicast. then you need to put a coumple conduits to let ospf passtrough. But why do you want to pass through? It seems counter to good security practice. -Mensaje original- De: Nabil Fares [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 2:38 PM Para: [EMAIL PROTECTED] Asunto: PIX and OSPF Greetings, I'm testing PIX515 and I've couple of questions concerning OSPF. I'll be installing a PIX between 2 7XXX router: Router-C1--PIX515--Router-C2 OSPF OSPF Do I've to do anything special on PIX to pass OSPF? Any help is great. thanks, Nabil **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines
Re: Cisco 3640 grunty enough for full-BGP routing?
So your saying these 2 7513's are identical except one runs BGP and the
other doesnt? I doubt that. You cannot compare 2 routers and then deduct
the memory usage from the one that is not using BGP and say that is what BGP
is using. You need to do a show ip bgp summary.
John
- Original Message -
From: Spolidoro, Guilherme [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 19, 2000 10:39 AM
Subject: RE: Cisco 3640 grunty enough for full-BGP routing?
We use Ciscos 7513 with IOS 12.05T1 and 128Mb.
Today full routing means about 80K bgp entries and it uses (including IOS,
etc) 80Mb from the 128Mb. I was comparing this with another router that
does
not receive BGP. The second one uses less than 15Mb, what means that the
BGP
tables are about 65Mb bigger, take it or leave it.
My recommendation? Buy 128Mb for the 3620 and you'll be fine. It might be
slow when receiving the tables for the first time, but after 5-10 minutes
everything will look normal again.
Good luck.
-Original Message-
From: Ejay Hire [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 19, 2000 10:11 AM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 3640 grunty enough for full-BGP routing?
About two days ago, I was reading an RFC written in 1996 (RFC 1772 or
1773..) and it talked about how the BGP database would fit into 64 mb of
ram
in 1995, and all of it would fit except for sprint in 1996, and all of it
would fit except for sprint and ...
You cannot fit the entire BGP table into 20 Mb's of RAM. If you don't
have
any input filters set up, then your Isp('s) or someone upstream of them is
filtering. (Filtering a LOT...Like 80%).
You can connect to a looking glass at www.merit.edu, and see the tables.
There is even a section you can ftp to to download the whole database.
Original Message Follows
From: "John Kaberna" [EMAIL PROTECTED]
Reply-To: "John Kaberna" [EMAIL PROTECTED]
To: "Guyler, Rik [EESUS]" [EMAIL PROTECTED],"Jeff Wang"
[EMAIL PROTECTED],"Cisco Groupstudy (E-mail)"
[EMAIL PROTECTED]
Subject: Re: Cisco 3640 grunty enough for full-BGP routing?
Date: Mon, 18 Sep 2000 13:15:41 -0700
Cisco 3640 grunty enough for full-BGP routing?The BGP routing table itself
takes up less than 20MB of memory last time I checked (only a couple
months
ago). I don't have access to a router running full BGP routes right this
moment but someone should verify this. I am fairly certain it is less
than
20. So, you can run it just fine on a 3640 with 128mb. I completely
disagree with this "experienced" CCIE. However, his routers may have
several other services running on them that use a lot of memory. A 3640
with 128mb used simply as an Internet router running BGP will have no
trouble now or in the near future. Does anyone have a 3640 w/BGP that
could
provide some current stats?
John
- Original Message -
From: Guyler, Rik [EESUS]
To: Jeff Wang ; Cisco Groupstudy (E-mail)
Sent: Monday, September 18, 2000 9:13 AM
Subject: RE: Cisco 3640 grunty enough for full-BGP routing?
A CCIE, experienced in the service provider market, just recently told
me
that a 3640 *might* be OK at first, but it would really be a strain to
keep
the entire routing table. His reasoning is that 128MB RAM barely covers
the
requirements and will allow no room for growth. He went on to say that if
you can, use 256MB, 512MB, etc. as new routes that are added in the future
will drive your memory requirements beyond 128MB.
Rik Guyler
-Original Message-
From: Jeff Wang [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 18, 2000 12:18 AM
To: [EMAIL PROTECTED]
Subject: Cisco 3640 grunty enough for full-BGP routing?
Hi all,
Just a quick question regarding 3640 with 128MB DRAM. Will it be
grunty enough to run full-BGP, talking to two different providers and
getting full routes, with one E1 2Mbps WAN link to each provider? What's
your minimum configuration from experience?
TIA,
Jeff Wang
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list
Re: CCIE Questions...
You people spend way too much time snitching. I bet a lot of you got beat up and teased frequently in high school. Let Cisco worry about its NDA. It doesn't need a bunch of dorky Boy Scouts (and Girls Scouts of course) doing its job for them. Geez people some of you need to get a life. John PS. You can report me to [EMAIL PROTECTED] when you want to whine about what I have to say. - Original Message - From: Lori S Carter [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Bradley J. Wilson [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 8:41 AM Subject: Re: CCIE Questions... Go to the site www.brobeck.com. They represent Cisco and other "big names" in stuff like this. Send an email to Michelle Falkoff. She's one of the lawyers who represent Cisco. Lori -- On Mon, 18 Sep 2000 12:22:14 Bradley J. Wilson wrote: I looked up the original poster's website...in his "Technical Certifications" section he's got "CCIE *pursuing*" [emphasis mine]. Heck, if I put down every cert I'm "pursuing," my rezzy would be 10 pages long... Anyway, who wants to be the Thought Police on this one? I'm assuming there's someone from Cisco who's responsible for monitoring Cisco-related newsgroups and mail lists for NDA breaks, but then again maybe not - what a job from hell that would be. Thanks for the study break. ;-) - Original Message - From: Louie Belt To: 'FRS' ; [EMAIL PROTECTED] Sent: Monday, September 18, 2000 12:00 PM Subject: RE: CCIE Questions... If these questions are in fact from 350-001 then the original poster needs to be turned in to Cisco so that they can "re-evaluate" his status. LAB Who is John Galt? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of FRS Sent: Monday, September 18, 2000 9:32 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Questions... These questions are from Exam 350-001. The NDA has been broken. ""Derek Chung"" [EMAIL PROTECTED] wrote in message 8q2d0a$8kk$[EMAIL PROTECTED]">news:8q2d0a$8kk$[EMAIL PROTECTED]... Question 1: Router A and Router B are configured to route IP to each other over a serial line. Host A is connected to Router A and Host B is connected to Router B. A packet is sent from Host A to host B. A hit on the serial line causes an error in the packet. Retransmission is sent by: Question 2: During the middle of a TCP conversion across a routed backbone, the network receives a voltage spike and several of the packets are damaged. Where are the packets retransmitted from? Question 3: Computer1 [Segment A]---RouterA--RouterB--[SegmentB]--Comp u ter2 A packet is sent to Computer 2 from Computer 1. A collision occurs on Segment B. Which device will retransmit the frame and what will the source MAC address be (when the packet actually reaches Segment B)? Question 4: When computer A sends a frame to computer B across many routers, how will the source and destination layer 3 addresses change? How will the source and destination layer 2 addresses change? **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE Email and Voicemail at Lycos Communications at http://comm.lycos.com **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router Bootup Problem
If its new or under warranty call Cisco and get an RMA. Otherwise you'll have to buy a new one and xmodem an image on to it. John - Original Message - From: Peter Gray [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 4:59 PM Subject: Router Bootup Problem I have got a corrupt flash on my router. It goes to ROMMON after starting. IP doesn't start and it goes to same mood even if I change config-reg to 0x2101 . Its a 2600. See the startup message. System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2600 platform with 24576 Kbytes of main memory device does not contain a valid magic number boot: cannot open "flash:" boot: cannot determine first file name on device "flash:" System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2600 platform with 24576 Kbytes of main memory device does not contain a valid magic number boot: cannot open "flash:" boot: cannot determine first file name on device "flash:" System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2600 platform with 24576 Kbytes of main memory rommon 1 Any comments! _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Questions...
Everyone that uses ANY kind of testing software is assuredly part of violating the NDA. Those people that create those tests do it every day and then we use their material to study. Where do you think they come up with the questions that are exact or damn near the real test? So, unless you don't use testing software your just as guilty as the guy everyone is whining about. Besides, certifications don't mean squat if you can't back it up. I've seen plenty of CCNP's that don't know sh!t and they didn't violate the NDA. Written tests are all cheap if you ask me. The only cert that means a thing in my opinion is the CCIE lab. John - Original Message - From: Louie Belt [EMAIL PROTECTED] To: 'John Kaberna' [EMAIL PROTECTED]; 'Lori S Carter' [EMAIL PROTECTED]; [EMAIL PROTECTED]; 'Bradley J. Wilson' [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 1:00 PM Subject: RE: CCIE Questions... John, the reason we despise those who violate the NDA is that they cheapen the Cisco certifications for all of those who worked, studied and followed the rules to get their certifications. Why would we let someone lessen the value of what we have achieved? We do not want Cisco's certifications to become worthless and everyone who violates the NDA, cheapens the value of our work and effort. Is that your goal? Louie "Thinking is man's only basic virtue, from which all others proceed. And his basic vice, the source of all his evils, is that nameless act which all of you practice, but struggle never to admit... the refusal to think; not blindness, but the refusal to see; not ignorance, but the refusal to know." - John Galt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Kaberna Sent: Tuesday, September 19, 2000 2:18 PM To: Lori S Carter; [EMAIL PROTECTED]; Bradley J. Wilson Subject: Re: CCIE Questions... You people spend way too much time snitching. I bet a lot of you got beat up and teased frequently in high school. Let Cisco worry about its NDA. It doesn't need a bunch of dorky Boy Scouts (and Girls Scouts of course) doing its job for them. Geez people some of you need to get a life. John PS. You can report me to [EMAIL PROTECTED] when you want to whine about what I have to say. - Original Message - From: Lori S Carter [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Bradley J. Wilson [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 8:41 AM Subject: Re: CCIE Questions... Go to the site www.brobeck.com. They represent Cisco and other "big names" in stuff like this. Send an email to Michelle Falkoff. She's one of the lawyers who represent Cisco. Lori -- On Mon, 18 Sep 2000 12:22:14 Bradley J. Wilson wrote: I looked up the original poster's website...in his "Technical Certifications" section he's got "CCIE *pursuing*" [emphasis mine]. Heck, if I put down every cert I'm "pursuing," my rezzy would be 10 pages long... Anyway, who wants to be the Thought Police on this one? I'm assuming there's someone from Cisco who's responsible for monitoring Cisco-related newsgroups and mail lists for NDA breaks, but then again maybe not - what a job from hell that would be. Thanks for the study break. ;-) - Original Message - From: Louie Belt To: 'FRS' ; [EMAIL PROTECTED] Sent: Monday, September 18, 2000 12:00 PM Subject: RE: CCIE Questions... If these questions are in fact from 350-001 then the original poster needs to be turned in to Cisco so that they can "re-evaluate" his status. LAB Who is John Galt? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of FRS Sent: Monday, September 18, 2000 9:32 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Questions... These questions are from Exam 350-001. The NDA has been broken. ""Derek Chung"" [EMAIL PROTECTED] wrote in message 8q2d0a$8kk$[EMAIL PROTECTED]">news:8q2d0a$8kk$[EMAIL PROTECTED]... Question 1: Router A and Router B are configured to route IP to each other over a serial line. Host A is connected to Router A and Host B is connected to Router B. A packet is sent from Host A to host B. A hit on the serial line causes an error in the packet. Retransmission is sent by: Question 2: During the middle of a TCP conversion across a routed backbone, the network receives a voltage spike and several of the packets are damaged. Where are the packets retransmitted from? Question 3: Computer1 [Segment A]---RouterA--RouterB--[SegmentB]--Comp u ter2 A packet is sent to Computer 2 from Computer 1. A collision occurs on Segment B. Which device will retransmit the frame and what will the source MAC address be (when the packet actually reaches
Re: PIX and OSPF
Don't pass any info from the ISP inside. Use the PIX as your default gateway for outbound traffic and on the PIX point the default to the inside ethernet of your Internet router. On the Internet router point to your ISP. Very standard practice. John Lorenzo Montezemolo [EMAIL PROTECTED] wrote in message 8q8fjg$t76$[EMAIL PROTECTED]">news:8q8fjg$t76$[EMAIL PROTECTED]... How would this work if NAT were in place? We're thinking about doing something similar where we have our ISP-managed router passing default-network information from outside, through the PIX, and to the inside. Any thoughts? Lorenzo ""Omar Baceski"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... | you can put an explicit neighboring between the routers to avoid using | multicast. then you need to put a coumple conduits to let ospf passtrough. | | | | -Mensaje original- | De: Nabil Fares [SMTP:[EMAIL PROTECTED]] | Enviado el: Tuesday, September 19, 2000 2:38 PM | Para: [EMAIL PROTECTED] | Asunto: PIX and OSPF | | Greetings, | | I'm testing PIX515 and I've couple of questions concerning OSPF. I'll be | installing a PIX between 2 7XXX router: | | Router-C1--PIX515--Router-C2 | OSPF OSPF | | | Do I've to do anything special on PIX to pass OSPF? Any help is great. | | | thanks, | | Nabil | | **NOTE: New CCNA/CCDA List has been formed. For more information go to | http://www.groupstudy.com/list/Associates.html | _ | UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html | FAQ, list archives, and subscription info: http://www.groupstudy.com | Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] | | **NOTE: New CCNA/CCDA List has been formed. For more information go to | http://www.groupstudy.com/list/Associates.html | _ | UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html | FAQ, list archives, and subscription info: http://www.groupstudy.com | Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] | **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 3640 grunty enough for full-BGP routing?
Thanks for finally contributing something useful to this thread. About time you offered some useful info. As far as your whining about me I don't think the group really cares. I certainly do not. John - Original Message - From: Spolidoro, Guilherme [EMAIL PROTECTED] To: 'John Kaberna' [EMAIL PROTECTED]; Cisco Groupstudy (E-mail) [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 2:13 PM Subject: RE: Cisco 3640 grunty enough for full-BGP routing? Something I always liked on the groupstudy was the fact that unlikelly other lists there weren't people like. I leave the list for 3 months when I come back I met a person like you. Anyway, I was not sure if you have something against me (I doubt it), or against the company that I work for (possible) or if you just have an attitude problem (most likelly). I didn't have to read many messages from the archive to find out that the you definetly have match the 3rd category. In fact, your post about the CCIE written just confirmed that. If you look over the archive you'll find out that I've been countributing to the list for a long time and always treated people with respect. Said that, let's go back to the original topic. I collected some information from the routers and hopefully that's going to help us all understand things a little better. On the router that is receiveing full routing from 3 different sources + some minor BGP tables from another source, I have: routername#sh proc mem Total: 113040320, Used: 81450168, Free: 31590152 99 0 743336460 75256748 71727808 0 0 BGP Router 101 0 59012 588774148 6796 31752 0 BGP I/O 102 0 08125308 6796 0 0 BGP Scanner 81427968 Total routername#sh mem Head Total(b)Used(b)Free(b) Lowest(b) Largest(b) Processor 61432440 113040320 81444248 31596072 27977536 27615736 Fast 61412440 131072 128728 2344 2344 2300 routername#sh ip bgp sum BGP router identifier xxx.xxx.xxx.xxx, local AS number BGP table version is 23908473, main routing table version 23908473 87354 network entries and 66 paths using 16474914 bytes of memory 61018 BGP path attribute entries using 3175172 bytes of memory 27894 BGP AS-PATH entries using 721048 bytes of memory 1 BGP community entries using 24 bytes of memory 34880 BGP route-map cache entries using 558080 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 1483983/5039870 prefixes, 22873788/22651522 paths NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd x.x.x.x 4 xxx 9336739 130266 23908431 00 1w6d86890 y.y.y.y 4 5879226 5971108 23908431 00 1w5d 47810 z.z.z.z 4 1440681 130395 23908431 00 1w5d 306 w.w.w.w 4 10460589 5988755 2390843100 2d23h 87256 As you can see on this router, the output from sh ip bgp sum shows that the BGP tables are really only 16Mb large, but the sh proc mem shows that the BGP process overall uses about 71Mb. I hope this post helps the rest of the members of the list. -Original Message- From: John Kaberna [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 19, 2000 3:21 PM To: Spolidoro, Guilherme; Cisco Groupstudy (E-mail) Subject: Re: Cisco 3640 grunty enough for full-BGP routing? First of all I've never heard of an "as is" or "summarized" version. It's either full routes or partial routes. Second, you shouldn't say something if your not prepared to explain what you mean. I have received full routes from several providers and the table has never taken up more than 20MB. I have always requested full routes. John - Original Message - From: Spolidoro, Guilherme To: Cisco Groupstudy (E-mail) Sent: Tuesday, September 19, 2000 12:01 PM Subject: RE: Cisco 3640 grunty enough for full-BGP routing? Some ISPs offer full routing in two flavors: "as is" or a "summarized" version (maybe that's the case). Please don't ask any additional details because that was long long time ago... -Original Message- From: Guyler, Rik [EESUS] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 19, 2000 1:06 PM To: John Kaberna; Cisco Groupstudy (E-mail) Subject: RE: Cisco 3640 grunty enough for full-BGP routing? I don't know the nuances involved, but he stated that the Internet routing table a year ago was over 70,000 routes and is probably closer to 90,000 routes right now. Maybe you did not see the complete table when you saw 20MB? I don't know... Like I said, however, he is a 3xxx CCIE and a Cisco SE, so I find it hard to refute his word. Not that I'm saying you are wrong, just that I find him to be extremely credible. Rik -Original Message- From: John Kaberna
Re: CCIE Questions...
No one is going to pass just because of a few questions they can memorize the answers to. I also don't know where you think we will be diluted with CCIE's because of this. The CCIE is a lab. I guess your referring to the paper test which, once again, doesn't mean squat. The pool is not going to be diluted because of NDA violations. Just like any other certification the combination of books geared directly for the exam and testing software that is very accurate will dilute the pool. The few people that violate the NDA will be of little consequence. As long as Cisco uses a large enough question database and changes the test frequently enough this won't be an issue. You people love to beat a dead horse don't you. John - Original Message - From: Miller, Nathan (AZ15) [EMAIL PROTECTED] To: John Kaberna [EMAIL PROTECTED]; Lori S Carter [EMAIL PROTECTED]; [EMAIL PROTECTED]; Bradley J. Wilson [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 1:28 PM Subject: RE: CCIE Questions... John, Perhaps you have not grasped the idea that systematic violation of the NDAs devalues the certs that we are all (yourself included - I assume) working to earn. I for one, do not want the pool of CCNPs and CCIEs diluted by those who are incapable of passing the exams without memorizing the answers to a few specific questions. A significant part of the value of these certs comes from the perception (justified or not) that more than memorization is required to attain them. Regards, Nathan Miller -Original Message- From: John Kaberna [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 19, 2000 12:18 PM To: Lori S Carter; [EMAIL PROTECTED]; Bradley J. Wilson Subject: Re: CCIE Questions... You people spend way too much time snitching. I bet a lot of you got beat up and teased frequently in high school. Let Cisco worry about its NDA. It doesn't need a bunch of dorky Boy Scouts (and Girls Scouts of course) doing its job for them. Geez people some of you need to get a life. John PS. You can report me to [EMAIL PROTECTED] when you want to whine about what I have to say. - Original Message - From: Lori S Carter [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Bradley J. Wilson [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 8:41 AM Subject: Re: CCIE Questions... Go to the site www.brobeck.com. They represent Cisco and other "big names" in stuff like this. Send an email to Michelle Falkoff. She's one of the lawyers who represent Cisco. Lori -- On Mon, 18 Sep 2000 12:22:14 Bradley J. Wilson wrote: I looked up the original poster's website...in his "Technical Certifications" section he's got "CCIE *pursuing*" [emphasis mine]. Heck, if I put down every cert I'm "pursuing," my rezzy would be 10 pages long... Anyway, who wants to be the Thought Police on this one? I'm assuming there's someone from Cisco who's responsible for monitoring Cisco-related newsgroups and mail lists for NDA breaks, but then again maybe not - what a job from hell that would be. Thanks for the study break. ;-) - Original Message - From: Louie Belt To: 'FRS' ; [EMAIL PROTECTED] Sent: Monday, September 18, 2000 12:00 PM Subject: RE: CCIE Questions... If these questions are in fact from 350-001 then the original poster needs to be turned in to Cisco so that they can "re-evaluate" his status. LAB Who is John Galt? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of FRS Sent: Monday, September 18, 2000 9:32 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Questions... These questions are from Exam 350-001. The NDA has been broken. ""Derek Chung"" [EMAIL PROTECTED] wrote in message 8q2d0a$8kk$[EMAIL PROTECTED]">news:8q2d0a$8kk$[EMAIL PROTECTED]... Question 1: Router A and Router B are configured to route IP to each other over a serial line. Host A is connected to Router A and Host B is connected to Router B. A packet is sent from Host A to host B. A hit on the serial line causes an error in the packet. Retransmission is sent by: Question 2: During the middle of a TCP conversion across a routed backbone, the network receives a voltage spike and several of the packets are damaged. Where are the packets retransmitted from? Question 3: Computer1 [Segment A]---RouterA--RouterB--[SegmentB]--Comp u ter2 A packet is sent to Computer 2 from Computer 1. A collision occurs on Segment B. Which device will retransmit the frame and what will the source MAC address be (when the packet actually reaches Segment B)? Question 4: When computer A sends a frame to computer B across many routers, how will the source and destination layer 3 addresses change? How will the source
Re: PIX and OSPF
Like Howard mentioned early. Why would you do this? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 3:05 PM Subject: RE: PIX and OSPF let me explain you must make a conduit that let pass the ospf unicast traffic from JUST one router to the other. and if you are really paranoid you can put md5 auth on both routers too. -Mensaje original- De: Howard C. Berkowitz [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 6:13 PM Para: [EMAIL PROTECTED] Asunto: RE: PIX and OSPF you can put an explicit neighboring between the routers to avoid using multicast. then you need to put a coumple conduits to let ospf passtrough. But why do you want to pass through? It seems counter to good security practice. -Mensaje original- De: Nabil Fares [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 2:38 PM Para: [EMAIL PROTECTED] Asunto: PIX and OSPF Greetings, I'm testing PIX515 and I've couple of questions concerning OSPF. I'll be installing a PIX between 2 7XXX router: Router-C1--PIX515--Router-C2 OSPF OSPF Do I've to do anything special on PIX to pass OSPF? Any help is great. thanks, Nabil **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Questions...
Don't blame me cause your not too bright. Blame your parents. They conceived you. - Original Message - From: Bradley J. Wilson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 3:30 PM Subject: Re: CCIE Questions... Anyone else rofl over this line? :-) - Original Message - From: John Kaberna Once again you are one of the many that fails to see my point. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and OSPF
You are still not making any sense at all. Why do you want your internal network to share routing info with your Internet router? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 4:10 PM Subject: RE: PIX and OSPF because the pix will see the multicast traffic as broadcast, then dropiing it, then not getting any adjacency on the routers. I had have the same problem 2 weeks ago. exactly the same issue if you work with EIGRP. -Mensaje original- De: John Kaberna [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 7:35 PM Para: Omar Baceski; [EMAIL PROTECTED] Asunto: Re: PIX and OSPF Like Howard mentioned early. Why would you do this? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 3:05 PM Subject: RE: PIX and OSPF let me explain you must make a conduit that let pass the ospf unicast traffic from JUST one router to the other. and if you are really paranoid you can put md5 auth on both routers too. -Mensaje original- De: Howard C. Berkowitz [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 6:13 PM Para: [EMAIL PROTECTED] Asunto: RE: PIX and OSPF you can put an explicit neighboring between the routers to avoid using multicast. then you need to put a coumple conduits to let ospf passtrough. But why do you want to pass through? It seems counter to good security practice. -Mensaje original- De: Nabil Fares [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 2:38 PM Para: [EMAIL PROTECTED] Asunto: PIX and OSPF Greetings, I'm testing PIX515 and I've couple of questions concerning OSPF. I'll be installing a PIX between 2 7XXX router: Router-C1--PIX515--Router-C2 OSPF OSPF Do I've to do anything special on PIX to pass OSPF? Any help is great. thanks, Nabil **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and OSPF
Ah yes Omar. Hey Fares we cannot do your work for you. Care to enlighten us why you would want to do this? John - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 4:41 PM Subject: RE: PIX and OSPF this is not my scenario. maybe there are no internet routers, and both are internals. just ask Nabil Fares [SMTP:[EMAIL PROTECTED]] -Mensaje original- De: John Kaberna [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 8:40 PM Para: Omar Baceski; [EMAIL PROTECTED] Asunto: Re: PIX and OSPF You are still not making any sense at all. Why do you want your internal network to share routing info with your Internet router? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 4:10 PM Subject: RE: PIX and OSPF because the pix will see the multicast traffic as broadcast, then dropiing it, then not getting any adjacency on the routers. I had have the same problem 2 weeks ago. exactly the same issue if you work with EIGRP. -Mensaje original- De: John Kaberna [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 7:35 PM Para: Omar Baceski; [EMAIL PROTECTED] Asunto: Re: PIX and OSPF Like Howard mentioned early. Why would you do this? - Original Message - From: Omar Baceski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 19, 2000 3:05 PM Subject: RE: PIX and OSPF let me explain you must make a conduit that let pass the ospf unicast traffic from JUST one router to the other. and if you are really paranoid you can put md5 auth on both routers too. -Mensaje original- De: Howard C. Berkowitz [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 6:13 PM Para: [EMAIL PROTECTED] Asunto: RE: PIX and OSPF you can put an explicit neighboring between the routers to avoid using multicast. then you need to put a coumple conduits to let ospf passtrough. But why do you want to pass through? It seems counter to good security practice. -Mensaje original- De: Nabil Fares [SMTP:[EMAIL PROTECTED]] Enviado el: Tuesday, September 19, 2000 2:38 PM Para: [EMAIL PROTECTED] Asunto: PIX and OSPF Greetings, I'm testing PIX515 and I've couple of questions concerning OSPF. I'll be installing a PIX between 2 7XXX router: Router-C1--PIX515--Router-C2 OSPF OSPF Do I've to do anything special on PIX to pass OSPF? Any help is great. thanks, Nabil **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure
Re: Cisco 3640 grunty enough for full-BGP routing?
Title: Cisco 3640 grunty enough for full-BGP routing? The BGP routing table itself takes up less than 20MB of memory last time I checked (only a couple months ago). I don't have access to a router running full BGP routes right this moment but someone should verify this. I am fairly certain it is less than 20. So, you can run it just fine on a 3640 with 128mb. I completely disagree with this "experienced" CCIE. However, his routers may have several other services running on them that use alot of memory. A 3640 with 128mb used simply as an Internet router running BGP will have no trouble now or in the near future. Does anyone have a 3640 w/BGP that could provide some current stats? John - Original Message - From: Guyler, Rik [EESUS] To: Jeff Wang ; Cisco Groupstudy (E-mail) Sent: Monday, September 18, 2000 9:13 AM Subject: RE: Cisco 3640 grunty enough for full-BGP routing? A CCIE, experienced in the service provider market, just recently told me that a 3640 *might* be OK at first,but it would really be a strain to keep the entire routing table. His reasoning is that 128MB RAM barely covers the requirements and will allow no room for growth. He went on to say that if you can, use 256MB, 512MB, etc. as new routes that are added in the future will drive your memory requirements beyond 128MB. Rik Guyler -Original Message-From: Jeff Wang [mailto:[EMAIL PROTECTED]]Sent: Monday, September 18, 2000 12:18 AMTo: [EMAIL PROTECTED]Subject: Cisco 3640 grunty enough for full-BGP routing? Hi all, Just a quick question regarding 3640 with 128MB DRAM. Will it be grunty enough to run full-BGP, talking to two different providers and getting full routes, with one E1 2Mbps WAN link to each provider? What's your minimum configuration from experience? TIA, Jeff Wang
Re: Route-Maps - BGP
Shawn, You still will not have true redundancy if you are using a single 3640. If that router fails you will lose all 3 T1s. Not sure what you are going to gain by moving this T1. I think we will need a simple diagram to understand. You mentioned BGP? I thought these T1's were to a remote site. Are these Internet T1's? You said route-maps are flaky. Define flaky. I've never had a problem using route maps. Need a lot more info on this one. John ¡Shawn.! [EMAIL PROTECTED] wrote in message 8q5ar4$a75$[EMAIL PROTECTED]">news:8q5ar4$a75$[EMAIL PROTECTED]... Looking for other opinions... I currently have a 3640 installed at remote site with2 Modules installed. There are two DSU/CSU installed in each mod., with a FE port on each. I have 3 T1's coming in. 2 Ts going into the 3640 box and the third going into a 1750. The third T is a dedicated T for a separate network. There are 2 different networks being severed and one redundant T for one network. The second network doesn't have any redundancy -(that's my question). Here is my question: I would like to put all three Ts into the 3640 for redundancy. If any T fails, information will still transmit over the remaining Ts, doesn't matter what network it belongs to.The third T is dedicated for that particular network. I don't want ANY traffic to flow over to that T unless both primary and secondary fail. But if the third T fails, then I want traffic to flow over to the second T then to the first. I tried BGP with route-maps (next hop) but it was working a little flaky. Any suggestions wouldbegreatly appreciated. I will keep youpostedon my finding also. -shawn.
Re: PIX VPN Access
You do not need an authentication server to use the VPN client. However, anyone that knows your pre-shared key will have access to your internal network. In order to use authentication you will need a TACACS or RADIUS server. What software version are you running? Also, do you have a failover bundle? There are major issues with failover on 5.1(1). They've corrected these problems with 5.1(2) and 5.2. Only 5.1 and above allows you to use TACACS or RADIUS authentication with the VPN client. This is just from what I remember from a problem I had months ago and should be verified. John - Original Message - From: Parris, Brian [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 18, 2000 6:05 AM Subject: PIX VPN Access Help I have managed to put together my routers, frame relay connections, switches, etc. w/o any Cisco training. I usually just research this stuff on Cisco's site and find my answers. But now I am lost on this one: I have a Pix that I have set up to accept VPN. I've done this per Cisco's examples of a Client to Pix VPN configurations. I got my DES activation key (when I finally figured out I needed one). My final problem is accessing the VPN. I am using Cisco's VPN client software but I don't have anything to authenticate by, such as a TACACS+/RADIUS server. What are these? How do I create one? Do I have to have one? Can I not set up one username and password on the PIX that will do the trick? Any help would be greatly appreciated!!! TIA, Brian Parris Systems Administrator (A+, N+, MCP) www.carotek.com **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Two WAN Links
BGP will do the job "IF" you have a router more powerful that a 2621. Just put in 2 static routes with equal cost. Should load balance between the 2 links. Anyone disagree? I think we had a discussion on load balancing with static routes last week and someone verified this is the case. John - Original Message - From: Scott Nelson [EMAIL PROTECTED] To: Cisco -L post [EMAIL PROTECTED] Cc: Gunjan Mathur [EMAIL PROTECTED] Sent: Monday, September 18, 2000 3:48 PM Subject: Re: Two WAN Links You really need to work with both of your ISP's to make this work right. Get them both on the phone or do a meeting/Conference call, etc and ya'll sit down and work it out. Since I have no idea which ISP's you have and I don't know their router path/routes, it would be bad for me to tell you to do one thing and it be all something else. Scott Hi, I'm using Cisco2621 router with 2WAN and 2LAN. Right now I have only one WAN link, and now going for second link from another ISP. (PPP) ISP(1) - 2621 - LAN ISP(2) - (PPP or HDLC) my both ISP are using PPP, how I configure my router to work with both, As I understand that BGP will do the job, but my ISP does not support that. How I configure my router in above senario. -- Scott Nelson - Network Engineer Wash DC +1202-270-8968 +1202-352-6646 Los Angeles +1310-367-6646 mailto:[EMAIL PROTECTED] http://www.bnmnetworks.net PGP Public Key: http://home.earthlink.net/~scottnelson/keys/srnbnm.txt -- "The better the customer service, the sooner you get to speak with someone who can't help you." -- **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Foundation 2.0
Foundation was available as of August 28th. There isn't an exam outline posted on CCO yet. If you are taking it in the next couple of days and don't know what's on it I suggest you consider rescheduling. This test covers Building Cisco Remote Access Networks, Building Multilayer Switch Networks, and Building Scalable Cisco Networks. All 3 are Cisco Press books that you can buy or courses you can take. The test is 150 questions and they give you 2 1/2 hours. I called Sylvan Friday and talked to them about it as I am scheduled to take it in 2 days. John - Original Message - From: Adegbemi Tolulope V. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 17, 2000 8:19 AM Subject: Foundation 2.0 Hello folks, Good day. Please I will like to have your views on this: I am planning to take FRS 2.0 (Foundation 2.0) in the next couple of days. I have visited Cisco Site and couldn't get much info on this exam. Please I need to know those of you who have taken this exam. I really need to know if the exam has gone live. I called my testing Centre in Nigeria and they said they have not started testing on the exam. I'll appreciate dropping any information for me. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2948G L3, route between Vlan
I know this is being picky but there's no such thing as an RSM for the 6500. Only the 5500. Essentially its the same thing but the 6500's use MSFC cards instead. John - Original Message - From: jason yee [EMAIL PROTECTED] To: BB [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 15, 2000 7:20 PM Subject: Re: 2948G L3, route between Vlan You are use a router or a high end switch like 6509 with a RSM (route switch module) to do the routing for you --- BB [EMAIL PROTECTED] wrote: Hi i've setup two vlan in the switch. but packet can't route from one vlan to other vlan... how can i enable routing between vlan? thx BB **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: line protocol down
What the hell is turfing? Maybe I am stupid but I have never heard this term before. I am a firm believer in everyone having the right to say whatever he or she pleases. One cannot please everyone and anything someone says that is slightly controversial is bound to offend a bunch of people on this list. Too bad is what I say. If you don't like what someone has to say waaah waaah tough crap. John - Original Message - From: Traister, Blake (SBCI) [EMAIL PROTECTED] To: 'Feliz, Edgar' [EMAIL PROTECTED]; CNN [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, September 15, 2000 4:45 PM Subject: RE: line protocol down I think turfing your mail before its delivered is a better option. Thats my usual fix for cowards and primadonnas. Thanks for reminding me why I do that. Keep your trap shut...you are a brave little fellow. You are also in the wrong place. Darth -Original Message- From: Feliz, Edgar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 13, 2000 3:41 PM To: CNN; [EMAIL PROTECTED] Subject: RE: line protocol down I do not think I owe him an apology, and I have the right to speak my mind. Follow your own advice and ignore the message if you do not like it, and keep your trap shut. EF -Original Message- From: CNN [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 13, 2000 6:09 PM To: [EMAIL PROTECTED] Subject: Re: line protocol down Edgar, Don't you see everybody here is trying to help? That's what the purpose of this group, not only people ask questions, but we all watch and learn from them. I think you own an apology to Jason. You can always ignore the messages if you do not like it and keep your mouth shut. ""Feliz, Edgar"" mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] wrote in message A1951EBFDB75D31188E200805F6FEE71B7FACF@SNYC1NT02">news:A1951EBFDB75D31188E200805F6FEE71B7FACF@SNYC1NT02 A1951EBFDB75D31188E200805F6FEE71B7FACF@SNYC1NT02">news:A1951EBFDB75D31188E200805F6FEE71B7FACF@SNYC1NT02... Jason, it is OK not to understand something , and ask questions, but you have no clue, and expect others who are not getting paid to do YOUR job to do it for you. Why should we help you fix the problems YOU are getting paid to fix. Get some training, and study, help yourself. If you want my help the price is $100.00 per hour at a minimum. My .02 EF -Original Message- From: Yee, Jason [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 13, 2000 1:56 AM To: cisco@groupstudy. com (E-mail) Subject: line protocol down hi , I have problems with my frame-relay serial link attatched is the router configuration physical layer confirmed is ok as carrier is up but my serial interface still showing interface up line protocol down Any inputs will be greatly appreciated thanks Jason **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com http://www.groupstudy.com Report misconduct and Nondisclosure violations to mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco switches
Well last time I checked this was a study group. And Cisco might care for their tests. So, it might be a good idea to know the difference. Its not that hard. I believe 4000 and up run switch IOS and everything below that is router type IOS. John - Original Message - From: Priscilla Oppenheimer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 13, 2000 10:55 AM Subject: Re: cisco switches Yes, but in the real world, I like Duck's attitude. Basically he's saying that he doesn't need to memorize which switch has IOS. He is not intimidated by any switch because they all basically do the same thing, and he has learned enough configuration commands in both command sets to feel comfortable. I could see hiring such a person even if he did flunk the test! Just a thought Priscilla At 12:25 PM 9/13/00, Neil Schneider wrote: Possibly your "who cares!" attitute and your 347 score are related? Just a thought. Neil ""Donald B Johnson Jr"" [EMAIL PROTECTED] wrote in message 030001c01db7$51db2170$[EMAIL PROTECTED]">news:030001c01db7$51db2170$[EMAIL PROTECTED]... who cares!!! when you console, or telnet, or tenlet in you will find out which command set you are using. If you know what a switch can do you should be allright. I just took the switching test and scored a 347 after six weeks of study 'm not too depressed but I got to get back to reading. Duck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, September 12, 2000 9:34 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: cisco switches In a message dated 9/12/00 10:49:08 PM Eastern Daylight Time, [EMAIL PROTECTED] writes: hi all, Do all cisco switches run IOS , I know 1900 do , but what about the others? Jason Priscilla Oppenheimer http://www.priscilla.com **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: max no of connections for vty
You can't that I know of. - Original Message - From: jason yee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 14, 2000 10:24 PM Subject: max no of connections for vty hi , I am a instructor currently delivering CCNA course.The setup of the classroom consists of 2 routers but I have got 24 students telnetting to the 2 routers . I have problems for them telnetting to the routers because the max no of connections for the telnet sessions are 5 , my question is how can I increase the no. of connections so as to accomodate all the students without buying more routers. thanks suaveguru __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
