Free Cisco book - Dictionary of Networking

[Joseph]

www.cisco.com/offer/edunet/d927 by Dec. 1, 2000


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX SMTP performance very Bad

[Joseph]

Dear Sir:

One of our customer use the PIX Firewall515 version 5.12 with 6-interfaces.
He use three interfaes: Internal, External and DMZ, and everything seem
well.

Only one problem: The SMTP mail server in DMZ and PIX handle SMTP (TCP/25)
performance very badevery smtp session delay more then 10sec in PIX.

Thank you very much for your attention and kindness help. Look forward to
hearing from you soon.

Joseph Chuang



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX and SMTP Problem

[Joseph]

Dear Sir:

One of our customer use the PIX Firewall515 version 5.12 with 6-interfaces.
He use three interfaes: Internal, External and DMZ, and everything seem
well.

Only one problem: The SMTP mail server in DMZ and PIX handle SMTP (TCP/25)
performance very badevery smtp session delay more then 10sec in PIX.

Thank you very much for your attention and kindness help. Look forward to
hearing from you soon.

Joseph Chuang





___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Home Lsb -- Suggestions Please

[Joseph Ezerski]

Title: RE: Home Lsb -- Suggestions Please



This is a very good link.  This is 
the best I've seen so far regarding the oft appearing question of building a 
ccie lab.  

  -Original Message-From: Han Nguyen 
  [mailto:[EMAIL PROTECTED]]Sent: Wednesday, November 29, 
  2000 4:52 AMTo: 'Ikpasa, Kerry'; 
  [EMAIL PROTECTED]Subject: RE: Home Lsb -- Suggestions 
  Please
  Check out this URL: http://www.ccprep.com/resources/news/archives/990709.htm 
  
  Han. 
  -Original Message- From: 
  Ikpasa, Kerry [mailto:[EMAIL PROTECTED]] 
  Sent: Wednesday, November 29, 2000 5:36 AM To: [EMAIL PROTECTED] Subject: Home Lsb -- 
  Suggestions Please 
  Ladies & Gent,   
  I am thinking off gathering equipment for my home lab, 
  for study for CCNP, and moving on to CCIE (Say third 
  quater ..2001).  I need to start off small but 
  adequate for the CCNP. 
  Can you please suggest the equipments I can buy/aquire to kick 
  this off! 
  Thanks in advance __ Kerry Ikpasa 
  NOC Engineer AduroNet Limited 
  * Tel: ++44(0)1895 552-145 * Mob 
  ++44(0)777 6161-145 * Fax: ++44(0)1895 271 931 
  * E-Mail :[EMAIL PROTECTED] 
  _ FAQ, 
  list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to 
  [EMAIL PROTECTED] 

Good reference book for Support/CIT

[Joseph Ezerski]

I am nearly complete in my quest for CCNP.  I only have the CIT/Support exam
to take.  To date, most of my studying has come from Exam Cram and Boson
tests.  I realize that those books serve only to help with quick
memorization and test cramming.  I have also purchased and am reading other
publications, like Jeff Doyle's book and Halabi's book.  I am looking for a
good reference book for CIT and Troubleshooting, the type of book I can
actually use in the real world as I get my hands on more and more equipment
(I work for an ISP).  I am eventually moving on to CCIE written and I have
been buying books in the Cisco Press CCIE series (i.e. Doyle, etc).  What
would this fine group recommend as the best source for Troubleshooting that
would not only help me with CCIE written, but with real world problems...

Thanks in advance,

Joseph E.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: I need Bcran exam advise from you, sir.

[Joseph Ezerski]

Young William, I just took BCRAN 24 hours ago.  It is still fresh in my
mind.  I will attempt to give you my impressions on the exam and how I
prepared.

I read Building Cisco Remote Access Networks by Catherine Paquet (A fine
Cisco Press publication).  I also used all three Boson test series covering
the same.  It took me about a week to read the book.  My peers said the book
was dry and a bit boring, but I found it to be rather enjoyable.  Anyway,
the book provided me with a strong foundation of the concepts.  The Boson
tests were slightly better than average and a good way to get yourself into
the frame of mind to take a test.  Once I had mastered the Boson exmas, I
took the test.  I passed with an 887.

On the test, I saw a bunch of ISDN questions, from concepts and theory to
actual usage.  There were about 5-6 questions on DDR.  There were many
(about 12-15) questions where they ask you which Cisco command does this or
that.  They give you an exhibit to choose from 50 or so commands.  The way
they ask the question and the way the commands are listed in the exhibit,
they practically give the answer away.  There were the requisite Frame Relay
questions too.  Basic stuff there.  The few questions I saw on X25 were of
the most basic sort.  There were also about 5 questions on what particular
router would you put in a specific location (i.e. Central Office, Remote
Location or SOHO)  There were about 2 very general questions on the Cisco
700, and not very in depth questions at that.

There were also a few questions related to Dialer Groups, Dialer Lists and
Dialer Pools.  Enough to be annoying.

Finally, there were those few questions that Cisco likes to drop in there
that are totally ambiguous and serve only to shake your confidence.

I saw no blind "fill in the blank" type questions.

Hope all of this helps.  Good luck on your test!

Joseph

-Original Message-
From: william [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 03, 2000 7:43 PM
To: [EMAIL PROTECTED]
Subject: I need Bcran exam advise from you, sir.


Hi guys

I'm taking Bcran exam on coming wednesday.  Can you all guys advise me on
this?

Thanks.


William


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DSL Aggregation

[Joseph Ezerski]

Title: RE: DSL Aggregation



Also 
check out the "less than perfect" 6400 UAC from Cisco.  I work with them 
every day.  They are pretty horrible.
 
Joseph

  -Original Message-From: Abruzzese, John 
  [mailto:[EMAIL PROTECTED]]Sent: Wednesday, December 06, 2000 
  10:15 AMTo: Terrence Garrison; 
  [EMAIL PROTECTED]Subject: RE: DSL 
  Aggregation
  Cisco's fairly new Edge Switch Router(ESR) 1 is a xDSL agg 
  router 
  -Original Message- From: 
  Terrence Garrison [mailto:[EMAIL PROTECTED]] 
  Sent: Wednesday, December 06, 2000 12:14 PM To: [EMAIL PROTECTED] Subject: DSL 
  Aggregation 
  What is DSL aggregation ? Does cisco 
  make a box that does DSL aggregation ? 
  _ 
  Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com 
  _ FAQ, 
  list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to 
  [EMAIL PROTECTED] 

Great Deal on CCIE LAN Switching book!!

[Joseph Ezerski]

Working towards CCNP and was looking to expand my library.  Someone on this
list mentioned to check Mysimon.com and compare book prices.  I did that and
I found a great price at Wal-Mart of all places.

Normally the book lists for 70.00 US and Walmart has it, in hard-cover, for
49.00!  I ordered it today and so I cannot fully verify it, but the website
did say it was hardcover, so let's hope it comes through as such.

Anyway, it is worth a "look-see".

Joseph E

-Original Message-
From: xndr [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 06, 2000 12:55 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE certificationzone.com Mock Exam 754/1000


Hi!

It does not seem to be enough to pass CCIE writting.
I'd geting about 850-880 and my pass score on real CCIE was 100 points less.

> Hit a 754/1000 tonight, I'm well pleased, but do you
> think I'm ready or just knocking on the door ?
>
> Past results,
>
> 629
> 636
> 670
> 608 (Bad Day)
> 706
> 706
> 706 (Getting Cheesed off)
> 754 (Happier)
>
> Any comments appreciated.
>
> Best Regards,
>
> Phil.
>
>
> 
> Do You Yahoo!?
> Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> or your free @yahoo.ie address at http://mail.yahoo.ie
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Great Deal on CCIE LAN Switching book!!

[Joseph Ezerski]

I noticed that Wal-Mart.com has a significant number of Cisco Press books in
the $40+ range.  I received my order confirmation and I am awaiting
delivery.  I had it sent via regualr ground mail, so it may take a week or
so.  If everything checks out, I may order more.  Currently, I am preparing
to take the CIT exam to complete my CCNP.  However, the CCIE is my next
lofty goal, so my library has found itself expanding at a very fast pace.

Joseph

-Original Message-
From: Bharat Suneja [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 07, 2000 7:24 AM
To: [EMAIL PROTECTED]
Subject: Re: Great Deal on CCIE LAN Switching book!!


That indeed is the lowest price on the Switching book, ISBN 1578700949, CCIE
Professional Development: Cisco LAN Switching. Booksamillion.com also sells
it for $49, with a further 10% discount if you're a member of their
"Millionaire Book Club" - for $44.10 after the Club discount. Club
membership is $5/year, and it pays off with the first book you buy. I've
often found them offering the lowest prices on any Cisco Press book - I
recently bought the Cisco Press BSCN book for $42, including shipping.
Checked back a couple of days ago, and they'd raised the rates back to the
list price of $60. :-)

Bharat Suneja

"Joseph Ezerski" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Working towards CCNP and was looking to expand my library.  Someone on
this
> list mentioned to check Mysimon.com and compare book prices.  I did that
and
> I found a great price at Wal-Mart of all places.
>
> Normally the book lists for 70.00 US and Walmart has it, in hard-cover,
for
> 49.00!  I ordered it today and so I cannot fully verify it, but the
website
> did say it was hardcover, so let's hope it comes through as such.
>
> Anyway, it is worth a "look-see".
>
> Joseph E
>
> -Original Message-
> From: xndr [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, December 06, 2000 12:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE certificationzone.com Mock Exam 754/1000
>
>
> Hi!
>
> It does not seem to be enough to pass CCIE writting.
> I'd geting about 850-880 and my pass score on real CCIE was 100 points
less.
>
> > Hit a 754/1000 tonight, I'm well pleased, but do you
> > think I'm ready or just knocking on the door ?
> >
> > Past results,
> >
> > 629
> > 636
> > 670
> > 608 (Bad Day)
> > 706
> > 706
> > 706 (Getting Cheesed off)
> > 754 (Happier)
> >
> > Any comments appreciated.
> >
> > Best Regards,
> >
> > Phil.
> >
> >
> > 
> > Do You Yahoo!?
> > Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
> > or your free @yahoo.ie address at http://mail.yahoo.ie
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Need help with a failing 7206

[Joseph Ezerski]

I have a Cisco 7206 with an IMA card and two ATM T-1 circuits going into the
4 port IMA card.  About every two weeks the router freezes up.  Usually a
reboot brings it back.  Everytime the router reboots, the log gets cleared.
Is there a way I can troubleshoot the hardware and/or IOS with this and get
to the heart of the matter?

Joseph


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Still doesn't work: tough VPN question

[Joseph Ezerski]

I beg to disagree with you.  I can certainly telnet, ftp and ping to any
NETBios name on my network.



-Original Message-
From: Benjamin Walling [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 9:21 AM
To: [EMAIL PROTECTED]
Subject: Re: Still doesn't work: tough VPN question


Yes, WINS resolves NetBIOS names to IP addresses, but only for Windows
networking functions.  It is not used for ping, ftp, telnet, etc.  It is
used for name resolution with relation to file sharing, domain traffic, etc.

The order in which a Windows box will try to resolve a DNS name (what
happens when you ping):
Host file
DNS
Cache
WINS
Broadcast
LMHosts

The order in which a Windows box will try to resolve a NetBIOS name:
Cache
WINS
Broadcast
LMHosts
Hosts
DNS
(of course you can modify the NetBIOS node type and change this)

""Frank Wells"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Name resolution is exactly what WINS does!  It maps Netbios names to IP
> addresses.  Windows clients resolve names to IP addresses using a number
of
> criterion, and depending on what kind of node they are (H;B;P;M)the order
> that they search services and files differ.  They certainly do not need
DNS
> to resolve IP addresses, although it would be an inprovement over their
> native methods.
>
> Take a look at RFC's 1001/1002 for deeper insight.
>
> BTW, RPC's are used for mapping drives etc.
>
>
> >From: "Benjamin Walling" <[EMAIL PROTECTED]>
> >Reply-To: "Benjamin Walling" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Still doesn't work: tough VPN question
> >Date: Fri, 8 Dec 2000 08:27:04 -0500
> >
> >Pinging does not verify name resolution for WINS.  Ping will resolve a
name
> >using DNS.  MS uses WINS (NetBIOS naming) for Domain Logins and for
mapping
> >drives, etc.
> >
> >Try this link on Cisco's website for help with coordinating your NT
domain
> >with your network layout:
> >http://www.cisco.com/warp/public/473/winnt_dg.htm
> >
> >It covers WINS and things like that.
> >
> >Ben
> >
> >"Jim Bond" <[EMAIL PROTECTED]> wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hello,
> > >
> > > Thank you guys for the help. Unfortunately, I tried to
> > > put LMHOST file, still doesn't work. We use WINS and I
> > > can ping domain controller using name so I don't think
> > > it's naming issue.
> > >
> > > I used a sniffer captured some data, client is sending
> > > logon request to domain controller but didn't get any
> > > response. Looks like PIX blocks it. How do I open
> > > it(port 137, 138, 139)?
> > >
> > > Thanks in advance.
> > >
> > >
> > > Jim
> > >
> > > --- Scott Morris <[EMAIL PROTECTED]> wrote:
> > > > Your problem is likely the propgation of
> > > > broadcasts...  Or lack thereof.
> > > > One thing you can do (I'm assuming you have a router
> > > > before (LAN-side) the
> > > > PIX) is set up an ip-helper address to forward
> > > > UDP-level broadcasts (like
> > > > 138/139 Netbios) to the NT server.
> > > >
> > > > The other thing you can do is bypass that broadcast
> > > > thought process by using
> > > > LMHosts files on the workstations at the branch
> > > > office.  That will pre-load
> > > > (if you use the #PRE designation) the NetBIOS cache
> > > > and give you IP
> > > > addresses to go to.  So if you have IP reachability,
> > > > things will work just
> > > > fine then.
> > > >
> > > > In LMHOSTS. :
> > > >
> > > > (ip address) (Netbios name) #PRE #DOM:(domain name
> > > > if domain controller)
> > > >
> > > > Also, to refresh without rebooting the PCs, "nbtstat
> > > > -R"
> > > >
> > > > Hope this helps!
> > > >
> > > > Scott
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > Jim Bond
> > > > Sent: Thursday, December 07, 2000 1:19 AM
> > > > To: [EMAIL PROTECTED]
> > > > Cc: [EMAIL PROTECTED]
> > > > Subject: tough VPN question
> > > >
> > > >
> > > > Hello,
> > > >
> > > > I'm trying to set up a IPSec between a PIX (branch
> > > > office) and router (central office). All PCs at
> > > > branch
> > > > office share 1 ip address. IPSec seems to be working
> > > > fine because clients can ping/telnet/email/map
> > > > drives
> > > > from/to central office. The problem is they can't
> > > > logon NT domain. They can ping domain controller
> > > > though.
> > > >
> > > > Any idea why they can't log on NT domain? (The
> > > > machines were already added to domain)
> > > >
> > > > Thanks in advance.
> > > >
> > > >
> > > > Jim
> > > >
> > > > __
> > > > Do You Yahoo!?
> > > > Yahoo! Shopping - Thousands of Stores. Millions of
> > > > Products.
> > > > http://shopping.yahoo.com/
> > > >
> > > >
> > > ___
> > > > To unsubscribe from the CCIELAB list, send a message
> > > > to
> > > > [EMAIL PROTECTED] with the body containing:
> > > > unsubscribe ccielab
> > > >
> > > > __

RE: eXtreme ,juniper, Foundary and Cisco

[Joseph Ezerski]

You bring up very good points.  I would like to add another.  I work for an
ISP and there is a lot to be said for a homogenous network.  I am familiar
with IOS and as the majority of our network devices are Cisco, I have an
easier time learning new things or figuring out others.  Also, it is nice to
be able to go to one source to get answers.  I am not necessarily the
biggest fan of Cisco, but going the Cisco route does have major benefits.

FYI, I have used Boson Tests.  I find them to be excellent tools for putting
you into the mindset of the exam.

Joseph

-Original Message-
From: Bharat Suneja [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 11, 2000 9:33 AM
To: [EMAIL PROTECTED]
Subject: Re: eXtreme ,juniper, Foundary and Cisco


I'd just like to point out one fact that most enterprises do give a lot of
thought before making purchase decisions - Extreme, Foundry, Juniper, et al
DO NOT have end-to-end solutions. Cisco does.

The former also do not have a trained pool of network engineers to recommend
and implement their products, whereas you'll find plenty of Cisco-trained,
Cisco-experienced network engineers, designers & support professionals.
Cisco IOS offers one consistent interface & CLI throughout most of its
product line. Cisco also offers an impressive range of Network Management
products that we're yet to see from other vendors.

It's an endless debate - but not all enterprise networks require the
performance & capabilities of a Juniper or a Foundry.

Having said that, let me also add that as things stand, by no means is Cisco
technologically the most superior throughout the length & breadth of its
entire prouduct line. Juniper, Extreme, Foundry and others do have their
niches that they fill quite effectively, and pose challanges to Cisco in
those markets.

And as someone correctly pointed out, the basic networking knowledge is
still required even to implement other vendors' products. I doubt the CCIE
will lose its value any time soon, but we just might see a deluge of CCNAs &
CCNPs bred on the ExamCrams, Transcenders & Bosons.

(I'm yet to determine how many of the people on this newsgroup have/have not
used Boson tests... :-)

Bharat Suneja


"Mohamed Heeba" <[EMAIL PROTECTED]> wrote in message
91B200CBBEC3D111992A00805F31E6CB8807A3@MINAMAIL">news:91B200CBBEC3D111992A00805F31E6CB8807A3@MINAMAIL...
> so wat do u think the value of Cisco Certificates in the market , how long
> time this value is going to retain its bright ??
>
> > -Original Message-
> > From: Andy Walden [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, December 11, 2000 5:34 AM
> > To: Mohamed Heeba
> > Subject: Re: eXtreme and Cisco
> >
> >
> > They won't die, but they are loosing a ton of market share. Juniper is
> > really kicking them hard on the router side (7xxx-12xxx). Foundry and
> > Extreme are kicking them hard on the enterprise side (5xxx-6xxx). At
some
> > point its all going to add up and be very painful for Cisco. That is the
> > price of being the big boy in town. They are slow and strapped down with
a
> > huge existing customer based and bloated buggy IOS where the other
> > manufacturers don't have that problem.
> >
> > andy
> >
> > On Mon, 11 Dec 2000, Mohamed Heeba wrote:
> >
> > > hi guys
> > > just coming now from extreme presentation .looks like they have much
> > more
> > > stronger products than cisco (in giga swtiches of course )do u
think
> > > guys that Cisco is going to die because of small focused companies
like
> > > extreme and jinper ??? if anyone feel interested ..we would like to
> > discuss
> > > this
> > >
> > >
> > > Mohamed
> > >
> > > _
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCO Login

[Joseph Ezerski]

To add from my own personal experience, I work for an ISP.  We buy the
majority of our stuff from Cisco and as a result, we have CCO logins.  If
your company is a Cisco reseller, or you buy a lot of gear from them, I
would venture to say that a CCO login is merely a click or a phone call
away.

Here is an excerp from an email from our Cisco Rep:

"Go to www.cisco.com
click on Register at the top
Click on 1A
Click Next
Where it asks you to Enter your Cisco Registration or Service Contract
Number, put in xxx
Fill out the info from there and you should be good to go.  Everyone over
there can repeat this process to get a CCO login."

Note:  xxx= your particular contract number.

Hope it helps.

Joseph

-Original Message-
From: Ash Aslam [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 11, 2000 11:17 PM
To: Cisco Group Study
Subject: Fwd: CCO Login


This may help clear some of the questions regarding those of you seeking
after their own personal CCO login from Cisco.  Below are details on how to
receive your registered CCO login.  Pls read the email from bottom to top.

Regards.
Ash

-Original Message-
From: Debbie Silva [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 11, 2000 6:14 PM
To:  [EMAIL PROTECTED]
Subject: RE: Fwd: CCO Login

CCIE lab

~*~*~*~*~*~*~*~*~*~*~*~*
Debbie Silva
CCIE Program
150 W Tasman Dr
San Jose,Ca 95134
PH: 408 527-0787
Pg: 1-800 365-4578
[EMAIL PROTECTED]
~*~*~*~*~*~*~*~*~*~*~*~*

At 01:49 AM 12/09/2000 +, you wrote:

  Hi,

  Does this mean having a CCIE written or CCIE lab?

  Thanks
  Ash
  -Original Message-
  From: Debbie Silva [mailto:[EMAIL PROTECTED]]
  Sent: Friday, December 08, 2000 4:21 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Fwd: CCO Login


  You have to become a CCIE to get access to CCO.


  Thanks

  ~*~*~*~*~*~*~*~*~*~*~*~*
  Debbie Silva
  CCIE Program
  150 W Tasman Dr
  San Jose,Ca 95134
  PH: 408 527-0787
  Pg: 1-800 365-4578
  [EMAIL PROTECTED]
  ~*~*~*~*~*~*~*~*~*~*~*~*

  At 12:07 PM 12/06/2000 -0800, you wrote:
  >>Reply-To: <[EMAIL PROTECTED]>
  >>From: "Ash  Aslam" <[EMAIL PROTECTED]>
  >>To: <[EMAIL PROTECTED]>
  >>Subject: CCO Login
  >>Date: Sun, 12 Nov 2000 07:31:50 -
  >>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
  >>Importance: Normal
  >>
  >>Hi,
  >>
  >>Can you please confirm if it's true that if one attains the CCIE
Written
  >>exam, he/she automatically becomes eligible for a CCO login.
  >>
  >>Please let me know.
  >>
  >>Best Regards.
  >>Ash Aslam
  >>

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: GNS replies from furthest server

[Joseph Ezerski]

Not that I am any sort of expert in Novell, but have you checked the
encapsulation type of the local server and the clients to see if it matches?
Also, is the external IPX network number the same.  And, as someone else
mentioned, try and set a preferred server in your client software.

Just my 2 cents.

Joseph

-Original Message-
From: Scott McClure, CCNP, CCDA, MCNE [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 12, 2000 4:51 AM
To: [EMAIL PROTECTED]
Subject: Re: GNS replies from furthest server


Shaun,

Can you provide us an example of the 4908 configs?  The problem may be in
the IRB configuration, or in SAP spoofing (sometimes the router will respond
to GNS faster than the local servers).

Scott
"Shaun Wakelen" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can anybody shed some light on this problem. We have installed a gigabit
> network using 3548's and 4908's. Two 3548's have Novell servers (NetWare
4)
> connected to them, and also have links to WAN routers. These are connected
> to two 4908's running IRB and HSRP. To the 4908's are four further 3548's
to
> which the Novell clients are attached. The problem is, when a client
starts
> up, the GNS request is being replied to by a server on the other side of
the
> WAN link, and not a local one. If the remote server is disconnected then a
> different remote server replies. The IPX routing table shows the local
> servers with the lowest hop count and metric. This was originally an ATM
> network, which works perfectly.
>
> I now have several bumps where I have been hitting my head against a brick
> wall!
>
> Any ideas
>
> Thanking you in advance
> Shaun Wakelen
> This e-mail and any attachments may contain privileged, confidential
and/or
> copyright information and is for the sole use of the intended addressee.
If
> you are not the named recipient, please notify the sender immediately and
do
> not disclose the contents to another person, use it for any purpose, or
> store or copy the information in any medium.This message is subject to and
> does not create or vary any contractual relationship between Telindus
K-NET
> Ltd and you.
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Find Great Prices on Books

[Joseph Ezerski]

Also, I posted a week or so ago about getting CCIE series books through
Wal-mart.  Normally I do not hype any particular place, but Walmart.com has
most of the CCIE books (that list for $70.00 US) for 49.99 US.  I received
my first book from them and everything came out alright, and these are the
hardcover editions.  Anyway, feel free to shop and compare wherever you feel
comfortable.  Hope it all helps.

Joseph
CCNP

-Original Message-
From: Talib [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 18, 2000 10:07 AM
To: [EMAIL PROTECTED]
Subject: Find Great Prices on Books


One of the best places to go and compare book prices is
http://www.isbn.nu

Also, always check out ebay for auctions.


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Last Nights DC Group Meetings

[Joseph Abbott]

I have seen all the e-mails flying around this group the 
past few 
days as to who the heck was speaking at the meeting. I spoke with 
Cisco training who stated that they would not comment on Cisco 
litigation against me, Howard Berkowitz or any other CCIE, website or 
publisher involved in legal proceedings.  

At this point it was premature to mention action that Cisco is taking 
because they have not taken it yet.  The speaker who was addressing 
everyone at the training partner meeting was a vice-president at 
Cisco, Ed Kozel.  I heard that I was going to be nailed to a cross 
for passing out a documents which resembled the CCIE lab to people at 
a Bay Area group meeting a few months back.  I also heard that Ralph 
Ramal, Howard Berkowitz, and I are targets of lawsuits from Cisco for 
violating the NDA agreement.  I have aquired an attorney yesterday 
who made an inquiry to Cisco's legal department and apparently they 
are going to be serving me soon,  they stated within the next 90 
days.  Until then I guess I wait and loose sleep.  

Joe Abbott, CCIE
Get your Free Website & Free E-mail at 
http://www.tcfb.comGet
 your own FREE Web and POP E-mail Service in 14 languages at 
http://www.zzn.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: So what SHOULD a CCIE know?

[Joseph Ezerski]

It is obvious that with the explosion of the Internet that networks and
networking, in general, are moving to a more unified approach.  We are
seeing legacy protocols that could not stand the test of time give way and
die in the face of TCP/IP.  All of this is good news for CCIE's among
others.  The more things standardize on tried and true open standards, the
better off our jobs will be, not to mention the experience of the customers
we service.  Imagine a world with no Appletalk, IPX, SNA, LAT, etc.  Imagine
that there are a few base protocols like TCP/IP working in tandem with
Routing Protocols like OSPF and BGP.  I beleive that when that day arrives,
the CCIE should be a true expert in the pared down world wide standards that
emerge as the dominant players.  The less needless complexity that we need
to grapple with, the better we can become and hone our skills to the expert
level.  

Just my 2 cents

Joseph

-Original Message-
From: Chuck Larrieu [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 27, 2000 11:40 AM
To: Cisco Mail List
Subject: So what SHOULD a CCIE know?


We've all seen a number of comments about the CCIE written and the CCIE Lab,
regarding content. Most of those comments have been negative.

So, what SHOULD be tested? What SHOULD a CCIE know?

Anyone?

Chuck
--
I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life as
it has been is over ( if you hope to pass ) From this time forward, you will
study US!
( apologies to the folks at Star Trek TNG )

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Modem access from Router

[Joseph Ezerski]

As far as using the AUX port, I have been able to get by with the following
minimal config:

line aux 0
 exec-timeout 30 0
 password x (your own password here)
 modem InOut
 modem autoconfigure discovery
 transport input all
 stopbits 1

Mind you, I had a USR Sportster attached to the aux port, which is listed in
the modemcap database, thus allowing me to squeek by with an autoconfigure
discovery command.  If you have some other model that is not in the
modemcap, then you may have to add a few more lines.  Also, if a password is
not necessary, nor a timeout period, you could also delete those lines.

Less is more!

Joseph


-Original Message-
From: Adam Quiggle [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 04, 2001 3:21 AM
To: Sam; [EMAIL PROTECTED]
Subject: Re: Modem access from Router


Sam,

Here is a sample config from a 2501 that gives you PPP access to your
network through the aux port.  Don't worry about the missing lines because
I've pulled stuff out that wasn't relevant to your question as well as
stuck some stuff in that you need.

Notice that "line 1" is all about configuring the physical layer, while
"async 1" is all about configuring the data link layer and network layer.

HTH,
AQ
p.s. If all you want is console access, this config should give it to
you as well.


1  version 12.0
2  service timestamps debug uptime
3  service timestamps log uptime
4  no service password-encryption
5  !
6  hostname RouterAsyncConfig
9  !
10 ip subnet-zero
11 !
22 interface Loopback0
23  ip address 1.1.1.1 255.255.255.255
24  no ip directed-broadcast
25 !
26 interface Ethernet0
27  no ip address
28  no ip directed-broadcast
29  no ip route-cache
30  no ip mroute-cache
31  shutdown
32 !
33 interface Serial0
34  ip address 192.168.10.2 255.255.255.0
35  no ip directed-broadcast
36  no ip route-cache
37  no ip mroute-cache
38  no fair-queue
39 !
40 interface Serial1
41  no ip address
42  no ip directed-broadcast
43  no ip route-cache
44  no ip mroute-cache
45  shutdown
46  no fair-queue
47 !
48 interface Async1
49  no ip address
50  no ip directed-broadcast
51  encapsulation ppp
52  async mode interactive
53  peer default ip address pool default
54  ppp authentication ms-chap chap pap
59 !
47 ip local pool Dialup-pool 172.16.20.10 172.16.20.100
60 ip classless
61 !
62 line con 0
63  exec-timeout 0 0
64  transport input none
65 line aux 0
66  no exec
67  no motd-banner
68  no exec-banner
69  autoselect ppp
70  modem Dialin
71  modem autoconfigure type usr_sportster
72  transport input all
73  stopbits 1
74  speed 38400
75  flowcontrol hardware
76 line vty 0 4
77  login
78 !
79 end


At 10:35 AM 1/3/01, Sam wrote:
>Hello friends
>
>I have a modem connected to the AUX port of my router. I am using this
modem
>to dial into the router.
>
>Now I need to access this modem from the router.
>What do i need to configure on the router to be able to access the modem
>from the router itself. ie to be able to configure the modem using the AT
>command set.
>Could someone help me out on this.
>
>Thanks
>
>Sam
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


**
  Adam Quiggle
  Senior Network Engineer
  MCI Worldcom/NOC/BP Amoco
  [EMAIL PROTECTED]
**

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Modem access from Router

[Joseph Ezerski]

Oops, I did not read the original post. My config is really mostly for
dialing into the router from an outside host, like a PC.  Sorry.

Joseph

-Original Message-
From: Joseph Ezerski 
Sent: Thursday, January 04, 2001 8:02 AM
To: 'Adam Quiggle'; Sam; [EMAIL PROTECTED]
Subject: RE: Modem access from Router


As far as using the AUX port, I have been able to get by with the following
minimal config:

line aux 0
 exec-timeout 30 0
 password x (your own password here)
 modem InOut
 modem autoconfigure discovery
 transport input all
 stopbits 1

Mind you, I had a USR Sportster attached to the aux port, which is listed in
the modemcap database, thus allowing me to squeek by with an autoconfigure
discovery command.  If you have some other model that is not in the
modemcap, then you may have to add a few more lines.  Also, if a password is
not necessary, nor a timeout period, you could also delete those lines.

Less is more!

Joseph


-Original Message-
From: Adam Quiggle [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 04, 2001 3:21 AM
To: Sam; [EMAIL PROTECTED]
Subject: Re: Modem access from Router


Sam,

Here is a sample config from a 2501 that gives you PPP access to your
network through the aux port.  Don't worry about the missing lines because
I've pulled stuff out that wasn't relevant to your question as well as
stuck some stuff in that you need.

Notice that "line 1" is all about configuring the physical layer, while
"async 1" is all about configuring the data link layer and network layer.

HTH,
AQ
p.s. If all you want is console access, this config should give it to
you as well.


1  version 12.0
2  service timestamps debug uptime
3  service timestamps log uptime
4  no service password-encryption
5  !
6  hostname RouterAsyncConfig
9  !
10 ip subnet-zero
11 !
22 interface Loopback0
23  ip address 1.1.1.1 255.255.255.255
24  no ip directed-broadcast
25 !
26 interface Ethernet0
27  no ip address
28  no ip directed-broadcast
29  no ip route-cache
30  no ip mroute-cache
31  shutdown
32 !
33 interface Serial0
34  ip address 192.168.10.2 255.255.255.0
35  no ip directed-broadcast
36  no ip route-cache
37  no ip mroute-cache
38  no fair-queue
39 !
40 interface Serial1
41  no ip address
42  no ip directed-broadcast
43  no ip route-cache
44  no ip mroute-cache
45  shutdown
46  no fair-queue
47 !
48 interface Async1
49  no ip address
50  no ip directed-broadcast
51  encapsulation ppp
52  async mode interactive
53  peer default ip address pool default
54  ppp authentication ms-chap chap pap
59 !
47 ip local pool Dialup-pool 172.16.20.10 172.16.20.100
60 ip classless
61 !
62 line con 0
63  exec-timeout 0 0
64  transport input none
65 line aux 0
66  no exec
67  no motd-banner
68  no exec-banner
69  autoselect ppp
70  modem Dialin
71  modem autoconfigure type usr_sportster
72  transport input all
73  stopbits 1
74  speed 38400
75  flowcontrol hardware
76 line vty 0 4
77  login
78 !
79 end


At 10:35 AM 1/3/01, Sam wrote:
>Hello friends
>
>I have a modem connected to the AUX port of my router. I am using this
modem
>to dial into the router.
>
>Now I need to access this modem from the router.
>What do i need to configure on the router to be able to access the modem
>from the router itself. ie to be able to configure the modem using the AT
>command set.
>Could someone help me out on this.
>
>Thanks
>
>Sam
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


**
  Adam Quiggle
  Senior Network Engineer
  MCI Worldcom/NOC/BP Amoco
  [EMAIL PROTECTED]
**

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dizzy from bcran study

[Joseph Ezerski]

I actually enjoyed Catherine's book for BCRAN.  At first I was a little
dizzied by all the dialer stuff.  But if you look, there is a pattern there
that fits the Cisco model for the most part.  For example...a Dialer list is
like an Access List for DDR.  And, in the Cisco World, you might apply an
access list to an interface with the "access-group" commmand.  Well, for
BCRAN, you apply a dialer list with the "dialer-group" command.  Beleive it
or not, the Boson tests helped me to get a grip on all the dialer concepts.
I kept missing the same questions and it forced me to go back and review
those parts of the book to solidify the idea.  I also like the ability to
jump to the web link for each question.  Normally, the question references
CCO or the specific page in the book.  The Boson exams, for the most part,
are based on Paquet's BCRAN book, so they mesh well.  I know I didn't give
you much, but I hope it helps, if even only  a little.  Good luck on your
exam.

-Joseph

-Original Message-
From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 05, 2001 7:55 AM
To: '[EMAIL PROTECTED]'
Subject: dizzy from bcran study


Coming from an ISP background and being "dedicated connection" orientated,
studying for the BCRAN is making me dizzy. Dialer-group, dialer pool, dialer
map class, etc. I'm having fun trying to keep it all straight. I'm reading
the Catherine Paquet Cisco Press BCRAN text. Has anyone found a good
mnemonic to memorize all of this stuff? 

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP implementations

[Joseph Ezerski]

I am no BGP master, but from what I understand is that there are a few
"rules of thumb" so to speak.  The first being that it is not deemed
acceptable to peer anything smaller than a /20.  There is an RFC written
about this, I beleive, RFC#2008.  The reason being that it is highly
desirable to keep your routing tables as efficient as possible.  If everyone
peered and advertised a /24, there would be too many routing table entries
to make it work efficiently.  As of this email, there are close to 100,000
advertised routes on the Internet.  Secondly, You need a pretty powerful
router to peer with.  I see many people saying that 128MB of memory is
desirable, not to mention a larger router, like a 7000 series, etc.  Like I
said, I am a pure BGP beginner, but undoubtly, the masters here on
Groupstudy will have their say.

-Joseph

-Original Message-
From: Arif Ali [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 05, 2001 9:20 AM
To: [EMAIL PROTECTED]
Subject: BGP implementations


Dear Fellows,

I have little routing problem, I have three links with three different
ISP's and 32 class C address Pool . I want to route 192.168.96.0/23,
192.168.102.0/23, 192.168.104.0/20 from ISP1 and 192.168.120.0/21 from
ISP 2 and 192.168.98.0/22 from ISP3. Right now we are using static
routes but now i plan to go for BGP but i want load balancing and link
redundancy. for IGP i want to use OSPF.
Can it possible ?
How ?


(ISP1Router)-FastEthernet-(RouterA)-4MB
Serial-(RouterB)-2Mb Serial-(RouterC)2Mb
Serial(ISP2Router)

|

2Mb Serial

|

(ISP3Router)


I really appreciate your favor.
If you want any other information please feel free to contact me.


Kindest Regards my friends
Arif Ali

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay...Inverse-Arp..?

[Joseph Ezerski]

I have an interesting tidbit that I hope can add to this thread.  I was
doing a frame relay lab and set up a 2501 as a frame switch.  I had two
other 2501s as the remote ends.  I set up the major interface for frame
relay, but did NOT specify a DLCI number for both remote ends.  In the frame
switch, I added my frame-relay route commands for the respective major
interfaces and DID specify DLCI numbers.  What I found out is that the
remote ends "learned" their DLCI's from the frame switch.  I remember in my
studies that using the default Cisco LMI type buys you some auto discovery
of sorts.  I am not sure if this is playing a part in Nigel's experiment,
but why not give it a go by changing the default Cisco LMI type to some
other type and see if the results stays the same.

Joseph

-Original Message-
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Sunday, January 14, 2001 6:48 PM
To: Cisco Group Study; Chuck Larrieu; CCIE_Lab Group Study
Subject: Frame Relay...Inverse-Arp..?


Hi All,
I was working through a number of frame relay lab and made =
some pretty cool observations.  The big one being that I had Inverse-Arp =
working as well while using the "frame-map" command.  Everything I know =
tells me this shouldn't be but it works.
I reloaded the routers and the Inverse arp worked. Even after shutting =
down the interface and bringing it back up the Inverse-Arp still worked. =
=20

Anyone got any  thoughts on how this could be working?

Nigel...


_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay...Inverse-Arp..?

[Joseph Ezerski]

I think you got it right, but just to clarify

The frame switch looks like this:

Interface Serial0
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 20 interface serial1 30

Interface Serial1
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 30 interface serial0 20

Remote CPE #1 looks like this:

Interface Serial0
ip address 192.168.1.1 255.255.255.252
encapsulation frame-relay 
(notice no DLCI is assigned)

Remote CPE #2 looks like this:

Interface Serial0
ip address 192.168.1.2 255.255.255.252
encapsulation frame-relay 
(notice no DLCI is assigned)

My ping tests work between the two CPE's.  My best guess is that the LMI is
passing the important information across the point-to-point links.

As for doing this with the Telco, I am not sure.  Many times they use non
Cisco switches, so IETF encapsulation is needed and/or use a different LMI
type.  But why don't you try it and report back?

Joseph

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 15, 2001 10:57 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Frame Relay...Inverse-Arp..?


Ok, now you all got me interested. 

#1) From what I'm reading, you are saying that if you create a FR lab and 
just place the DLCI map commands on the frame switch for the remote ends,
and 
you have the LMI set right, then the remotes will automatically learn their 
DLCIs through LMI?

#2) Would this also work in a real environment concerning telco assigning
you 
DLCI numbers? What I'm saying is, after the telco gives you the DLCIs for 
your DTE interfaces (remote ends) usually you would go in and configure
them. 
If you didn't bother to go and configure them, would your remote ends 
automatically learn them from the FR switch somewhere in the telco's network

through LMI???

In a message dated 1/15/01 1:49:41 PM Eastern Standard Time, 
[EMAIL PROTECTED] writes:


> that should be true no matter what.  You are learning the DLCI's through
LMI
> a standard function of Frame Relay.  You will learn it regardless as long
as
> your router and the switch agree on what type of LMI they are using.
> 
> Steve
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Joseph Ezerski
> Sent: Monday, January 15, 2001 9:59 AM
> To: 'Nigel Taylor'; Cisco Group Study; Chuck Larrieu; CCIE_Lab Group
> Study
> Subject: RE: Frame Relay...Inverse-Arp..?
> 
> 
> I have an interesting tidbit that I hope can add to this thread.  I was
> doing a frame relay lab and set up a 2501 as a frame switch.  I had two
> other 2501s as the remote ends.  I set up the major interface for frame
> relay, but did NOT specify a DLCI number for both remote ends.  In the
frame
> switch, I added my frame-relay route commands for the respective major
> interfaces and DID specify DLCI numbers.  What I found out is that the
> remote ends "learned" their DLCI's from the frame switch.  I remember in
my
> studies that using the default Cisco LMI type buys you some auto discovery
> of sorts.  I am not sure if this is playing a part in Nigel's experiment,
> but why not give it a go by changing the default Cisco LMI type to some
> other type and see if the results stays the same.
> 
> Joseph
> 



_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Seally Question!!!!

[Joseph Kiang]

What's the difference between NetBIOS and NetBEUI???
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIEBootCamp Labs

[Joseph J]

Sorry for changing the subject. But I think you folks may give me the
answer.
Just like to know when should you take lab exam after passed the written
test. I mean, should written exam expire?/

Thanks!

""Patrick Murphy"" <[EMAIL PROTECTED]> wrote in message
8qu434$kn4$[EMAIL PROTECTED]">news:8qu434$kn4$[EMAIL PROTECTED]...
> Any current list members using these labs? I am considering purchasing
them
> and the reviews on their site look good.
>
> Just looking for honest unbiased opinions before I spend my hard earned
> dollars!
>
> Patrick
>
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Free book - Successful Implementation Strategies for SLM.

[Joseph Cheng]

Successful Implementation Strategies for Service-Level
Management."


http://www.cisco.com/offer/sms/V561-1006Y




__
Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!
http://photos.yahoo.com/

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISL VLANS on a router - bridged?

[Joseph Ezerski]

I am not sure, but logic seems to dictate that both interfaces belong to the
same layer 2 network.  The way I am picturing it is like this:

In any regular layer 2 switched network, you can have many devices of the
same type.  You could have many clients or servers, or printers or even
routers.  So why wouldn't the same hold true for your scenario? Now, when
you bring it up to layer 3, you definitly have two distinct subnets working.
The differnece would lie in how your end users are configured, ie- Which
interface IP do you assign as their default gateway...

Sorry for the oversimplification.  It's my first day on the list and I am
trying to get involved.

Joseph Ezerski
LMKI Communications

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 10, 2000 12:47 PM
To: [EMAIL PROTECTED]
Subject: ISL VLANS on a router - bridged?


On a switch, if a unique VLAN ID appears on more than one trunked
interface, that VLAN is part of the same layer 2 network and broadcast
domain across all interfaces where it appears, based on the VLAN number.  

Is this also true on a router?  That is, if I have the following 
configuration, what happens?  Do VLAN 2 on switches connected to 
both interfaces see each other?  

interface FastEthernet0/0.2
 description VLAN 2 to switch A
 encapsulation isl 2
 ip address 192.168.1.254 255.255.255.0
 no ip redirects
 no ip directed-broadcast

interface FastEthernet0/1.2
 description VLAN 2 to switch B
 encapsulation isl 2
 ip address 192.168.2.254 255.255.255.0
 no ip redirects
 no ip directed-broadcast

Two separate subinterfaces of two separate physical interfaces connected 
to two different LANs, but with the same ISL encapsulation "color".  Are 
they bridged?  Would the IP address ranges both appear on both LANs?  

Can't find this in CCO anywhere.

-- 
Jay Hennigan  -  Network Administration  -  [EMAIL PROTECTED] 
NetLojix Communications, Inc.  NASDAQ: NETX  -  http://www.netlojix.com/
WestNet:  Connecting you to the planet.  805 884-6323 

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Password encryption decoder

[Joseph Ezerski]

I beleive the enable password encryption is only 40 bit, so if you can get a
copy of the string you should be able to use any standard 40 bit password
cracker.

Also, if it is a matter of recovering a forgotten password and you have
physical access to the router, cisco.com has outlined a procedure to reset
the password through ROMMON mode.  You'll have to search the website,
though..

-Original Message-
From: Daniel [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 10, 2000 1:21 PM
To: [EMAIL PROTECTED]
Subject: Re: Password encryption decoder


The Boson software works great for most password decryption.  Do you know of
any software that will decrypt enable secret passwords?  The Boson software
will not do it.

Daniel


""Barnhill, Don"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> William,
>
> Try www.boson.com  They have a free set of utilties that includes a tftp
> server, syslog server, and password decoder.
>
> Don Barnhill
> MCSE,ASE,CCNP,CCDA
>
> -Original Message-
> From: Plantier, William [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 10, 2000 10:13 AM
> To: '[EMAIL PROTECTED]'
> Subject: Password encryption decoder
>
>
> Where can I find the Password encryption decoder for Cisco encrypted
> passwords?
>
> Thanks
>
> Wm. Spencer Plantier
> LAN Engineer
> (919) 474-1300 ext 0873 Office
> (919) 474-1056 Fax
> (919)696-8848 Cell
> [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Back to Back CSU's in a Frame Relay experiment

[Joseph Ezerski]

I have:

A 2610 with a WIC 1DSU-T1 (internal CSU/DSU)

A 1601 with a WIC 1DSU-T1. (internal CSU/DSU).

I created a T-1 crossover cable according to Cisco's specs.

I am trying to connect those two routers in a simulated frame relay
connection.  I connected the crossover cable and configured my two routers
to accept frame signals.  I was not successful. I config'd both routers to
have sub-interfaces with an IP address on the same subnet.   I did set the
2610 to have internal clock source and I set the 1601 to clock source line.
I currently get LINE UP, PROTOCOL down on the major interface and DOWN-DOWN
on the subinterface.  What is it that I am missing?  

FROM 2610-->>>
Serial0/0 is up, line protocol is down 
  Hardware is PQUICC with Fractional T1 CSU/DSU
  Description: Psuedo Frame Link
  MTU 1500 bytes, BW 1544 Kbit, DLY 2 usec, 
 reliability 254/255, txload 1/255, rxload 1/255
  Encapsulation FRAME-RELAY, loopback not set
  Keepalive set (10 sec)
  LMI enq sent  56, LMI stat recvd 0, LMI upd recvd 0, DTE LMI down
  LMI enq recvd 87, LMI stat sent  0, LMI upd sent  0
  LMI DLCI 1023  LMI type is CISCO  frame relay DTE
  Broadcast queue 0/64, broadcasts sent/dropped 2/0, interface broadcasts 2
  Last input 00:00:00, output 00:00:08, output hang never
  Last clearing of "show interface" counters 00:09:34
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops) 
 Conversations  0/1/256 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
 88 packets input, 1427 bytes, 0 no buffer
 Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 14 input errors, 0 CRC, 14 frame, 0 overrun, 0 ignored, 0 abort
 106 packets output, 3408 bytes, 0 underruns
 0 output errors, 0 collisions, 17 interface resets
 0 output buffer failures, 0 output buffers swapped out
 1 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

*
(also from 2610)

interface Serial0/0
 description Psuedo Frame Link
 no ip address
 encapsulation frame-relay
 service-module t1 clock source internal
!
interface Serial0/0.10 point-to-point
 description Pseudo Frame Link
 ip address 192.168.0.2 255.255.255.0
 frame-relay interface-dlci 16 protocol ip 192.168.0.1

***Note that the 1601 is configured almost exactly the same except that it
has an IP ADDR of 192.168.0.2 /24 but I did not include the running config
to save space.

Thanks in advance.

Joe

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Do you know any software which can emulate IBM PC as a Mac?

[Joseph J]

Sorry for interrupt!

Joseph


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Doyle's book - ROuting TCP/IP

[Joseph Ezerski]

Just a note:

I saw on Amazon that Jeff Doyle's book (which seems fairly popular here on
groupstudy) is currently being prepped for 2nd edition.  The due date is
March 2001.  This is just in case you have recently ordered it and have the
time to wait for the new editon.

Joe

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Jobs in DC

[Joseph W.]

Hello everybody,
I am a a CCNP in the Wahington, D.C. area and I am looking for a new job.  I 
was wondering if any of you know of company that's hiring.  I am ready to 
interview at any time.
Thanks,
Joseph
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Testing123

[Joseph Marraccino]

testDo You Yahoo!?
Yahoo! Messenger - Talk while you surf!  It's FREE.

Jobs in DC

[Joseph W.]

Hello everybody,
I am a a CCNP in the Wahington, D.C. area and I am looking for a new job.  I 
  was wondering if any of you know of company that's hiring.  I am ready to  
interview at any time.
Thanks,
Joseph

_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ntp query

[Joseph Sunia]

If the routers can't be configured with polling interval to query the
ntp server, will they then continue to poll every 60-64 seconds?  Or do
they only poll when the time is not synch'd with the server?  Does the
algorithm detect this dynamically? I've seen on Unix servers where the
poll stat was either 512 (8min) or 1024 (17 min), will Cisco
router/switch behave similarly? where by default it polls once every
60-64secs but as long as time synch's with the server it won't poll
again for anumber of minutes later?

Thanks.
J.Sunia
Network Engineer


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

question : ethernet collision rule of thumb...

[E Joseph]

I would first like to thank everyone.  I have been a
member of this groups for several years now.  I have
never actually posted a question, generally I just
absorb others questions.  I realise there is no
concrete answer on this, BUT how many collision on a
shared media ethernet segment does it take before
having a problem??  I was just invovled in a situation
 where we had a hub hanging off a hub connected to our
6509.  The switchport error disabled and I had to
track the devices down. I beleive you will always see
some collisions in a shared ethernet environment??? 
At what collision rate should you get worried???  How
much does it take to shut a switch port down???

 Thanks,
  Ed

__
Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!
http://calendar.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Voice Ready Router [7:1092]

[Joseph Padian]

It depends on what model 1750. There are 3 models: 1750, 1750 2V, 1750 4V.
The 1750 2V-4V you only need a VIC.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1101&t=1092
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help on Cisco 4000 Switch [7:6191]

[Joseph Cheng]

Hi,

My friend has a question on the Cisco 4000 switch, can
anyone please help?  Thanks in advance.

==
When a Cisco 1720 is hookup to the switch, if there is
no traffice from the 1720, it will be disconnected
from the Cisco catalyte 4000 switch after a preset 300
seconds.

The mac-address of 1720 will be disappeared from the
Cisco 4000 switch arp table.

Is this OK to use "set arp static-address" to
permantly write the 1720 mac-address and IP into the
4000 switch arp table?
==

Thanks,
JC

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6191&t=6191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help on Cisco 4000 Switch [7:6191]

[Joseph Cheng]

hehe.. Interesting.

Why in the past when I used "I" to make a statement
here and you didn't notice it before?  =)

Just to clarify it,  If you want to have that guy "my
friend"'s work #, mobile #, email address, work
address..etc  as well as my work #, mobile #, email
address, work address, I will be so glad to send you
the info.
The reason I asked for him is that I am only studying
Routing 2.0, and don't know too much on Switches.

But don't get me wrong, I do appreciate all the
suggestions.

JC.

--- Rik Guyler  wrote:
> Friend, eh?!?  Oh the humanity...  ;-}
> 
> Well, you could set a static entry but why?  The ARP
> table is designed to be
> dynamic so that it doesn't grow to a large size and
> really create additional
> overhead.  Remember, before ARP does its broadcast
> search, the switch will
> check the ARP cache.  The bad news: the ARP cache is
> parsed from the top
> down.  So if the table becomes large, static entries
> may actually slow
> things down.  I wouldn't get into the habit of
> adding static entries, but if
> "his" little heart desires it so badly...
> 
> BTW - removing the router's entry from the ARP table
> will not disconnect it
> from the switch.  All that it really does is force
> the switch to broadcast
> for the MAC address of the router if it's not in the
> table and that really
> doesn't take much time at all.  If a disconnect is
> really happening, then
> you...I mean he...has other issues to contend with.
> 
> Rik
> 
> -Original Message-
> From: Joseph Cheng [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 29, 2001 3:23 AM
> To: [EMAIL PROTECTED]
> Subject: Help on Cisco 4000 Switch [7:6191]
> 
> 
> Hi,
> 
> My friend has a question on the Cisco 4000 switch,
> can
> anyone please help?  Thanks in advance.
> 
> ==
> When a Cisco 1720 is hookup to the switch, if there
> is
> no traffice from the 1720, it will be disconnected
> from the Cisco catalyte 4000 switch after a preset
> 300
> seconds.
> 
> The mac-address of 1720 will be disappeared from the
> Cisco 4000 switch arp table.
> 
> Is this OK to use "set arp static-address" to
> permantly write the 1720 mac-address and IP into the
> 4000 switch arp table?
> ==
> 
> Thanks,
> JC
> 
> __
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great
> prices
> http://auctions.yahoo.com/
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=6647&t=6191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Router problem inserting into token ring [7:33304]

[Joseph Slawinski]

Thank you all for your replies.  I have solved the problem, apparently these
MAU's are not capable of 16mb speeds.  I chaned the speed on the token ring
cards and the routers to 4mb and everything is working great.

I don't need 16mb anyway because this is a non production lab.  

Thank you all for you help.

Joseph J. Slawinski
AT&T Global Networks
Network Technician
CCNP,CCNA,A+,Apple,HP,Canon


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33744&t=33304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Topic repeat [7:33865]

[Joseph Brunner]

get real.. what SDSL Provider is going to do BGP with you ?

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 12:20 PM
To: [EMAIL PROTECTED]
Subject: Re: Topic repeat [7:33865]


You can use BGP if you simply receive partial routes from say the SDSL
provider and point default at the other with floating default for SDSL
provider.  This way you can dynamically announce your network, get some
load balancing and redundancy.

  Dave

Shawn Xu wrote:
> 
> First of all, I should announce I have searched Archives before I post
this
> message, but not exactly match my question.
> 
> Some people said for this topic you have to use BGP, and some people said
> you can use default route if you are only for load balance and fault
> tolerance purpose.
> 
> We have one client, who currently uses T1 line (Cisco 2503 router) to an
> ISP, and has a whole class C ip address (/24) from the ISP. And on their
> local network, they have web server, mail server, etc. everything is
working
> fine.
> 
> Now they want to connect to us using SDSL line (Cisco 1605 router) for
load
> balance and fault tolerance.
> 
> How to do that?
> 
> 1. Cannot use BGP, because nobody wants to buy a BGP router.
> 2. Static or default route:
> (1) HSRP groups implement load sharing, and automatically switching over
in
> case  of one line is down, is it right?
> (2) Because they are using T1 line ISP's IP address for local network, if
T1
> line is down, how can we route their traffic through DSL line, ip route
> 0.0.0.0 0.0.0.0 DSL_ISP will work? and from outside how people can reach
> their local network through DSL line?
> 
> Thanks
> 
> Shawn
> 
> _
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

"Emotion should reflect reason not guide it"




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33895&t=33865
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cef debug error "slow service", what [7:34218]

[Joseph Brunner]

are you running cef with NAT ?

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: bergenpeak [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 02, 2002 4:03 PM
To: [EMAIL PROTECTED]
Subject: cef debug error "slow service", what's it mean? [7:34218]


I'm having some problems wit CEF and so enabled a number of CEF
debug commands (ip cef drops, events, received).  I'm getting periodic
debug output which says "CEF: slow service".  What does this mean?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34229&t=34218
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Concentrator 3030 RADIUS authentication [7:34537]

[Joseph Brunner]

Configuration | User Management | Groups | Modify 

For the group under IPSEC you need to specify the authentication method
(Internal, NT Domain, 
Radius, SDI, etc) in addition to labeling it an "external" group.

once you do this if it still will not work, then do some debugs under 
Configuration | System | Events | Classes

for all 3 auth's


Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 5:50 PM
To: [EMAIL PROTECTED]
Subject: Concentrator 3030 RADIUS authentication [7:34537]


Hello,

I'm trying to set up authenticating groups externally
through RADIUS. I created a group and changed the type
to "External". On my RADIUS server (Safeword 5.1), I
created a group with the same name on 3030. Users
couldn't get authenticated. On 3030 log, it said user
unspecific.

Any thoughts?

Thanks.

Jim

__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34547&t=34537
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VIP2 microcode [7:34511]

[Joseph Carr]

Ok here is where we're at:

   We've never had this RSM with a proper image. The first time we booted it
there was only a boot image on it (c5rsm-boot-mz.112-12a.P1.bin), so we
don't know if there was some pre-existing hardware problem with our VIP2
card.

   With the old 11.2 *boot* image we didn't receive a boot error and
software does get loaded onto the VIP2 (sw ver 22.20). We can't see the
amount of memory on it and the microcode status is 0x4 (all from sh diag).
Also we can't see the ATM PAM interface, though the enabled light is on.

   We installed the c5rsm-jsv-mz.122-3.bin and we didn't have enough DRAM on
the RSM (only 32M) to support it so we reloaded the other image we had into
the RSM (c5rsm-jsv-mz.121-10.bin) and we received these errors during
bootup:

***CUT FROM CONSOLE***
%VIP-3-SVIP_RELOAD: VIP2 slot9 : SVIP Reload is called.
%VIP-3-SYSTEM_EXCEPTION: VIP2 slot9 : VIP System Exception occurred sig=10,
code
=0x1C, context=0x605154A4

%CBUS-3-CCBPTIMEOUT: CCB handover timed out, CCB 0x5800FFB0, slot 9
-Traceback= 602E6454 602E3B18 602E416C 602DB3E8 60269744 601C1C70 601C1E48
60249
B44 60249B30
***END CUT FROM CONSOLE***

   We also did a sh diag and saw that the "board is disabled wedged" and the
memory amount is unknown (like before), and this time, it doesn't say the sw
version (under sh cont cbus) and the microcode status is 0x5. Also shown
under sh diag is:

=== Flushing messages (00:00:01 UTC Mon Mar 1 1993) ===

Queued messages:
No fault history 0x. Need 11.1 (2) or
  higher ROM

   Under 12.1, this is what a sh cont vip all log displays (there isn't a sh
cont vip all log under 11.2 so I didn't get output from that version of
IOS):

show logging from Slot 9:
%Failed to connect to remote console : no such port

   I *think* we have the VIP2-15 because it has one SRAM slot and two DRAM
slots, thereby having 1MB of SRAM and 16MB of DRAM. (as a side note, what's
the SRAM for?).

   I apologize for the spam, but I don't know any other way to provide you
with enough info to diagnose this problem. I have edited out as much
information as possible. If there is some information that I left out that
would be important to see, let me know. I'm really not sure where to go
next.

Thanks,
Joe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34593&t=34511
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dynamic Mac Address Assignment [7:35303]

[Joseph Brunner]

IOS based switch -

3524XL_ATL(config-if)#mac-address ?
  H.H.H  MAC address



Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Kwame [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 13, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: Dynamic Mac Address Assignment [7:35303]


Pls ignore my previous post b'cos it's wrongly frame. Here's what I want to
ask:

Is it possible to assign a mac address to a catalyst switch such that the
switch would not use the burned-in-mac but rather use the assigned mac?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35309&t=35303
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DRAM and FLASH question [7:35600]

[Joseph Brunner]

www.memoryx.net

great prices, selection

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Ronnie [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 16, 2002 6:38 AM
To: [EMAIL PROTECTED]
Subject: DRAM and FLASH question [7:35600]


Hi all,

I was wondering if somebody good tell me the secret on Kingston memory and
flash in Cisco Routers.

Where is a good and not so expensive (I'm Dutch ..   :-)) site for
selling these items ?


Thanks in advanced ...


Cheers Ronald




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35622&t=35600
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DRAM and FLASH question [7:35600]

[Joseph Brunner]

www.memoryx.net

great prices, selection

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Ronnie [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 16, 2002 6:38 AM
To: [EMAIL PROTECTED]
Subject: DRAM and FLASH question [7:35600]


Hi all,

I was wondering if somebody good tell me the secret on Kingston memory and
flash in Cisco Routers.

Where is a good and not so expensive (I'm Dutch ..   :-)) site for
selling these items ?


Thanks in advanced ...


Cheers Ronald




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35622&t=35600
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP's and ISP going out of business [7:35850]

[Joseph Brunner]

No. Its usually non-portable space. Unless your a really important company
like USPS that has tonnes of portable space

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 19, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: IP's and ISP going out of business [7:35850]


If a company has a block of public IP's assigned to them via their ISP, and
that ISP goes out of business, can a company transfer those IP's to a
different ISP?  I don't think so, but maybe I'm wrong.

--
RFC 1149 Compliant.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35856&t=35850
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: China/Cisco connection [7:35946]

[Joseph Brunner]

>BTW, does the US government filter access to the internet for it's
employees
>and from it's offices? bet they do!

Don't compare the access US govt employees have @ work, (where our tax
dollars pay the bills) to the access
these same employees have in their homes. The Chinese "government" is not
just blocking its employees 
internet access while on the job, it is limiting free speech in the entire
country. Such an arrogant 
comparison is dangerous. Lets not forget our countrymen who were held
against their will as pow's for
2 weeks last year. China is an oppressive communist dictatorship, hate our
government all you want,
at home you have free reign of the net. 

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Chuck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:35 AM
To: [EMAIL PROTECTED]
Subject: Re: China/Cisco connection [7:35946]


so.

BFD, packets can be sniffed and access to certain sites can be blocked. so
what? nothing new here. We get questions on this list regularly about how to
do it. There are several companies, including but not only Cisco, who make a
lot of money selling content blocking products.

Most things in life can be used for good or evil. The internet is no
different. Corporate and government response to the internet is no
different.

BTW, does the US government filter access to the internet for it's employees
and from it's offices? bet they do!

Chuck


Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36037&t=35946
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MPLS in the Enterprise [7:36670]

[Joseph Brunner]

i was pitched this very thing recently by wcom and qwest.. basically it is
only as secure as your carriers.. if some "f*cks up" and imports something
into your VRF, either a default, another vpn, or whatever you security
is finished.. plug banks are supposed to encrypt over IPSEC, so why bother
running MPLS (come one how much diff-serv can do you on frac T-1's anyway)
if you are just going to IPSEC the packets between pix's or vpn
concentrators
anyway.. MPLS right now for 100 sites, just can't be trusted. I used to work
for ISP's, everyone there was a perp.. trust my vpn security to some loser
ISP.
No thanks

read this

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/mxinf_ds.htm



Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 27, 2002 12:24 PM
To: [EMAIL PROTECTED]
Subject: MPLS in the Enterprise [7:36670]


Okay, I'm about to show how clueless I am when it comes to MPLS

I've been getting calls from multiple providers lately all trying to
suggest that I migrate our 100-site frame relay network to their MPLS
network, suggesting that we'll have any-to-any connectivity and the
ability to prioritize traffic classes within the MPLS network.  

Are any of you doing something like this?  I'm going to read up on it
but I'm having trouble visualizing it.  Does this basically turn our
network into a giant multipoint network?  Do our branch routers need to
be aware of MPLS or do providers make this transparent somehow?  How
does this affect routing?

It seems that if we have any-to-any connectivity then the branch
routers don't even need to run a routing protocol; every router would
have one exit point to get to any destination.  But, how would the MPLS
cloud know where to route packets?  The more I think about it it seems
like our branch routers would have to participate in MPLS to provide the
necessary destination info for the MPLS cloud.

See how clueless I am?  Ugh...  Time to do some studying on this. 
Since we already do a little video conferencing over IP and are working
on getting VoIP working, it might be beneficial to get away from the
frame relay network.  But since I don't understand this new technology,
I don't know if it's  a viable solution for us or not.

Off to CCO I go!

Thanks,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36672&t=36670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

re: Cisco Wireless Cert [7:36794]

[Joseph Rago]

Hello,

   I was thinking about taking the cisco wireless cert. Does anyone
   have any ideas on where i can get some documentation in order to
   prep for the exam. Cisco's CCO has a long and boring CBT.


   Thanks Joe Rago




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36794&t=36794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco CPU [7:36765]

[Joseph Brunner]

Target[2621_cpu]:
1.3.6.1.4.1.9.2.1.57.0&1.3.6.1.4.1.9.2.1.58.0:@
MaxBytes[2621_cpu]: 100
AbsMax[2621_cpu]: 100
Options[2621_cpu]: gauge,nopercent,growright
Unscaled[2621_cpu]: dwmy
YLegend[2621_cpu]: Utilization
ShortLegend[2621_cpu]: %
LegendI[2621_cpu]:  1 Min:
LegendO[2621_cpu]:  5 Min:
Legend1[2621_cpu]: AvgBusy 1 Min
Legend2[2621_cpu]: AvgBusy 5 Min
Title[2621_cpu]: 2621_Kansas Router CPU Utilization
PageTop[2621_cpu]: 2621_Kansas Router CPU Utilization


Target[2621_mem]:
1.3.6.1.4.1.9.9.48.1.1.1.5.1&1.3.6.1.4.1.9.9.48.1.1.1.6.1:@
MaxBytes[2621_mem]: 15365292
Options[2621_mem]: gauge,nopercent,growright
Unscaled[2621_mem]: dwmy
YLegend[2621_mem]: Memory Used
ShortLegend[2621_mem]: Bytes
LegendI[2621_mem]:  Used
LegendO[2621_mem]:  Free
Legend1[2621_mem]: Memory Used
Legend2[2621_mem]: Memory Free
Title[2621_mem]: 2621_Kansas Memory Utilization
PageTop[2621_mem]: Memory Utilization of 2621_Kansas Memory



CPU = Just go with 100%

MEMORY is router specific..

telnet to the router and do show mem.. if i found 

MIT_CORE_1>sh mem
HeadTotal(b) Used(b) Free(b)   Lowest(b)
Largest(b)
Processor   62298CE090600224 48963288570389685493368
85631408
  I/O790 7340032 2273784 5066248 5041504
5066012


90600224 would be my maxbytes for mem. I use Processor mem in my mrtg
configs.. because i think the other
parts of my memory in I/0 are reserved for IOS and shouldn't be counted..
plus the OID only concerns processor
memory.



 

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Richard Tufaro [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 27, 2002 11:02 PM
To: [EMAIL PROTECTED]
Subject: Cisco CPU [7:36765]


Hey guys..a little off topic but where is the BEST place to find out how to
install and configure Cisco CPU and Memory stats with MRTG. I get to somix
and the MIB's but what do i do with them?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36769&t=36765
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT Support Passing Score [7:37113]

[Joseph Brunner]

100%, anything less, john chambers puts your name in a database that
prevents you from
working on his equipment for 10 years.

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: john jones [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 03, 2002 6:20 PM
To: [EMAIL PROTECTED]
Subject: CIT Support Passing Score [7:37113]


All,

What's the passing score for the 640-506 support exam.

Thanks,

John

__
Do You Yahoo!?
Yahoo! Sports - sign up for Fantasy Baseball
http://sports.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37116&t=37113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Pix NAT - Two to one [7:37179]

[Joseph Brunner]

pix will respond with error if you do more than 1 static command (specify
more than one
public > private translation, using the static command). Pix dosent offer
"extendable" either

(im running 6 train on the pix)

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 3:52 PM
To: [EMAIL PROTECTED]
Subject: RE: Pix NAT - Two to one [7:37179]


On a cisco router, you use the Extendable command.  not sure about the pix.

-Original Message-
From: Gaz [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 3:07 PM
To: [EMAIL PROTECTED]
Subject: Pix NAT - Two to one [7:37179]


Hi all,

Has anybody tried NAT'ing two outside addresses to one internal (DMZ)
address on the same port (80) in some way.
Not too difficult to get round, as I can get the DNS of one site changed and
use the single address outside to single inside.
The advantage would be that when the web sites are separated, to two
machines inside, I would like to be able to change the pix settings
immediately rather than change DNS and wait a couple of days for DNS to
propagate.
I'm sure there may be some simple way of doing it, but I couldn't find it
whilst playing about today.

Any ideas welcome.

Thanks,

Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37200&t=37179
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: strange problem [7:37359]

[Joseph Brunner]

David Letterman's top 10 reasons this customer can't browse the internet:

10) PPP - Pre-Historic Pathetic Protocol

9) ISDN - Inferior Service for Dinosaur Networks

8) DNS - Dosent' networking Suck

7) ACL - Adamantium Cisco Locks

6) RIP - Rest In Peace (V2 also)

5) BGP - Big Geek Past-time

4) NAT - Non Acceptable Timeouts ?

3) PING - Please Investigate News Groups 1st !

2) CBAC - Can't Browse ? Ask Cisco

1) TAC - Try Accepting Counseling  



Ping first by name, if it does not resolve to ip, try nat settings... if it
does resolve
try telnetting to something external.. 

next check ie settings..  make sure they dont have a proxy set or something.

Post config here.






""kaushalender""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi group
>
> I am facing strange problem one of customer whom we have given 128Kbps
> linkand connected on ppp ecapsulation. They r not able to browse the
> website.When i did traceroute and ping it was working fine and customer
> is able to reach the internet .But when i typed www.yahoo.com in the
> browser the browser was respoding "website found waiting for reply " and
> it keeps on waiting .Can somebody can help me in identifing that why
> http request is dieng or geting killed




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37368&t=37359
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

re: wireless cert [7:37574]

[Joseph Rago]

Has any one taken the cisco wireless cert exam. If yes, what study material
did you
 use. Is there anything besides the presentation on Cisco's CCO.

  Thanks Joe R.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37574&t=37574
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

unicast flooding:question [7:37609]

[E Joseph]

I have a scenario I wanted to bounce of the group.  I
never really thought about this before, just wanted to
confirm what Im thinking is correct.  By default I
think a Cisco router maintains an ARP entry for 2
hours, at which time if its not been used it ages out.
In a Cisco switch however cam entries age out in a
much shorter rate, I think 10 minutes.  On that note
can't you get unicast flooding as a result of this?? 
Because the cam entry for a device has disappeared and
the directly attached router still has an Arp entry?? 
Wont packets destine for that device from another Vlan
still be sent to that network and get unicast
flooded???  (A switch floods a packet when it doesnt
not have a cam entry for it, if the device is shut off
the cam isnt going to come back)  This could be fixed
by a clear Arp but unless I'm missing something it
seems what I stated above would happen, and could
happen regularly  for up to a 2 hour period ??  

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37609&t=37609
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cat 6505 Error Message [7:37543]

[E Joseph]

Is it possible that somehow when it rebooted it came
up on a older code rev?? (ie: multiple images in
bootflash) I know depending on the gig mod you need a
certain code rev to support it.  Not sure what you get
if your running code prior to that first supported
rev



--- Mark Odette II  wrote:
> I've never seen anything like this myself, but...
> 
> If it is not considered "Production" yet, why don't
> you just power the whole
> switch down, re-seat the GIG line card, and then
> power it back up?!?
> 
> Of course, make sure you are console connected so
> you can watch the boot
> process.
> 
> Aside from that, I would think that maybe you should
> look at your SmartNet
> contract and call TAC for a possible replacement
> (and start watching the
> rest of the switch for possible further power
> damage.
> 
> Mark
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Fraasch James
> Sent: Thursday, March 07, 2002 9:56 AM
> To: [EMAIL PROTECTED]
> Subject: Cat 6505 Error Message [7:37543]
> 
> 
> I swear I get more error messages on my stuff than
> anyone! I must have that
> magic 'static' toouch or something!
> 
> So here is the problem: I have a 6506 hooked up with
> both power supplies
> plugged in and everything says 'green'- everything
> except module 6 which is
> a 16 port gigabit card.  It was working and I was
> pinging all downstream
> switches as of Tuesday afternoon.  I noticed in Show
> Version that somehow
> the switch was rebooted on Tuesday night (I think it
> lost power and since it
> is not quite production it is not yet plugged into a
> UPS).  Well, since the
> reboot, module 6 has been unable to register. I get
> the error message:
> SYS-5-MOD_NOREGISTRATION: No registration received
> from module 6...resetting
> module.
> 
> Cisco website doesnt say much on the topic except
> that the module will be
> rebooted until it registers...but it never
> registers.  So I guess the
> questions I have are 1) Has anyone ever seen this
> before, and 2) Could it be
> related to power problems?
> 
> Thanks for any help.
> 
> James
[EMAIL PROTECTED]


__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37612&t=37543
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab - San Jose [7:37444]

[Joseph Brunner]

MOTEL 6 - SAN JOSE AIRPORT, CALIFORNIA  #1007, San Jose, CA US 101/Bayshore
Freeway at the 1st Street exit Ph: (408) 436-8180 

(its by a car rental place and accross the fwy is a hyatt..

used to live there at that hotel... :)

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Hire, Ejay [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 2:52 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Lab - San Jose [7:37444]


There is a $50/night motel 6 with a denny's in the parking lot that is
okay.I can't remember the name of the street it's on, but it's only about 2
mi. from the hq.

-Ejay

-Original Message-
From: timothy thielen [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 12:57 PM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Lab - San Jose [7:37444]


If you test date is a long way off, or you are close by, start walking now. 
Remember to pack food and supplies for cold and warm weather.  Also, a rain
poncho may be wise.

Carry or search for a cardboard box (the only approved Homeless/bum shelter
approved for use within San Jose).  Find a space to sleep either near the
cisco compound or near a light-rail station.

Transportation from Box to Cisco:  Take the light-rail.  USUALLY nobody will
even check for a ticket.  If the transit police DO check, at least you have
a better place to sleep tomorrow night.

Seriously, though, things are not cheap in San Jose. BUT, the do have an
abundance of Starbucks Coffee Installations, where jack-booted
Caffiene-Nazi's are likely to force you to consume the People's Drink.

--Tim


James wrote:
> 
> Hello,
> 
> I hope to get some advice from those who attempted the
> lab in San Jose. I have a lab scheduled soon and hope
> that someone can let me know where to stay at the best
> rates, travel arrangements from hotel to Cisco, etc..
> any information is greatly appreciated.
> Thank you
> 
>  
> 
> __
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37591&t=37444
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cat 2950-24 [7:37374]

[Joseph Brunner]

Moreover, the 6509 complains (cat-os) if it hears BPDU's on a port
configured for Portfast . That port 
is automatically, immediately disabled. 

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Mike Mandulak [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 06, 2002 9:11 PM
To: [EMAIL PROTECTED]
Subject: Re: Cat 2950-24 [7:37374]


The portfast command does not turn STP off. The following is from CCO:

Cisco added a feature named "portfast" or "fast-start," which means the STP
for this port will assume that the port is not part of a loop and will
immediately
move to the forwarding state, without going through the blocking, listening,
or learning states. This command does not turn STP off. It just makes STP
skip a few
(unnecessary in this circumstance) steps in the beginning on the selected
port.

Note: The portfast feature should never be used on switch ports that connect
to other switches, hubs, or routers. These connections may cause physical
loops
and it is very important that spanning tree go through the full
initialization procedure in these situations. A spanning tree loop can bring
your network down. If portfast
is turned on for a port that is part of a physical loop, it can cause a
window of time where packets could possibly be continuously forwarded (and
even multiply) in
such a way that the network cannot recover.

- Original Message -
From: "Elijah Savage" 
To: 
Sent: Wednesday, March 06, 2002 10:56 AM
Subject: RE: Cat 2950-24 [7:37374]


> From my knowledge if you use this command (spanning-tree portfast) on a
> switch port it actually disable spanning tree for that port you should
> only do this if pc's are connected. So if you enable portfast you
> disable spanning tree for that port, if you disable portfast you enable
> spanning tree for that port.
>
> What this does with it enabled and a pc connected to it, it will keep
> the port from going through all the spanning tree phases you know like
> learning, listening, blocking etc it will take the switch 60 seconds to
> figure all this out before it starts passing traffic to that port. If
> portfast is enabled then it does not go through those phases and will
> only take approximately 3 seconds before traffic is passing according to
> Cisco. Someone please correct me if I am wrong here or missed something.
> Hope that helps
>
> www.digitalrage.org latest in Technical News and HowTo's
> www.digitalrage.org/phpBB Discussion Forums
>
>
> -Original Message-
> From: Cebuano [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, March 06, 2002 7:21 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Cat 2950-24 [7:37374]
>
> You don't disable STP on the port to the PC because
> STP is only run between Layer2 devices.
> I believe you are referring to PortFast.
>
> Elmer
>
> - Original Message -
> From: "Brian"
> To:
> Sent: Wednesday, March 06, 2002 2:34 AM
> Subject: Re: Cat 2950-24 [7:37374]
>
>
> > If you connect a computer to a switch port, it takes spanning tree a
> bit
> to
> > allow traffic to pass.  If this is an individual host being connected,
> you
> > could try disabling spanning tree on the port..
> >
> > Bri
> >
> > - Original Message -
> > From: "Ismail Al-Shelh"
> > To:
> > Sent: Tuesday, March 05, 2002 10:44 PM
> > Subject: Cat 2950-24 [7:37374]
> >
> >
> > > Dear all
> > > We have Pc with 3Com 3c90x-Tx 10/100 Network Card.  This PC is
> installed
> > > with Dos 6.22 Operating System.  We used to connect this to our 3com
> > > Switch1100 with the dos driver provided by 3Com.  The sequence of
> loading
> > > the 3com driver to connect to 3com Switch1100 is as follows:
> > > LSL.COM
> > > 3C90X.EXE
> > > IPXODI.COM
> > > NETX.EXE
> > > F:
> > > LOGIN
> > > This is in a batch file and when we run the batch file it will
> connect
> > > immediately.
> > > The problem I am facing while connect to CISCO CATALYST 2950-24 port
> is
> > that
> > > If I am
> > > running the same batch file it will not connect.
> > > I have to load the LSL.COM first and port on switch to which this
> computer
> > > is connected will be in Green color. But When
> > > I will load 3c90x.exe immediately the port on the switch color
> becomes
> > > amber.
> > > I have to wait for 1 to 1.5 minutes for the port color to become
> green
> > > and after that if load IPXODI.COM and NETX.EXE then it will connect.
> > > I can see this because I am sitting in front 

RE: concentrator 3000 vs. checkpoint vpn [7:37474]

[Joseph Brunner]

The checkpoint is the black sheep of the industry. It is a poorly
documented, un-intuative, overly licensed 
B.S. interface. The checkpoint where I used to work (nokia IP 440) reminded
me of this cartoon with porky pig
and daffy duck. Porky pig gets a hotel room for .10Cents. The mouse comes
and starts chewing celery so he can't
sleep. Then daffy wants like $10 for a cat to get rid of the mouse. Then the
cat keeps him from sleeping
so daffy wants $20 for a dog to get rid of the cat, and its goes all the way
till an elephant to get rid of a
lion for several hundred dollars. And guess what gets rid of the elephant,
(now taking up all the space in his
hotel room) ? You guessed it a MOUSE !. Moral of the story, they string you
along with different answers on each
call (so issues just go in circles), the licenses make the product too
expensive, while not as good at VPN tunneling 
as a Cisco VPN Concentrator, which comes with 100 USERS for only around $4K.
The Checkpoint is garbage. Avoid it 
at all costs. Long live Altiga (Cisco) VPNs.

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice




-Original Message-
From: ""[EMAIL PROTECTED] [mailto:""[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 2:18 AM
To: [EMAIL PROTECTED]
Subject: RE: concentrator 3000 vs. checkpoint vpn [7:37474]


I've worked with the 3000 concentrator but not with the Checkpoint.  The
3000 is very user friendly and easy to use.  You have to do minor
configuration via console and then you're off with the web interface which
is very simple to use.  I can't make a recommendation for which you should
buy but the Cisco products always make me happy.  I've set up a vpn tunnel
from a cisco router to a checkpoint firewall and it seemed like the person
on the configuring end of the checkpoint had a lot of problems with
upgrading software and technical support but that may have been a one person
scenario. I can't say for sure.

Jason

-Original Message-
From: Colin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 8:03 AM
To: [EMAIL PROTECTED]
Subject: Re: concentrator 3000 vs. checkpoint vpn [7:37474]


I haven't used both but I had to reply. I had set up a CheckPoint 
SecuRemote VPN, the VPN package that came with CP 2000 on a Nokia box 
and I have to say, it's not worth the hassle. CP tossed in the VPN 
component as a selling point so they could say, "Hey our firewall does 
it all".  I should also mention that their documentation on getting 
SecuRemote up and running is sad, if not almost non-existent.

Colin

Alex Lei wrote:

> Group,
> 
> Has anyone used both concentrator 3000 and checkpoint vpn (either software
> or hardware)? What are each's advantages and disadvantages? I am
interested
> in the following factors: Ease of installation and configuration,
security,
> manageability, reporting and logging, scalability, and pricing. I've
> searched the archives but couldn't find any real world advices.
> 
> Thanks,
> 
> Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=37592&t=37474
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: nter-Vlan routing [7:38088]

[Joseph Brunner]

Were you able to specify encapsulation ISL/DOT1Q on the router? You still
need to be able to understand
the trunked VLANS being received on 1 physical connection, using the same
encapsulation as the switch.
I think you need the PLUS/ENTERPRISE Feature set, hence more dram/flash. A
valid configuration, puts
ip addresses and specifies encapsulation per sub-if, and each each sub-if is
assigned a vlan #.

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 13, 2002 10:10 AM
To: [EMAIL PROTECTED]
Subject: RE: nter-Vlan routing [7:38088]


You don't need the IP+ feature-set to route VLAN's.  I just tried creating a
sub-interface off of the FE on one of our 2621's running 12.1.5 IP, and it
let me.  That's the only requirement.

Kelly Cobean, CCNP, CCSA, ACSA, MCSE, MCP+I

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
colin newman
Sent: Wednesday, March 13, 2002 4:59 AM
To: [EMAIL PROTECTED]
Subject: nter-Vlan routing [7:38088]


Hi

In order to do Inter-Vlan routing with a 2620, do I need IP Plus IOS?

If the IOS does indeed need to be IP Plus, I will have to add more DRAM to
the 2620. Currently the router has a 32M module of DRAM.  Can I just add
another module into the second slot  - is it that easy?  Any gotchas I
should be aware of?

Thanks

Colin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38103&t=38088
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Jr. CCIE Ad on Dice [7:38034]

[Joseph Brunner]

Every headhunter does that.. i used to be one.. lie lie lie on the phone to
hiring managers, candidates.

You ask candiditates who have they interviewed with, so you can call that
manager and push different
candidates, you feel are worth more money (to up your % fee thats paid) and
you ask managers who they have been
interviewing so you can badmouth that candidate, to get one of yours in.

That is the business. EVERY HEADHUNTER does this.

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 14, 2002 10:14 AM
To: [EMAIL PROTECTED]
Subject: RE: Jr. CCIE Ad on Dice [7:38034]


Atlantis Partners is just a bad company all around, from what I can
tell.   Here in Denver they post fake job openings just to get people to
send in resumes to fill their databases.  I couldn't believe it when I
discovered that they did this.  Why would anyone use a company that does
stuff like that??

John

>>> "Sean Knox"  3/13/02 3:02:29 PM >>>
I would say it's a sign that recruiting firms, such as Atlantis, don't
have
a clue, as it has always been.

- Sean

-Original Message-
From: Tarek Sabry [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, March 12, 2002 6:27 PM
To: [EMAIL PROTECTED] 
Subject: RE: Jr. CCIE Ad on Dice [7:38034]


This is really funny :)

I don't think it's a sign that the industry doesn't acknowledge CCIEs
as
all-round experts anymore (hopefully not anyway!) I think the word
"junior"
is just to justify the relatively low salary range they're offering
(in
California).

Tarek

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Ken Diliberto
Sent: Tuesday, March 12, 2002 7:42 PM
To: [EMAIL PROTECTED] 
Subject: Jr. CCIE Ad on Dice [7:38034]


This is good for a laugh.  They are looking for a junior CCIE.

http://www.dice.com/DandL/c/cxapga.35951.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38242&t=38034
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISL Trunking from a h/w's perspective [7:39246]

[Joseph Brunner]

"Danny Andaluz, CCNP" - 

It will work. did it on a 2611. Ci$co, won't support it and obviously they
want you to buy more
expensive 100 Mbps ports/routers (even if my total of 4 vlans uses 1mbps)

Why do you believe everything cisco tells you ?  Most of their tech docs
were written by people that
have never had beyond level 1 on a production router. Would you take make
out advice from the loser geek
virgin ?  Business advice from Enron ? 

"You must unlearn what you have learned." - yoda 

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice


-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 11:08 PM
To: [EMAIL PROTECTED]
Subject: Re: ISL Trunking from a h/w's perspective [7:39246]


I don't know what else you want me to do to prove it.  This was true at one
time but
it has changed.  I have personally not tried this config and seen it work
but if I have
some time on Monday I'll confirm whether or not the 3660 will do as
advertised.

  Dave

"Danny Andaluz, CCNP" wrote:

> no you can't.  I got straight from cisco that they have to be 100 meg
> full-dux interfaces.
> ""MADMAN""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Actually on some platforms with the right IOS you can trunk 10 meg
ports:
> >
> > C3660B(config)#inter e2/0.1
> > C3660B(config-subif)#encap dot1 1
> > C3660B(config-subif)#
> >
> >   Dave
> >
> > danny wrote:
> >
> > > The router's ethernet must be 100 full dux.  You configure
subinterfaces
> on
> > > the ethernet.  a trunking protocol must be configured on each sub with
> the
> > > corresponding vlan #.  The router will route between Vlans.
> > >
> > > Hope this helps.
> > >
> > > Danny
> > > ""George Siaw""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Thanks for all your responses.
> > > >
> > > > One last question though. For external router, routing between vlans
> if
> > > > I have just one FastEthernet interface on the router can I route
> between
> > > > vlans?
> > > >
> > > > George.
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
> Of
> > > > Scott H.
> > > > Sent: 23 March 2002 00:53
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: ISL Trunking from a h/w's perspective [7:39246]
> > > >
> > > > The only time the SC0 interface comes into play is for telnet into
the
> > > > box.
> > > > If you have any 100 MB ports on your switch, you can run trunking.
> > > >
> > > > set trunk (mod/port) on isl
> > > >
> > > > If this trunk is running into a router, you need to create the
> > > > subinterfaces
> > > > on the router to enable routing between VLANS.
> > > >
> > > > int fa1/0.100
> > > > ip address (the subnet of the vlan)
> > > > encap isl (the vlan #)
> > > >
> > > > HTH,
> > > > Scott
> > > >
> > > > ""George Siaw""  wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > Do I need an Sc0 port when routing between Vlans? However, there's
> no
> > > > > uplink module on neither of my supervisor engines. Would you know
a
> > > > s/w
> > > > > work around without having to buy the module?
> > > > >
> > > > > George.
> > > > >
> > > > > -Original Message-
> > > > > From: Larry Letterman [mailto:[EMAIL PROTECTED]]
> > > > > Sent: 23 March 2002 00:17
> > > > > To: George Siaw; [EMAIL PROTECTED]
> > > > > Subject: RE: ISL Trunking from a h/w's perspective [7:39246]
> > > > >
> > > > > You dont have to configure SC0 interface to do isl or dot1q. Its
> only
> > > > > needed
> > > > > for management, telnet etc...
> > > > >
> > > > >
> > > > > Larry Letterman
> > > > > Cisco Systems
> > > > > [EMAIL PROTECTED]
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Beha

VPN issues [7:40064]

[Joseph Carr]

Well, I am having some trouble with VPN sessions getting 
disconnected. I have a Cisco VPN 3005 at the main office that 
sits in the DMZ zone of a Cisco PIX-515-R and at the remote 
end I have a Sonicwall ProVX that VPNs into the VPN 
concentrator. We are using IPSec Lan-to-Lan IKE-3DES-MD5 for 
the tunnel and have no trouble establishing a connection. But 
after a few day the Sonicwall disconnects from the VPN and 
the only way to get it to reconnect is to logout the session 
on the VPN concentrator. Also the syslog output from the 
concentrator says key exchange is failing and on the log for 
the Sonicwall it indicates that it is not getting a response 
from the remote end. What can I do to prevent this from 
happening?

Thanks,
Joe Carr
MCDBA, CCDA, CCNP, CCIE (written)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40064&t=40064
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

re: voip em [7:40225]

[Joseph Rago]

I have two 2610 routers, one in new york and one in miami

These two routers are connected to pbx via e/m cards.
When a call is initiated from miami, a ring back tone is heard before the
user picks up the phone.
However, when the call is initiated from new york, no ring back tone is
heard


 Any suggestions would be appreciated

 Joe R.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40225&t=40225
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: AS-Path Filtering in Confederations? [7:40249]

[Joseph Brunner]

ip as-path access-list 1 deny _65001_

outbound from 65002 towards 65003 dosent work ?

have you tried both route-map match as-path 1 and
neighbor 1.1.1.1 filter-list 1 out ? (not at the same
time of course :)

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice


-Original Message-
From: William Lijewski [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 02, 2002 6:11 PM
To: [EMAIL PROTECTED]
Subject: AS-Path Filtering in Confederations? [7:40249]


Can you filter out certain confederations (in the main AS) using AS-Path
access-lists?  I don't think that it's possible since they are technically
in one big main AS.  I have also tried it to no avail, but the thing that
makes me think it may be able to be done is if I do a show bgp regexp ^$ it
shows just my routes local to my confederation, not anyone elses.  I've
looked on CCO without any luck.

Can someone tell me if this is possible or not?

Thanks.

Example:

(65001) - (65002) - (65003)

I want to filter so that confederation 65003 does not see any routes that
originated in confederation 65001 using AS-Path Access-Lists.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40311&t=40249
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network latency [7:40295]

[Joseph Brunner]

MRTG with PING PROBE SCRIPTS.

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice


-Original Message-
From: Mike Bernico [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 10:06 AM
To: [EMAIL PROTECTED]
Subject: RE: Network latency [7:40295]


I'd also like to get a program like that.  We had to write our own, but I'm
sure an outside company could do a better job.

Mike

---
Mike Bernico [EMAIL PROTECTED]
Illinois Century Network  http://www.illinois.net
(217) 557-6555


> -Original Message-
> From: Michalis Palis [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 03, 2002 12:09 AM
> To: [EMAIL PROTECTED]
> Subject: Network latency [7:40295]
> 
> 
> Dear all
> 
> I am looking for a goot tool to measure network
> latence and packet loss. Any idea?
> 
> __
> Do You Yahoo!?
> Yahoo! Tax Center - online filing with TurboTax
> http://taxes.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40360&t=40295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: FIXUP PROTOCOL ON PIX 515 [7:40577]

[Joseph Rago]

Hi can anyone tell me in non technical terms what the fixup protocol is
used for
 on a pix 515. Do i need to specify a fixup protocol number for all
applications used.
 Right now i am able to citrix into a server on my DMZ and i do not have a
fixup protocol
 statement defined for citrix ports.

  Thanks Joe Rago




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40577&t=40577
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trace failure indication [7:12191]

[Joseph Higgins]

This problem shows up on any cisco router that I have tried, about 20
routers. It appears from a debug packet and debug icmp on the final
destination router that the final destination router still has the port open
while it is handling the previous trace probe.  I want to know if anyone can
get this to work correctly and if not where is this normal error indication
documented.  Following is a trace with a probe count of 15.  I have included
the debug output from the destination router.

termsvr#trace
Protocol [ip]:
Target IP address: 192.168.10.2
Source address:
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]: 15
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 192.168.10.2

  1 192.168.10.2 16 msec *  20 msec *  20 msec *  20 msec *  20 msec *  20
msec
*  20 msec *  20 msec
termsvr#  


Result of debug packet and ICMP on 192.168.10.2

01:26:14: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:14: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:14: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:14: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:17: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:17: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:17: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:17: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:20: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:20: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:20: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:20: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:23: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:23: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:23: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:23: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:26: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:26: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:26: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:26: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:29: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:29: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:29: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:29: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:32: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:32: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:32: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
01:26:32: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:35: IP: s=192.168.10.1 (Serial0), d=192.168.10.2, len 28, rcvd 0
01:26:35: ICMP: dst (192.168.10.2) port unreachable sent to 192.168.10.1
01:26:35: IP: s=192.168.10.2 (local), d=192.168.10.1 (Serial0), len 56,
sending
r1#


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12244&t=12191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Trace failure indication [7:12191]

[Joseph Higgins]

Even the example at http://www.cisco.com/warp/public/105/ext_ping_trace.html
shows this failure but provides no explanation.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12246&t=12191
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Used Rack [7:15897]

[Joseph Magann]

More specifically
http://www.musiciansfriend.com/ex/shop/bv/specials/010820062909065227199184438233?pid=450238

but also look at
http://www.musiciansfriend.com/ex/shop/bv/specials/010820062909065227199184438233?pid=450065

and
http://www.musiciansfriend.com/ex/shop/dj/010820062909065227199184438233?pid=540150

"Justin M. Clark" wrote:

> try musiciansfriends.com  they have a 8U rack for $19.
>
> ""Ray Smith""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Anyone with a used 19" Network Rack in good condition to unload at a
> > reasonable price, preferable in the New York/NJ area for the purpose of
> > saving on shipping & handling?  Thanks
> >
> > _
> > Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp

[GroupStudy.com removed an attachment of type application/x-pkcs7-signature
which had a name of smime.p7s]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=16546&t=15897
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE One Day Lab FAIL [7:27029]

[Joseph Ezerski]

For those that finished with an hour or so to spare, do you mind posting
what your estimated typing speed is?  I know it sounds funny, but I work
with someone who can type 120 words a minute and it seems to make all the
difference in a tight time situation like the lab.

Thanks in advance,

-Joe

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
McCallum, Robert
Sent: Tuesday, November 20, 2001 5:45 AM
To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail); George; Kev;
kevin; sandra; sandra1; Warren
Subject: CCIE One Day Lab FAIL


O.k.  I sat the exam last week and failed but by not a lot.  Silly mistakes
killed me.  For those of you who have still to experience the one day lab
then please read ahead.

Mostly everyone on this list stated that there was no time to do the lab or
check anything.  I found this to be so untrue it was unreal.  Most people on
the lab finished with an hour to go and I had more time than this to check
and try to get the annoying things that didn't work to work (although I
failed to get two things working)... So from that, my advice is if you are
stuck on something, move on and work your way through the workbook.  Once
you get to the end you should have plenty time to fix (if you can) the
problems you left.

>From my experience of Brussels everything was there.  The proctors turned up
when they should, answered any questions you asked, there were icons for
each element you had to configure, there was paper, there were pens,
pencils, sharpeners and erasers.  Lunch was horrible although I don't think
anyone was to bothered about lunch, so if you are a person who cannot go
without lunch bring a packed lunch with you (just don't put your answers in
your lunch box !!).

All in all enjoy the experience and READ the questions (even the smallest
detail).  I am resetting in Feb next year and I reckon the pressure will
really be on then.  Most people fail 1st time anyway is what I can say this
time but next time ??

Robert McCallum
Ext 730 3448
DDI : 01415663448
Mobile : 07818002241




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27029&t=27029
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Ebay question [7:32808]

[Joseph Slawinski]

I used that seller before on ebay.  I purchased a few token ring hubs from
them.  They were very prompt and easy to work with.

Joseph J. Slawinski
AT&T Global Networks
Network Technician
CCNP,CCNA,A+,Apple,HP,Canon


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=32937&t=32808
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Token Ring DB9 to RJ45 connector [7:33060]

[Joseph Slawinski]

You will need a token ring media filter which has a DB9 connector on one
end, and an RJ-45 connector on the other.  The media filter basically
"filters" out noise on UTP cables.  A picture of one is listed in the link
below.

http://www.pulsewan.com/rad/mf3.htm

Hope this helps,
Joseph J. Slawinski
AT&T Global Networks
Network Technician
CCNP,CCNA,A+,Apple,HP,Canon


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33297&t=33060
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Router problem inserting into token ring [7:33304]

[Joseph Slawinski]

I am having a problem I know most of you folks could help me with.  I have
two 2502 routers and two token ring hubs.  The hubs are "dumb hubs," they
have no network management capabilities.  They don't even have external
power supplies.

The problem is I am able to hook up my computers to the hubs, the token ring
cards will automatically attemt to insert themselves into the rings on the
hubs.  The relays light up every 15 seconds, so I know that is working ok.

My problem is, I am unable to configure the routers to insert themselves
into the ring.  I have experience connecting hubs with network management
modules into routers with no problems, but I somehow can't find a way to
configure the routers to attach to these "dumb hubs."  I know that I'm
missing something key here.  I was thinking maybe the media filters I am
using are defective, but I can't be sure.

I know this question may sound dumb, but I have nowhere else to turn.

Thank you in advance for your help,
Joseph J. Slawinski
AT&T Global Networks
Network Technician
CCNP,CCNA,A+,Apple,HP,Canon


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33304&t=33304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router problem inserting into token ring [7:33304]

[Joseph Slawinski]

I have checked the ring speed, its the same on the token ring cards and the
router.  The hub doesn't have a setting for ring speed though.

Author: Charles Manafa (---.blueyonder.co.uk)
Date:   01-26-02 17:26

Have you checked the ring speed? 

CM 
- Original Message - 
From: "Joseph Slawinski"  
To:  
Sent: Saturday, January 26, 2002 8:26 PM 
Subject: Router problem inserting into token ring [7:33304] 


> I am having a problem I know most of you folks could help me with. I have 
> two 2502 routers and two token ring hubs. The hubs are "dumb hubs," they 
> have no network management capabilities. They don't even have external 
> power supplies. 
> 
> The problem is I am able to hook up my computers to the hubs, the token 
ring 
> cards will automatically attemt to insert themselves into the rings on the 
> hubs. The relays light up every 15 seconds, so I know that is working ok. 
> 
> My problem is, I am unable to configure the routers to insert themselves 
> into the ring. I have experience connecting hubs with network management 
> modules into routers with no problems, but I somehow can't find a way to 
> configure the routers to attach to these "dumb hubs." I know that I'm 
> missing something key here. I was thinking maybe the media filters I am 
> using are defective, but I can't be sure. 
> 
> I know this question may sound dumb, but I have nowhere else to turn. 



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33322&t=33304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router problem inserting into token ring [7:33304]

[Joseph Slawinski]

The MAU's speed cannot be changed, so I am guessing this is controlled
between the token ring cards and the router, (they have to negotiate
together).  The 15 second blinking of the port light on the MAU is only when
one PC is attached.  I used this as an indicator to prove that the ports
were working properly.  When both PC's are connected to the MAU, the lights
stay on because there is at least two devices that have created the ring.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33326&t=33304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Limit access to serial link to four users [7:33306]

[Joseph Brunner]

see comments below

-Original Message-
From: Gaz [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 26, 2002 3:51 PM
To: [EMAIL PROTECTED]
Subject: Limit access to serial link to four users [7:33306]


>Hi all,

>I'm after some ideas if you'd be so kind :-)

>A 2Mb link being used mainly for streaming media has about 15 potential
>users. The task is to limit the number of users at any one time to four, so
>they have half a Mb each (ish).

All 15 @ once may be able to watch this stream. you should run a test to
determine if this is a 300kbps, (DSL cable stream) or a 150Kbps "T-1"
stream. if you go to Abcnews.com or somesites to watch video, they
expect corporate users to choose a T-1 stream, because they run on a 
business line which is not exclusively for the streaming.

What I would do is ask people to choose the lower res stream, and enforce
this with an aggresive car / traffic shaping policy. It would be nice
if this stream uses layer 4 characteristics which will make it easy to 
classify and apply policy to, however assuming it uses a protocol you 
don't wish to delay (like tcp 80, http), you can always use car to limit
per ip bandwidth for your 15 potential users, this would easiest if their
ip's were in a neat little /28 range)


>My initial idea, which I must admit, I dont think is such a good one is to
>set up a NAT pool of four addresses, and drag the translation timeout down
>to about a minute (yet to be tested), so that the first four users to pass
>traffic will be translated and allowed through, but after that, they'll
have
>to wait.

this can work.. however every minute it would get kicked.. not cool if the
stream is long. (you can make sure the potential users are in a specific
range
and then make a route map, keeping the hosts in their own nat pool, unless
your potential users are your only users.

>I'm off to look at something like TACACS to see if I can control network
>authorization by number of users (shot in the dark).

>No equipment in place yet, so we have a clean drawing board.

>Anybody have any neat ideas please!!


Thanks,

Gaz




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33313&t=33306
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP and one backup link [7:33433]

[Joseph Brunner]

Sometimes As prepending won't work.. your best bet is to telnet
to route-views.oregon-ix.net (public route server) and do a show ip bgp with
your
as # (then you will know who is using your prepended path to get there. Most
likely 
one peer of your backup link providers, sets local pref or metric
on a private peering arrangement, thereby nullifying your prepends.
Unfortunately 
there is nothing you can do.. if you were a hi-cap T-3 or larger customer,
they
might traffic engineer this for you.

Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax



-Original Message-
From: Alejandro Acosta [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:36 AM
To: [EMAIL PROTECTED]
Subject: BGP and one backup link [7:33433]


Hi all,
  I have a BGP question.
  In this moment we have one Internet link with just one provider, now, we
have got a second link  just for backup. I mean, we can only use it for 180
hrs per month.
  I can easily manage my outgoing traffic (using local preferece or weight),
however the incomming traffic in more difficult. I added many prepends (9)
in the publication of the second link but there still few traffic on it.
  There is not IBGP between my two providers.

  Any ideas?

Thks in advanced.

Alejandro Acosta




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33441&t=33433
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Port Numbers

[Joseph Padian]

This link should tell you.
http://www.networksorcery.com/enp/default.htm

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CIT questions?

[Joseph J]

Does anyone know what's different between new and old test?

Any suggestion will be appreciated.

Joseph



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: visio template for Cisco equipment

[Joseph J]

David,

I have the same problem as yours.
Q: How many types of CCO account are there?

Joseph

"David Ristau" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a cco account and it's not very helpful, maybe I need
> another type of account ?  I can login to CCO but get auth
> failed when going to this page. heh!
>
>
> Neil Schneider wrote:
> >
> > Fine if you have a CCO acount, otherwise not very usefull.
> >
> > Neil
> >
> > ""McCallum, Robert"" <[EMAIL PROTECTED]> wrote in
message
> >
news:[EMAIL PROTECTED]
> > .uk...
> > > Once again,
> > >
> > > http://www.cisco.com/partner/visio/
> > >
> > > -Original Message-
> > > From: Mike Dang [mailto:[EMAIL PROTECTED]]
> > > Sent: 31 August 2000 15:29
> > > To: [EMAIL PROTECTED]
> > > Subject: visio template for Cisco equipment
> > >
> > >
> > > Hi group,
> > >
> > > I'm using Visio to draw a network topology and just wondering that if
> > > anyone knows where I could find .vsd files for Cisco equipment?  And
> > > how much it would cost?
> > >
> > > Thanks in advance,
> > >
> > > MD
> > >
> > >
> > > __
> > > FREE voicemail, email, and fax...all in one place.
> > > Sign Up Now! http://www.onebox.com
> > >
> > > ___
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> > > ___
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bcran

[Joseph J]

Passing Score: 692  Time: 105 min with 61 Questions.
You can not mark and go back.

""cslx"" <[EMAIL PROTECTED]> wrote in message
8p51lc$7td$[EMAIL PROTECTED]">news:8p51lc$7td$[EMAIL PROTECTED]...
> please tell me the pass score of bcran and the number of the questions of
> bcran
> thanx
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: free book (introduction to network analysis)

[Joseph J]

Try this www.cisco.com/offer/avvid/d877

"Lauren Child" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hiya,
>
> Free book alert and demo CD from network associates on their sniffer
> package.
>
> register here -
>
> http://networkassociates.worldatamail.com/cgi-bin/mail.dll?A282
>
> TTFN
> Lauren
> --
> [EMAIL PROTECTED]   Lauren Child, BSc. CCNP-ATM & CCDP Certified
> http://www.laurenchild.net/  http://www.routerfaq.net/
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: tftp

[Joseph J]

Mag,

It means that "timesout and Out-Of-Order (easy to remember: So many big O)
pakets prevent netbooting. (ftp, tftp, or rcp)"ref: Cisco CIT page 3-49,
50

Joseph

"Magnus Thorne" <[EMAIL PROTECTED]> wrote in message
8B5B58F220FCD311879600508B652072010FC102@ev-cal-ex01">news:8B5B58F220FCD311879600508B652072010FC102@ev-cal-ex01...
> When tftping a new firmware...
>
> ! means good packet
> . means no packet?
> O means ???
>
> thanx,
> -Mag
>
> 
> Magnus Thorne
> eVoice, Inc.
> 1394 Williow Road
> Menlo Park, CA 94025
> Direct: 650.330.3974
> Main: 650.330.3700
> Cell: 650.799.6887
> Fax: 650.330.3901
> 
> eVoice. The best voicemail you can buy is free.
> Sign up at www.evoice.com or call 1.800.GET.EVOICE
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: DR verses BDR IP address

[Jaison Joseph]

DR and BDR listen to 224.0.0.5 but BDR gets 224.0.0.6 multicast also.


regards

jaison



> -Original Message-
> From: Bond Jeffrey MSgt 93 CSS/SCON [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, May 10, 2000 10:56 PM
> To:   Cisco (E-mail)
> Subject:  DR verses BDR IP address
> 
> Can anyone tell me if the DR and BDR both listen to multicast address of
> 224.0.0.6 and all OSP routers use 224.0.0.5.  
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Routing or Bridging?

[Jaison Joseph]

you have to use edge router at the two offices and route the traffic.  

otherwise you may end up with chocking your wan link.

across the wan link switching is not a good practice unless otherwise you
are using MPLS or tag switching.

regards

jaison


> -Original Message-
> From: Kevin Zsenak [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, May 17, 2000 8:10 AM
> To:   [EMAIL PROTECTED]
> Subject:  Routing or Bridging?
> 
> Hello group,
> 
> I am looking for an opinion on whether to use routing
> or bridging in this situation.
> 
> Two offices connected via 128k Frame Relay using only
> TCP/IP protocol.  30 users in one office 10 in the
> other.  There are only servers in the first office. 
> Servers are Win NT.  Workstations are mostly Win 95
> with some NT.
> 
> Would you use routing or bridging to connect them? 
> With a bridge they could all be on the same subnet but
> wouldn't that cause a lot of broadcast traffic on the
> WAN?
> 
> Thanks,
> Kevin
> Newly Minted CCNA
> 
> 
> 
> __
> Do You Yahoo!?
> Send instant messages & get email alerts with Yahoo! Messenger.
> http://im.yahoo.com/
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cat5k 10/100 module: ISL or not ISL?

[Joseph Pinkus]

Use the following command:

show port capabilities mod#/port#

This will display various options for configurations, including the mode
of Trunking supported.

Joe

On Mon, 29 May 2000, Mark Holloway wrote:

> How do you know which modules are ISL capable?
> 
> Thanks,
> Mark
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNA 1.0 & 2.0

[Joseph Kiang]

What's the difference between CCNA 1.0 & 2.0?
When will CCNA 1.0 last exam be?
Which book for CCNA 2.0 is the best, how about CCNA: Cisco Certified Netowrk 
Associate Study Guide, by Todd Lammle?
Moreover, which book is best for CCNP?


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT Re: Snort versus Cisco IDS [7:62939]

[Joseph Malin]

Priscilla,

Snort is very happy running on Windows platforms as well.  I have been
running it as such for a little over a year now in combination with MySQL
and ACID and have been pleased.  The only challenge (which may soon be
resolved) is using multi-processor machines, as the often used packet
capture library 'winpcap' did not support MP's.  Version 3.0 Beta of winpcap
is said to have some support for MP's.

-Joe

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 13, 2003 12:20 PM
To: [EMAIL PROTECTED]
Subject: RE: OT Re: Snort versus Cisco IDS [7:62939]


Thanks for all the replies. It's very helpful to get a feel for the
differences. To quickly synthesize what I've read, I would say that Cisco's
IDS is an enterprise, end-to-end solution, with improving reliability and
ease-of-use. Snort, on the other hand, is more appropriate for the midsize
or smaller companies with Unix expertise and has all the advantages of an
open-source project, but has some ease-of-use "issues" of its own.

I have a low-cost computer on order. I'm going to squeeze Windows XP into a
small partition (should just wipe it out maybe? ;-) and install Red Hat and
learn Linux better. I'll be tearing my hair out I'm sure! But before long,
I'll have Snort running too.

I guess it only runs on UNIX platforms?

Priscilla

Carroll Kong wrote:
> 
> Backing up what Craig said, Snort is probably better performing
> in
> terms of cost/performance than almost all the IDSes out there, 
> including Cisco.  It does not have a end to end solution to
> make
> one's life easier though, at least not out of the box.
> 
> Of course, you will need some sort of a unix background to set
> it up,
> and I do not mean installing Solaris with GUI tools.  Pretty
> easy to
> anyone who has worked with a FreeBSD or a Linux box (without
> using
> GUI all over the place and/or rpms everywhere).  The idea of no
> GUI
> is probably quite daunting to "enterprise" level engineers. 
> 
> 
> You COULD make it have a lot of the "enterprise level"
> features, but
> it requires a lot of work on your part, and of course no
> commercial
> support, so you are on your own.  (So, add this to your end
> cost...)
> 
> If you want a GUI frontend to snort, you can try Demarc, or
> what they
> call themselves "PureSecure" now.  There are also some freeware 
> analyzers, but Demarc/PureSecure is definately one of the
> nicest
> ones.  Albeit, it had some bugs, fortunately since they give
> you
> their cgis, if you know some perl, you can patch it yourself
> before
> they get around to it.  (unless they changed this behavior, the
> last
> I used was 1.05).
> 
> Puresecure DOES charge for commercial usage, which I suppose
> puts a
> damper on it.  Their licensing is a bit ridiculous.  However,
> the
> pricing should still be very competitive.
> 
> It's a mixed bag, but if you know your Unix, seems like Snort
> is a
> much cheaper (if you know Unix and programming very well, the 
> disadvantages aren't that big) IDS solution.
> 
> If you don't, oh well, like all things in life, pay the price
> for
> one's ignorance.  :)
> 
> > Someone told me in an authoritative voice today that Cisco
> doesn't recommend
> > their IDS. They recommend Snort. Is this really true? Isn't
> Cisco's IDS a
> > big part of SAFE?
> > 
> > Of course, the person who said this doesn't understand that
> Cisco is a huge,
> > chaotic organism, and that saying Cisco does something based
> on what one
> > person does, doesn't make sense.
> > 
> > But I'm just curious, what do you all recommend for intrusion
> detection? How
> > do Snort and Cisco IDS compare? I guess Cisco's solution is a
> bit more
> > complicated, requiring appliances or IDS cards in a switch
> and a console:
> > 
> > Cisco Secure IDS DirectorHP OpenView Network Node Manager
> "plug-in" that
> > runs on UNIX (Solaris and HP-UX)
> > 
> > Cisco Secure Policy Manager (v2.2+)Windows NT-based package
> > 
> > Thanks.
> > 
> > Priscilla
> -Carroll Kong




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62979&t=62939
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN question [7:63380]

[Joseph Brunner]

the office 3000 concentrator will route packets between each spoke
client (3002). Its sort of like a hub & spoke frame relay network in a
routing sense.

For implementation, just make sure the 3002 are passed routes
via their split tunneling network list on the the 3000 concentrator.

Or if your not using split tunneling, the 3002's should be picking up all
routes anyway, as reachable via the 3000 (except their default gateway, or
course!)

You will run network extension mode on with the 3002's (NOT PAT OVER TUNNEL).

The 3002 can't terminate any tunnels, so you can't ipsec connect B & C


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63390&t=63380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: is 10baseT dead? [7:65263]

[Joseph Malin]

Priscilla,

Thanks for the correction on the 1024 vs. 1000.  I had forgotten that
bandwidth uses 1000 instead of 1024.  Rerunning these numbers with 1000
comes up with the last packet accepted is the 1142nd.  (The worksheet is
below.)

I believe our results are not synchronizing because of different readings of
the problem.  As I read the problem, the server with the 100 Mbps link is
not running full out:

Server rate = 100,000 packets per second 
Each packet = 100 bytes

Server rate = 10,000,000 bytes per second
Server rate = 10,000,000 x 8 bits per second
Server rate = 80,000,000 bps = 80 Mbps

Using your elegant ratio method, the 10Mbps side can now receive at 1/8th
the speed the server side is sending out.

At 16 packets 2 have been sent, 14 queued. 
At 48 packets 6 have been sent, 42 queued. 
At 96 packets 12 have been sent, 84 queued. 
At 960 packets 120 have been sent, 840 queued. 
and finally:
At 1142 packets 142.75 have been sent and 1000 are queued (actually 999.25,
but I am going to assume the switch does not remove the packet from the
buffer until it has fully been sent on the wire.)

This would say the 1143rd packet would reach a full buffer and be dropped.  

Let me know if I made any errors...

Thanks,
Joe

Corrected worksheet:
serverpacketsize = 100 bytes 
serverrate = 100,000 pps 
serverrate = 100 bytes x 100,000 pps = 10,000,000 Bps = 10,000,000 x 8 bps =
80,000,000 bps 

clientmax = 10 Mbps = 10 x 1024 Kbps = 10 x 1000 x 1000 bps = 10,000,000 bps


bufferpacketsize = 100 bytes 
buffer = 1000 packets = 1000 x 100 B = 1000 x 100 x 8 b = 800,000 b 

buffer = (severrate - clientrate) x time 

800,000 b = ((80,000,000 bps) - (10,000,000 bps)) x t 
800,000 b = (70,000,000 bps) x t 
t = (800,000 b) / (70,000,000 bps) 

t = 0.011428571428571428571428571428571 seconds until the buffer is 
completely full. 

bitcount = (80,000,000 bps) x t = (80,000,000 bps) x 
0.011508433379980849966855711865655 s = 914285.71428571428571428571428571 b 

packetcount = 914285.71428571428571428571428571 b / 100 B = 
914285.71428571428571428571428571 b / 800 b =
1142.8571428571428571428571428571 

The 1142th packet will go through and the 1143th will be the first to be 
dropped due to a buffer overflow. 

-Original Message-
From: Priscilla Oppenheimer
To: [EMAIL PROTECTED]
Sent: 3/13/2003 6:54 PM
Subject: RE: is 10baseT dead? [7:65263]

So, here was my thinking. Feel free to correct me if there are holes in
my
logic.

Notice I didn't ask about time, although the fact that you used time is
fine
and maybe got you a better answer. ;-)

The question was after how many packets sent by the server will the
switch
start dropping packets? So, considering I said after how many, then
actually
the answer I get is  packets. The 1112th packet is dropped.

Here was my (possibly flawed) logic. The 10 Mbps side can send at 1/10th
the
speed of the 100 Mbps.

Let's assume the first packet isn't queued at all and starts going out
right
away. The next 9 packets are queued. They can't be sent because the port
is
still sending the first packet at 10 Mbps, but they have arrived since
the
servers is sending at 100 Mbps, so they must be queued. (Hmm, I wonder
if
that should be 10 packets queued actually)

At 20 packets 2 have been sent, 18 queued.
At 50 packets 5 have been sent, 45 queued.
At 100 packets 10 have been sent, 90 queued.

At 1000 packets (buffer size), 100 have been sent, 900 queued.

We're still OK.

At 1100 packets, 110 have been sent, 990 have been queued.
At 1110 packets, 111 have been sent, 999 queued.

We're getting close!

At  packets, 111. have been sent, 1000 queued.

The 1112th packet is dropped.

Priscilla





Priscilla Oppenheimer wrote:
> 
> You win! However, I got the 1112 packet. :-)
> 
> When you said the clientmax = 10 Mbps = 10 x 1024 Kbps = 10 x
> 1024 x 1024 bps = 10,485,760 bps, you shouldn't have multiplied
> by 1024. Bandwidth is just in 10s, not powers of 2s.
> 
> Do you get 1112 if you take that into account??
> 
> Thanks,
> 
> Priscilla
> 
> Joseph Malin wrote:
> > 
> > Priscilla,
> > 
> > Never one to turn down a math problem, and my apologies if
> > someone has
> > already sent this in (and to any statisticians for my lack of
> > handling of
> > significant digits), but in answer to the question you posed
> > earlier:
> > 
> > t = 0.011508433379980849966855711865655 seconds until the
> > buffer is
> > completely full.
> > After the 1150th packet the buffer will be full.  The 1151st
> > packet will be
> > the first to be dropped.
> > 
> > -
> > The work:
> > serverpacketsize = 100 bytes
> > serverrate = 100,000 pps
> > serverrate = 100 bytes x 100,000 pps = 10,000,000 Bps =
> > 10,000,000 x 8 bps =
> &g

RE: is 10baseT dead? [7:65263]

[Joseph Malin]

Priscilla,

Never one to turn down a math problem, and my apologies if someone has
already sent this in (and to any statisticians for my lack of handling of
significant digits), but in answer to the question you posed earlier:

t = 0.011508433379980849966855711865655 seconds until the buffer is
completely full.
After the 1150th packet the buffer will be full.  The 1151st packet will be
the first to be dropped.

-
The work:
serverpacketsize = 100 bytes
serverrate = 100,000 pps
serverrate = 100 bytes x 100,000 pps = 10,000,000 Bps = 10,000,000 x 8 bps =
80,000,000 bps

clientmax = 10 Mbps = 10 x 1024 Kbps = 10 x 1024 x 1024 bps = 10,485,760 bps

bufferpacketsize = 100 bytes
buffer = 1000 packets = 1000 x 100 B = 1000 x 100 x 8 b = 800,000 b

buffer = (severrate - clientrate) x time

800,000 b = ((80,000,000 bps) - (10,485,760 bps)) x t
800,000 b = (69,514,240 bps) x t
t = (800,000 b) / (69,514,240 bps)

t = 0.011508433379980849966855711865655 seconds until the buffer is
completely full.

bitcount = (80,000,000 bps) x t = (80,000,000 bps) x
0.011508433379980849966855711865655 s = 920674.6703984679973484569492 b

packetcount = 920674.6703984679973484569492 b / 100 B =
920674.6703984679973484569492 b / 800 b = 1150.8433379980849966855711865

The 1150th packet will go through and the 1151th will be the first to be
dropped due to a buffer overflow.
--

***Please note: this all assumes a connectionless protocol.  TCP will not
overload the switch as the server will wait for the ack's before sending
more packets.  I believe many UDP based applications also implement some
sort of acknowledgment at a higher (then transport) OSI level

-Joe


The Question:
> Here's a hypothetical scenario:
> 
> The server has a 100-Mbps NIC. It is connected to the switch.
> The client has a 10-Mbps NIC. It is also connected to the
> switch.
> 
> The switch has 1000 buffers. Each buffer holds a 100-byte
> packet.
> 
> The server is sending 100,000 packets per second as fast as it
> can (i.e. with no significant gap between the packets). Each
> packet is 100 bytes.
> 
> The switch is sending the packets out the 10-Mbps port as fast
> as it can.
> 
> After how many packets sent by the server will the switch start
> dropping packets?
> 
> A free book to anyone who gets the right answer! You must show
> your work. :-)
---






-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 13, 2003 12:56 AM
To: [EMAIL PROTECTED]
Subject: RE: is 10baseT dead? [7:65263]


It's been a long day.

Priscilla

Priscilla Oppenheimer wrote:
> 
> > DeVoe, Charles (PKI) wrote:
> > > 
> > > What about htis. 
> > > The server tries to dump data to the client
> > > over the 10M
> > > pipe.  The client cannot accept it as fast as the server can
> > > put out.
> > > Having a slower line to the client in effect will cause
> > > degradation at the
> > > server.
> 
> I have a better answer and question than my previous wisecrack.
> :-) I also bumped the conversation to the top of the Web site.
> 
> Answer: The problem won't be the client not keeping up. The
> problem will occur at a store-and-forward switch between the
> server and client. (To connect 100-Mbps to 10-Mbps requires a
> store-and-forward device. Let's say it's a switch.)
> 
> So, the engineering question becomes, at what point will this
> mythical store-and-forward switch start dropping packets?
> 
> Here's a hypothetical scenario:
> 
> The server has a 100-Mbps NIC. It is connected to the switch.
> The client has a 10-Mbps NIC. It is also connected to the
> switch.
> 
> The switch has 1000 buffers. Each buffer holds a 100-byte
> packet.
> 
> The server is sending 100,000 packets per second as fast as it
> can (i.e. with no significant gap between the packets). Each
> packet is 100 bytes.
> 
> The switch is sending the packets out the 10-Mbps port as fast
> as it can.
> 
> After how many packets sent by the server will the switch start
> dropping packets?
> 
> A free book to anyone who gets the right answer! You must show
> your work. :-)
> 
> Priscilla
> 
> 
> 
> > > 
> > > -Original Message-
> > > From: Steven Aiello [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, March 12, 2003 11:02 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: is 10baseT dead? [7:65077]
> > > 
> > > 
> > > Scott,
> > > 
> > >I think you have a great point, it seems that most of the
> > > computer
> > > technologies we have today are not taken full advantage of. 
> > > However
> > > instead of taking the air out the sale's staff sales as it
> > were
> > > ( no pun
> > > intended ).  Why not suggest upgrade from the Idf's to the
> > > server farm.
> > >   You could suggest Ether Channel to combine some of the
> runs
> > > you have
> > > put in ( I'm sure ) when you are upgrading your netw

RE: CID 640-025 [7:66041]

[Alan Joseph]

Does anyone out there in the wild vast yonder of Cisco Cert Land know if
Atalk and IPX are still on the CID 3.0 (640-025) test ?

It doesn't show up on the exam desciription...

http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam
s/640-025.html

Mahalo!

Joe

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2003 1:10 PM
To: [EMAIL PROTECTED]
Subject: RE: What is a distributed/collapsed backbone? [7:65225]


According to CID "lingo" a collapsed backbone is a single router or switch
acting as a backbone in a campus design model. It contrasts with a
distributed backbone where routers or switches are spread out among floors
or buildings, all connected together via something like FDDI. (Yes, CID
still has FDDI in it!)

Maybe that picture you are looking at is an error.

Good luck with CID. It's a fun one! :-)

Priscilla

Marc Thach Xuan Ky wrote:
>
> Hi all,
> I thought I'd do 640-025 CID before it disappears, so I started
> reading
> the Ciscopress book, CID exam certification guide.  Now in
> chapter 2,
> section "Issues facing campus LAN designers" (I'm using Safari
> books
> online so I don't know the page number) it shows figs 2.4 and
> 2.5
> distributed and collapsed backbones respectively.  The
> distributed
> backbone shows per floor, one router and one switch, the
> collapsed
> backbone shows a single router for the building fanning out to
> one
> switch per floor.  Fair enough I guess, but the scenario 1, Q2
> in the
> same chapter asks what backbone to use in a particular case and
> then
> answers it with "distributed backbone" and a picture fig 2.8
> that looks
> rather like the collapsed backbone shown earlier.  I obviously
> have to
> learn Ciscospeak for the exam so can anybody tell me, which is
> it?
> rgds
> Marc




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66041&t=66041
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CID 640-025 [7:66103]

[Alan Joseph]

Reposting...

Does anyone out there in the wild vast yonder of Cisco Cert Land know if
Atalk and IPX are still on the CID 3.0 (640-025) test ?

It doesn't show up on the exam desciription...

http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam
s/640-025.html

Mahalo!

Joe

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 12, 2003 1:10 PM
To: [EMAIL PROTECTED]
Subject: RE: What is a distributed/collapsed backbone? [7:65225]


According to CID "lingo" a collapsed backbone is a single router or switch
acting as a backbone in a campus design model. It contrasts with a
distributed backbone where routers or switches are spread out among floors
or buildings, all connected together via something like FDDI. (Yes, CID
still has FDDI in it!)

Maybe that picture you are looking at is an error.

Good luck with CID. It's a fun one! :-)

Priscilla

Marc Thach Xuan Ky wrote:
>
> Hi all,
> I thought I'd do 640-025 CID before it disappears, so I started
> reading
> the Ciscopress book, CID exam certification guide.  Now in
> chapter 2,
> section "Issues facing campus LAN designers" (I'm using Safari
> books
> online so I don't know the page number) it shows figs 2.4 and
> 2.5
> distributed and collapsed backbones respectively.  The
> distributed
> backbone shows per floor, one router and one switch, the
> collapsed
> backbone shows a single router for the building fanning out to
> one
> switch per floor.  Fair enough I guess, but the scenario 1, Q2
> in the
> same chapter asks what backbone to use in a particular case and
> then
> answers it with "distributed backbone" and a picture fig 2.8
> that looks
> rather like the collapsed backbone shown earlier.  I obviously
> have to
> learn Ciscospeak for the exam so can anybody tell me, which is
> it?
> rgds
> Marc




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66103&t=66103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IP route to Null0? [7:66755]

[Joseph Brunner]

What's sloppy about it ?

Would you prefer the overhead of an acl ?

Please suggest a better way..

But with the AD in there set to 200, it looks like a route
in a "holding pattern" for bgp redistribution.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66759&t=66755
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Hybrid vs. Native [7:66766]

[Joseph Brunner]

HYBRID, Especiall for someone like you who needs uptime/redundancy.

In hybrid, if the MSFC dies, you don't loose the whole switch,
just intervlan routing, etc. You can still telnet to the supervisor
engine to get and and find out whats up.

In native the whole switch dies and your burned.

Cisco's answer- buy two sup2/msfc2/pfc2 boards and run high
availability.. No thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66780&t=66766
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN CONCENTRATOR Parallel FW [7:66819]

[Joseph Brunner]

You need a router when running them parrallel.
The router will determine internet traffic goes to the pix, remote
vpn lan's etc go to the vpn 3000.

Mine is like

VPN 3000 PIX
10.0.0.210.0.0.10


   10.0.0.0/24

10.0.0.1
  RTR
192.168.0.1

SERVERS 192.168.0.0/24


This way no servers need "route" commands to know where
to route what. And you guessed it, my vpn clients get addresses
on the subnet between router and vpn (10.0.0.0/24)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66843&t=66819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VPN CONCENTRATOR Parallel FW [7:66819]

[Joseph Brunner]

No Read what the tunnel default gateway does... (from the concentrator
page where you set it)

"Enter the IP address of the default gateway or router for tunnels. Enter
0.0.0.0 for no default router."

This is used to have a different gateway for IPSEC tunnels than
for ip routing.. 

What we are discussing is how servers with two possible next hops,
a pix and a vpn, will determine which to use for what subnets.

The servers (defaulted to the pix) have to bypass it to speak to
remote subnet (and use the concentrator instead).
A common workaround (one I used to employ) was NT route add statements
for each subnet that should "bypass" the pix, their default gateway,
and use the Concentrator instead. A better and more scalable
solution is to put a router between the concentrator and pix internal
segment, and the servers.

INBOUND
For inbound internet and inbound ipsec tunnel traffic back, 
the pix and the vpn concentrator have a route to the "server's subnet" with
the router as the next-hop.

OUTBOUND
Subnets reachable via vpn 3000 are routed to the vpn concentrator's private
interface, a default route for Outbound Internet traffic is towards the pix.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66865&t=66819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]