RE: ebgp-multihop default value?? [7:66157]
255 is the default. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 10:26 AM To: [EMAIL PROTECTED] Subject: ebgp-multihop default value?? [7:66157] Hello, Is the ebgp-multihop default value = 255 ?? From all the examples that I have seen and done, it has always been set to a number ex. 2 or 200 or 255 etc. but doing an example from CCO, is just uses the cmd. # neighbor a.b.c.d ebgp-multihop - with no value and it works!! Thus, I am assuming that the ebgp-multihop default value = 255?? Anyone?? Thank you. Sincerely, CN _ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66166t=66157 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with EIGRP [7:65314]
I think you answered your own question it needs to be added to the network command. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Lesly Verdier [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: Problem with EIGRP [7:65314] Dear Group, I've a problem with EIGRP and hopefully someone can shed some light. I have a backbone router (bbr1) with two loopback interfaces, (loopback0 172.16.10.100 and loopback1 172.16.11.100), s1 (10.1.1.100/24) which is connected to router p1r1. On bbr1 I have applied the commands: router eigrp 200 network 10.0.0.0 On router p1r1 I have s1 (10.1.1.1/24) connected to bbr1 and I have applied the commands: router eigrp 200 network 192.168.1.0 network 10.0.0.0 When I do show ip route on p1r1 I do not see the loopback interfaces from bbr1. According to my book I should have seen in the routing table of p1r1: D EX 172.16.10.0 [170/40537600] via 10.1.1.100, Serial1 D EX 172.16.11.0 [170/40537600] via 10.1.1.100, Serial1 These routes don't show up and I can't ping them either. If I add the command network 172.16.0.0 on bbr1, the routes appear in the routing table of p1r1 but without EX. Is it normal to add a network command for your loopback interfaces? Probably there is something else I'm doing wrong. But what?? Thanks, Lesly Verdier Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65340t=65314 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISP OSPF Design [7:65316]
I am assuming you are talking about across the Backbone of the ISP. The internal protocol used by some large ISP's is ISIS. If you are talking about external protocols look at BGP. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Chris Headings [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: ISP OSPF Design [7:65316] Good morning all, Does anyone out there know of either a good white paper or book that shows some ISP OSPF designed networks? I am trying to find something that is more geared towards service providers rather than corporate network LAN design. Thanks as always... Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65339t=65316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ??? IS-IS ??? [7:63938]
Read the BSCI. This will give you an ovrview of the protocol. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Michael Cinquanti [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 10:59 PM To: [EMAIL PROTECTED] Subject: ??? IS-IS ??? [7:63938] Peter van Oene has authored a two-part Study Guide that's been quite well received at CertificationZone. Hello All, I'm wondering was IS-IS is. No pun intended. I'm assuming it's a routing protocol? I've gone through Cisco, CCNA acad. and have my CCNA and I've even started going over Semester 5 for the CCNP, but IS-IS is no where to be found... Is this a new protocol? Or does someone know where I can find a good over view? Thanks for brain food, Steve -- Mike Cinquanti President Genium Publishing Corporation Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63979t=63938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: adding new switch to VTP domain [7:63654]
For the second practice do the following. 1 Clear config all 2 Power cycle the switch 3 If server mode is used make sure the configuration revision number is 0 Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: John Brandis [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: adding new switch to VTP domain [7:63654] Hi All, Tommorrow I will be adding a new 2950 to my switch fabric. I will add another GBIC copper module to my 4006. Does any one know if I can just insert it whilst on ? I remember last time I done this under the old IOS for the 4006 with the supIII, it had a cow and just died. I have the latest IOS on the cat 4006 supIII now and I wonder if it will be an issue ? Also, a gotcha I came across because I do things sometimes to quick (lesson for learners, dont do stupid things) I added a new switch to my VTP domain, and lost info such as VLAns and the like. What I tend to do these days, is the make the switch a client on the VTP domain, before inserting it, change the vtp domain, add it with the cables, then change the vtp domain info back but keeping it a a client. Is this good practice ? Any one know about my first issue ? John ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63664t=63654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet Connections [7:62863]
What is the T1's purpose? If it is for failover add a route map with a metric for the BGP. I am not sure who your provider is; however, they may be doing some static routing. If you have more information on your setup and what you are trying to accomplish I can give more input. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 9:19 AM To: [EMAIL PROTECTED] Subject: Internet Connections [7:62863] I have a class B network subnetted using a 21 bit mask. This network has 2 connections to the internet, 1 is by a T3 the other is a 512K T1. Each connection to the internet comes out of a subnet, goes through a firewall, and then through a Cisco 7200 router. We have static routes in place to assure that the returning packets go to the proper firewall. I don't know for sure if the routers connecting to the internet are running BGP or some thing else. We have seen packets go out one interface and return on the other. I suspect that something is not right with the border routers. Any thoughts or suggestions? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62920t=62863 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: newbie: removing an ip route to loopback [7:62811]
This is the address of the loopback. conf t int loopback 0 no ip address 10.0.0.X 255.255.255.0 Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: J. Johnson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 12:23 PM To: [EMAIL PROTECTED] Subject: newbie: removing an ip route to loopback [7:62811] Please pardon my newbieness ... I have a router with this in the routing table: Router#show ip route 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 Router# I would like to remove it. However, the following (and several variations) doesn't do the trick: Router(config)#no ip route 10.0.0.0 255.255.255.0 Loopback 0 %No matching route to delete Router(config)# This command with other addresses works the way I would expect it to work. E.g. I can do ip route 10.0.0.3 255.255.255.255 Loopback 0 and the route appears, and then no ip route 10.0.0.3 255.255.255.255 Loopback 0 and the route is gone. Presumably the difference is that the 10.0.0.0 address is a network address. Is there a way to remove it? This router is a 3620 shared by several people in a lab environment. I don't know how this route got into the table. James Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62840t=62811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Password recovery [7:62738]
Try the following Break into router, next copy start to run, change password, copy run to start, change config register back. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Philip van Dalen [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 5:53 AM To: [EMAIL PROTECTED] Subject: Password recovery [7:62738] Hi I need to recover the password for a CISCO 2611 without wiping the config? Any idea's? Philip Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62757t=62738 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simple Ip issue (need help) [7:62728]
If you ping you are probably pinging the Local IP.Try debug ip icmp to verify what you are pinging. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Monu Sekhon [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: RE: Simple Ip issue (need help) [7:62728] Hi All, Thanx again for all for contribution confusion still there , I am pinging remote side and I am able too. any comments from all(still confused with answers) Walker, James - Is wrote: Only problem is which side are you pinging -Original Message- From: John Murphy [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: Simple Ip issue (need help) [7:62728] If you're asking what I think you're asking, then I think your answer is yes, but you won't be able to pass any traffic across the circuit. Unless you've confused me (it doesn't seem I would be the only one), then the answer might not be the same. - Original Message - From: Monu Sekhon To: Sent: Monday, February 10, 2003 12:13 AM Subject: Simple Ip issue (need help) [7:62728] Hi All, I have very simple question, Can we use duplicate ips on serial interfaces among them seleves although we cannot use duplicate ip on serial with Ethernet(lan interface) or loopback interface. My topology is like this Client router server router(connected back to back) 2 interfaces 2 inetrfaces these routers connected back to back configuration int serial 0/0 encap hdlc ip address 1.1.1.1 255.255.255.0 int serial 0/1 ip address 1.1.1.1 255.255.255.0 encap hdlc now if all the two interfaces of serial even if given duplicate ip among themselves works fine. no error from cli .interfaces are up and i am able to ping remote side. The ques is that 1) Lan interface also was in different subnet but serial interface doesnot accept that ips as duplicate or of loopback 2)What Implication such have on my design ,any limitation it has Does this type of design can be used, This is small thing is confusing me about ip. Thanx in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62765t=62728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Any help appreciated - Router will not route.... [7:62568]
Do you have a traceroute at where it died at? Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Keith Campbell [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 5:58 PM To: [EMAIL PROTECTED] Subject: Re: Any help appreciated - Router will not route [7:62568] Hmm, I don't think the problem lies with the ISDN or its capabiltiy to dial, as DW mentioned, pings are possible from router to router, so a route is possible, just not from the LAN. possibly a better debug would be debug ip icmp an then run either extended pings from the Fast Ether, or from the client on the LAN. HTH Keith Juntao wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'd check the isdn stuf, deb dialer, deb isdn q931, etc... DW a icrit dans le message de news: [EMAIL PROTECTED] When the primary is up the route table shows: 192.1.1.0/24 is variably subnetted, 2 subnets, 2 masks S 192.1.1.0/24 is directly connected, Serial0/0:1 C 192.1.1.25/32 is directly connected, Serial0/0:1 When the primary goes down it shows: 192.1.1.0/24 is variably subnetted, 2 subnets, 2 masks S 192.1.1.0/24 is directly connected, BRI1/1 C 192.1.1.25/32 is directly connected, BRI1/1 This is why I don't understand why it will not work !! Thanks, Derek wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What does your route table show on both routers? Mark I have a 3640 router (Pri rate Interface / backup ISDN interfaces) that is not performing as I thought it would...One of the channelised interfaces went down yesterday and the backup ISDN for that line kicked in, however I could no longer ping into the remote site once the backup came up - The remote router is a 1720. I could ping from router to router (In both directions). I could not ping from a client in Site A to router in Site B, or beyond. I could not ping from a client in Site B to router in Site A, or beyond. Below is part of the config: SITE A - 3640 interface FastEthernet0/0 ip address 192.168.25.25 255.255.255.0 duplex auto speed 100 no cdp enable interface Serial0/0:1 bandwidth 128 backup delay 20 20 backup interface BRI1/1 ip unnumbered FastEthernet0/0 no ip directed-broadcast encapsulation ppp fair-queue 64 256 0 no cdp enable interface BRI1/1 ip unnumbered FastEthernet0/0 no ip directed-broadcast encapsulation ppp dialer idle-timeout 300 dialer string dialer hold-queue 20 dialer-group 1 isdn switch-type basic-net3 no cdp enable ppp authentication chap ip route 192.1.1.0 255.255.255.0 Serial0/0:1 ip route 192.1.1.0 255.255.255.0 BRI1/1 50 access-list 100 permit ip any any access-list 100 permit icmp any any dialer-list 1 protocol ip list 100 SITE B - 1720 interface BRI0 ip unnumbered FastEthernet0 encapsulation ppp dialer idle-timeout 300 dialer string XXX dialer hold-queue 50 dialer-group 1 isdn switch-type basic-net3 ppp authentication chap ! interface FastEthernet0 ip address 192.1.1.25 255.255.255.0 speed auto ! interface Serial0 bandwidth 128 backup delay 20 20 backup interface BRI0 ip unnumbered FastEthernet0 ! ip classless ip route 192.168.25.0 255.255.255.0 Serial0 ip route 192.168.25.0 255.255.255.0 BRI0 50 no ip http server ! access-list 100 permit ip any any access-list 100 permit icmp any any dialer-list 1 protocol ip list 100 Can anyone out there see anything obviously wrong with the above config Thanks in advance. Derek Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62786t=62568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IP unnumbered for HDLC connection [7:62134]
If it is a loopback address lets say 192.168.1.2 255.255.255.252 the router will see the netblock local to the router. Lets say the other end is 192.168.1.1 255.255.255.252 Point-to-point. Try putting a route statement ip route 192.168.1.1 255.255.255.255 out the interface. This creates a more specific route for that IP. Daniel Ladrach CCNP,CCNA WorldCom -Original Message- From: Deepak N [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 4:07 PM To: [EMAIL PROTECTED] Subject: IP unnumbered for HDLC connection [7:62134] HI All I have simple configuration of HDLC connected back to back. If i give ip unnumbered at one end and the static ip address at the other end, I cant ping the either end. But when i give show ip int brief, it shows the line and protocol are up. If i give ip unnumbered at both ends, now i am able to ping either end. could anybody help me out in this. Regards Deepak Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62181t=62134 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: L3 Switching Swtich/Router Comparsion [7:62166]
A layer 3 switch is a switch with an RSM in it so the functionality would be the same as a router on a stick. You are still going to route once switch many(CAM table). Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 2:03 AM To: [EMAIL PROTECTED] Subject: L3 Switching Swtich/Router Comparsion [7:62166] Dear All, Need your advice on the following scenario: I am using VLANs to provide the partitons for the traffic (voice and data) from various departments. In order to provide routing between various VLANs, I would need a router to do so. Please advice if there are any difference in the functionalities etc. if I use 1) a L3 switch for routing between VLANs, 2) a L2 switch followed by a router for routing between VLANs. Thanks in advance! Maurice Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62186t=62166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question? [7:61716]
I have done this several times and never experienced the issue below. As long as you are on the console port this should not be an issue. I would be curious to know what type of modem you are using and dip switch settings. I generally use US robotics. -Original Message- From: Charles D Hammonds [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 12:45 AM To: [EMAIL PROTECTED] Subject: RE: Question? [7:61716] I have not been able to perfrom password recovery via a modem connected directly to console. When the router reloads, you get disconnected and have to re-dial which by that time is too late to break. In my experience, I have had to dial up to a 2511 and connect to console of the problem router that way... Charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Williams Sent: Thursday, January 23, 2003 2:24 PM To: [EMAIL PROTECTED] Subject: RE: Question? [7:61716] Uh... if he could get into enable mode to issue a 'reload' command, he could just change the password and there wouldn't be any need to do a password recovery?!?!? Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61773t=61716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question? [7:61716]
You should be fine. Just make sure you are on the console port. Also, verify the break sequence for your terminal emulation software. -Original Message- From: Gonzalez, Edwin R Sent: Thursday, January 23, 2003 4:04 PM To: [EMAIL PROTECTED] Subject: Re: Question? [7:61716] I want to do a password recovery over a dialup modem conected to the console port. Is it possible or do I have to be physically present at the router? Captian Lance wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Depends on what you mean by dialup? If you can get to enable mode you can restart the router. Just type 'reload'. uh don't forget to do a wri mem (copy run start). Lance Edwin Gonzalez wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is it possible to reload a router over dial up to change the password or do I have to be physically at the router? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61723t=61716 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX to Router -Urgent [7:61450]
This is possible. We currently build VPN's over DSL without any problems. Daniel Ladrach CCNP,CCNA WorldCom -Original Message- From: Guruprasad Sanjeevi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: PIX to Router -Urgent [7:61450] Hi group, I have a situation of setting up a VPN for my 2 branch offices over internet. One office in India and the other in US. I need to establish the VPN with a Cisco router and a PIX. First of all, I would like to know if its possible .The complication for me is branch office PIX is not directly connected to internet but thru a DSL router . Please help Thanks and Regards Guruprasad [GroupStudy.com removed an attachment of type application/ms-tnef which had a name of winmail.dat] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61460t=61450 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnet question [7:60711]
I would set up VLAN's keep in mind you need to route between VLAN's. This is done via RSM or router on a stick. -Original Message- From: Tamhankar, Nitin [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 11:40 AM To: [EMAIL PROTECTED] Subject: Subnet question [7:60711] This might be a very elementary question for some of you guys but I would appreciate the answer. If an office which has 3 different floors and has Cisco routers and catalyst switches and windows environment. We need to configure it in such a way that each floor is on its own subnet for example floor1 100.10.1.0 floor2 100.10.2.0 floor3 100.10.3.0 Also if a computer which has IP address in subnet 100.10.1.0 is moved from floor 1 to floor 2, it should not communicate with the network unless its IP address is changed to one in 100.10.2.0 subnet. How it can be accomplished? Thank you Nitin [GroupStudy.com removed an attachment of type application/ms-tnef] Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60821t=60711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Subnet question [7:60711]
I would set up VLAN's keep in mind you need to route between VLAN's. This is done via RSM or router on a stick. Daniel Ladrach CCNA, CCNP WorldCom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60836t=60711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
I just want to make one more comment. I worked with a CCIE candidate not to long ago that did not know what port 80 was. Also, he took the lab and did fairly well. Daniel Ladrach CCNA, CCNP WorldCom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60518t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
I do respect every CCIE out there. I have friends working on their CCIE's and I see the hard work they are putting in. I know this is not an easy certification to achieve. I also think every CCIE should be proud of their accomplishments. In my opinion an MBA opens more doors. I have never argued which one is better or which is harder; however, a certification should never be used in place of an education. I do believe the best candidate is probably going to have both. Daniel Ladrach CCNA, CCNP WorldCom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60530t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
I have an MIS degree from The Ohio State University Max Fisher College of Business. I see some posts out there saying that a CS degree is no more than a vocational degree. Obviously this person has not been to college! College is not there to prepare you to step in and do a Sr. Engineer job, it is there to give you a base understanding of IT. I however, have a business degree with an IT focus. So, when you have been through the classes I have you form a level of respect for anyone who has been down the same road. When the CCIE gets as challenging as the following let me know. Calculus Physics Finance Accounting Economics CS-programming CS-operating systems CS-networking Daniel Ladrach CCNA, CCNP WorldCom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60103t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router Configuration Question [7:60026]
I have worked with the small business server in the past. Are you asking how to have the Small business server communicate to the router? If so you can set up routing on the SB server (The reason I am assuming this is most Small companies do not have LAN router. So, default Gateway is the Small Business Server) The router ends up being Gateway to internet. However, I am not sure what you are trying to set up. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: James Gruggett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 31, 2002 12:25 PM To: [EMAIL PROTECTED] Subject: Router Configuration Question [7:60026] Here is the situation: I have a 1700 series router and a T1, a cisco switch, and a file server. I am removing both Exchage and IIS services. How should I configure my router? Thanks [GroupStudy.com removed an attachment of type text/x-vcard which had a name of james.gruggett.vcf] Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60037t=60026 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4500 Series Router [7:59806]
In my experience when you get invalid magic number the flash is empty or filesystem is corrupt. Use the Xmodem console download procedure. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Walker, James - Is [mailto:[EMAIL PROTECTED]] Sent: Friday, December 27, 2002 7:34 AM To: [EMAIL PROTECTED] Subject: RE: 4500 Series Router [7:59806] On the 4500, I can only get to rommon state. I cannot use show nor the format commands. It is using the boot rom image, 5.3(16). There has to be a way using the set command. Thanks, Jim -Original Message- From: Mark W. Odette II [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 26, 2002 7:10 PM To: [EMAIL PROTECTED] Subject: RE: 4500 Series Router [7:59806] Jim, Based upon 12.1 IOS... See CCO for docs on how to copy a replacement image onto the router.. http://www.cisco.com/univercd/cc/td/doc/product/software/ios12 1/121cgcr/ fun_c/fcprt2/fcd203.htm You obviously have local access to the device, as assumed by the output you have posted; from the console session, check the boot parameters with a SHOW BOOTVAR. If you are sure the flash memory is not damaged, then I would format the flash, and then tftp a new copy of the IOS image onto it. See CCO for information on setting the boot variable. http://www.cisco.com/univercd/cc/td/doc/product/software/ios12 1/121cgcr/ fun_c/fcprt2/fcd205.htm#xtocid2 HTHs, Mark -Original Message- From: Walker, James - Is [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 26, 2002 4:33 PM To: [EMAIL PROTECTED] Subject: 4500 Series Router [7:59806] All, Anyone know how to recover from a empty flash on a 4500 series router? I'm getting the following message: device does not contain a valid magic number boot: cannot open bootflash: an alternate boot helper program is not specified (monitor variable BOOTLDR is not set) and unable to determine first file in bootflash loadprog: error - on file open boot: cannot load cisco2-C4500 I combed the CCO, no luck. TIA Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59835t=59806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 4500 Series Router [7:59806]
In my experience when you get invalid magic number the flash is empty or filesystem is corrupt. Use the Xmodem console download procedure. Sorry if this posts twice, I am having problems posting to the news group. Daniel Ladrach CCNA, CCNP WorldCom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59837t=59806 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Vs. BS or MS dergree [7:59481]
I think the key is to know what you are going to college for. I Have A degree from The Ohio State University, Max Fisher College of Business in MIS. I also, am enrolled at Franklin University MBA in MIS. Lastly,I admit to having my CCNP (working on CCDP). Of all the tests I have taken over the years the Cisco exams are by far the easiest. I think we need to be realistic when comparing Certs Vs. Education. It took me 4 months to get my CCNP it took me 6 Years to get my education. The CCIE would probably take me as long to prepare for as my MBA; however, I think the MBA will open up far more doors. Calculus, Physics, Finance, Accounting, Economics to name a few to receive a degree. Remember you don't just take one of each you take several. I agree with the course load listed in the e-mail below. -Original Message- From: J.D. Chaiken [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 10:07 AM To: [EMAIL PROTECTED] Subject: Re: CCIE Vs. BS or MS dergree [7:59481] If that were the real reading list for a BS degree, I would *LOVE* it. My problem is that they make you read all the fluffy stuff that you never wanted to read in the first place, and didnt go to college for, but they make you read anyway. And further, lets say you were an english major, do you really think that Calculus I would help you there? Jarett Charlie Wehner wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What's more difficult? a) Memorizing configuration scenerios and commands on a Cisco router b) Understanding Calculus, Differential Equations, Numerical Analysis, Chemistry, Physics and Electrical Engineering well enough to create a meaningful experiment. One of my friends is working on his masters in Physics right now. What he's working on makes the CCIE look like a walk through the park. Seriously, what if the recommended reading list for the CCIE exam looked like this: Physics I and II Calculus I,II,III Differential Equations Mechanics Circuit Analysis I and II Linear Systems Thermodynamics Quantum Mechanics Optics Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59799t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP question [7:43163]
Customer needs to get their own AS. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Junkie [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 9:48 PM To: [EMAIL PROTECTED] Subject: RE: BGP question [7:43163] You shouldn't have a problem at all. I have done this a few times, just make sure that both ISP's know you have a multihomed network and what block the other ISP provided. Just like Jason mentioned, it's AS to AS...but we had a situation where the ISP had to add the other ISP's block into an access list. Most of the bigger providers will have a form to fill out, with Sprint and WCOM they ask if you are multihomed and also ask for all of the public blocks You're good with it... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steven A. Ridder Sent: Thursday, May 02, 2002 4:28 PM To: [EMAIL PROTECTED] Subject: BGP question [7:43163] Here's a question I can't seem to answer. I came up with a scenario in my head, and now I can't find a solution. Example: I have a dual homed network via BGP. I have ISP 1 and they give me 209.21.220.1/20 for use, and ISP gives me 199.33.23.1/21. Say I use the 209.x.x.x for my web servers, mail server, etc, and advertise that back out to the Internet via ISP 1 (the ISP that assigned me the block) and in DNS. I'm assuming ISP 2 will not advertise that block for me, as it's ISP 1's block. So, now the whole world knows to get to me via ISP 1. Then let's say ISP 1 goes down, how would the world know how to get to me, if they only knew how to get to me Via ISP 1 and it's IP's? -- RFC 1149 Compliant Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43219t=43163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I measure traffic through a 2600 router (over [7:43245]
MRTG, it is free! Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Wayne Jang [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 10:39 AM To: [EMAIL PROTECTED] Subject: How can I measure traffic through a 2600 router (over time/1 [7:43224] I have a client that wants to know how much traffic is passing through his router. They are ordering new service and want to know how much bandwidth to order. What utility should I use? Thanks Wayne Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43245t=43245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IGRP to EIGRP redistribute problem (VLSM to FLSM) [7:43222]
If an IGRP process and an EIGRP process have the same process IDs, they will redistribute automatically. Change your router eigrp 100 to router eigrp 10. Doyle Volume 1 has some good information in it. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Tey Haw Ching [mailto:[EMAIL PROTECTED]] Sent: Friday, May 03, 2002 9:53 AM To: [EMAIL PROTECTED] Subject: IGRP to EIGRP redistribute problem (VLSM to FLSM) [7:43222] HI all, Need some advise on the following IGRP to Eigrp route distribute problem. Problem: 137.33.0.0 is possible down after a while at both r5 and r6. End result to achieve: r6 can ping r5 loopback0 or r5 to r6. Both R5 and R6 have a loopback ip address(137.33.5.5/32 and 137.33.6.6/32) which using Host subnet. The problem seem to be FLSM to VLSM route distribute and I have try all the possible way(e.g. summary, policy route, distribute-list and tunnel) but still have not idea how to resolve the above problem. R6 is running both IGRP and EIGRP. Below is the configuration. R5 - host r5 interface Loopback0 ip address 137.33.5.5 255.255.255.0 ! interface Ethernet0 no ip address no keepalive ! interface Serial0 no ip address no keepalive shutdown no fair-queue clockrate 64000 ! interface Serial1 bandwidth 64000 backup delay 3 3 backup interface BRI0 ip address 134.1.56.5 255.255.255.0 clockrate 64000 ! interface Serial2 no ip address shutdown ! interface Serial3 no ip address shutdown ! interface BRI0 description ISDN No 7952 1478 bandwidth 64000 ip address 134.1.35.5 255.255.255.0 encapsulation ppp dialer map ip 134.1.35.3 name r3 79529389 dialer load-threshold 192 outbound dialer watch-group 1 dialer-group 1 isdn switch-type basic-net3 ppp authentication chap callin ppp multilink ! router igrp 10 timers basic 5 5 5 5 redistribute connected network 134.1.0.0 network 137.33.0.0 metric weights 0 1 1 1 0 0 ! ip local policy route-map pol1 ip kerberos source-interface any ip classless no ip http server ! access-list 1 permit 137.24.0.0 access-list 1 permit 137.33.6.6 access-list 1 permit 137.33.2.2 access-list 1 permit 137.33.1.1 access-list 1 permit 137.33.3.3 access-list 1 permit 137.33.4.4 dialer-list 1 protocol ip permit route-map loopback permit 10 match interface Loopback0 ! route-map pol1 permit 10 match ip route-source 1 set interface Serial1 ! route-map pol1 permit 20 r5#sir Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set I202.6.6.0/24 [100/2656] via 134.1.56.6, 00:00:03, Serial1 137.33.0.0/24 is subnetted, 1 subnets C 137.33.5.0 is directly connected, Loopback0 I202.2.2.0/24 [100/2656] via 134.1.56.6, 00:00:03, Serial1 134.1.0.0/24 is subnetted, 1 subnets C 134.1.56.0 is directly connected, Serial1 hostname r6 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger no ip domain-lookup ! cns event-service server ! ! ! dlsw local-peer peer-id 134.1.6.6 dlsw remote-peer 0 frame-relay interface Serial0 604 pass-thru ! ! interface Loopback0 ip address 137.33.6.6 255.255.255.0 ! interface Loopback1 ip address 202.6.6.6 255.255.255.0 ! interface Loopback2 description ATM Emulation interface ip address 202.2.2.2 255.255.255.0 ! interface Ethernet0 ip address 150.100.6.6 255.255.255.0 ! interface Serial0 ip address 134.1.34.6 255.255.255.0 encapsulation frame-relay ip ospf message-digest-key 1 md5 hackme ip ospf network point-to-multipoint shutdown no fair-queue clockrate 64000 frame-relay map dlsw 604 broadcast frame-relay map ip 134.1.34.3 604 broadcast frame-relay map ip 134.1.34.4 604 broadcast no frame-relay inverse-arp ! interface Serial1 ip address 134.1.26.6 255.255.255.0 ip policy route-map pol1 shutdown clockrate 64000 ! interface Serial2 ip address 134.1.56.6 255.255.255.0 ! interface Serial3 no ip address shutdown ! interface BRI0 no ip address shutdown ! router eigrp 100 redistribute igrp 10 metric 1000 100 255 1 1500 network 134.1.26.0 0.0.0.255 no auto-summary no eigrp log-neighbor-changes ! router ospf 1 log-adjacency-changes area 1 authentication message-digest passive-interface Loopback0 passive-interface Loopback1 passive-interface Loopback2 passive-interface Serial1 passive-interface Serial2 network 134.1.34.0 0.0.0.255 area 1 network 150.100.6.0 0.0.0.255
RE: ip route statement [7:43001]
The Null interface is typically used for preventing routing loops. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Stanfast Preye [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 01, 2002 2:34 PM To: [EMAIL PROTECTED] Subject: ip route statement [7:43001] Dear Group, Why is it necessary to configure all routers in a network with ip route xxx.xxx.xxx.xxx null 0 statement before implementing migrating to a new IP address scheme and DHCP service in the network. Somebody please help Regards, Preye. - Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43026t=43001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Alternatives to Cisco VPN client [7:42604]
Have you tried the IPSec that is built into windows 2000? Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Craig Columbus [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 1:37 AM To: [EMAIL PROTECTED] Subject: Re: Alternatives to Cisco VPN client [7:42604] I certainly appreciate the security risks. However, there are some circumstances where the risks are reduced (notice I'm not saying eliminated) by circumstance. For example, many clients are behind hardware firewalls that allow only designated inbound traffic (forget about tunneling at the firewall for the moment). Additionally, the clients are kept strictly updated with antivirus/trojan detection software. Also, the VPN client itself could be combined with a local personal firewall function, much like the Cisco VPN 3.5 client tries to do with it's stateful inspection feature. I don't see much security difference between a properly configured client allowing this connection and a router-router peer VPN setup that tunnels based on destination address. Of course the routers have access lists controlling tunnel access, but clients could have effectively the same control with proper software installed. I'm not necessarily debating whether this *should* be done. It's really up to the individual admin to determine. In some cases the security risk is too great, in other situations, it's perfectly acceptable. I just want to see the functionality available. At 08:35 PM 4/25/2002 -0400, you wrote: On Sep 15, 1:00pm, Craig Columbus wrote: } } I've got a major complaint with the Cisco VPN client. It's not smart } enough to differentiate local traffic/Internet traffic from VPN } traffic. Therefore, you can't browse the Internet and your VPN network at } the same time. It is. However, the server gets to decide if it will. Doing so, is opening yourself to a great big security hole. Most desktops aren't properly locked down. If a desktop is allowed to use a VPN tunnel and the general internet at the same time, then you are opening the protected network to being hacked by somebody hopping through the desktop. Do you really want to do this? } I've done some preliminary searches for third-party clients, but don't want } to waste time trying 50 clients that may not be any good. I've found some } for Mac OS X that'll do what I want, but I haven't found one for Win } 9x/ME/NT/2K/XP. Win 2K/XP come with IPSec built-in and don't really need a client. Max OSX may have it built-in as well. }-- End of excerpt from Craig Columbus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42646t=42604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Alternatives to Cisco VPN client [7:42604]
To elaborate more from my first posting. I believe companies like Nortel with their later releases in OS have incorporated the ability to use Windows IPsec. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Craig Columbus [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 1:37 AM To: [EMAIL PROTECTED] Subject: Re: Alternatives to Cisco VPN client [7:42604] I certainly appreciate the security risks. However, there are some circumstances where the risks are reduced (notice I'm not saying eliminated) by circumstance. For example, many clients are behind hardware firewalls that allow only designated inbound traffic (forget about tunneling at the firewall for the moment). Additionally, the clients are kept strictly updated with antivirus/trojan detection software. Also, the VPN client itself could be combined with a local personal firewall function, much like the Cisco VPN 3.5 client tries to do with it's stateful inspection feature. I don't see much security difference between a properly configured client allowing this connection and a router-router peer VPN setup that tunnels based on destination address. Of course the routers have access lists controlling tunnel access, but clients could have effectively the same control with proper software installed. I'm not necessarily debating whether this *should* be done. It's really up to the individual admin to determine. In some cases the security risk is too great, in other situations, it's perfectly acceptable. I just want to see the functionality available. At 08:35 PM 4/25/2002 -0400, you wrote: On Sep 15, 1:00pm, Craig Columbus wrote: } } I've got a major complaint with the Cisco VPN client. It's not smart } enough to differentiate local traffic/Internet traffic from VPN } traffic. Therefore, you can't browse the Internet and your VPN network at } the same time. It is. However, the server gets to decide if it will. Doing so, is opening yourself to a great big security hole. Most desktops aren't properly locked down. If a desktop is allowed to use a VPN tunnel and the general internet at the same time, then you are opening the protected network to being hacked by somebody hopping through the desktop. Do you really want to do this? } I've done some preliminary searches for third-party clients, but don't want } to waste time trying 50 clients that may not be any good. I've found some } for Mac OS X that'll do what I want, but I haven't found one for Win } 9x/ME/NT/2K/XP. Win 2K/XP come with IPSec built-in and don't really need a client. Max OSX may have it built-in as well. }-- End of excerpt from Craig Columbus Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42647t=42604 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Why does IOS only allow ICMP granularity on destination [7:42598]
access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any echo Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Anthony Pace [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 4:38 PM To: [EMAIL PROTECTED] Subject: Why does IOS only allow ICMP granularity on destination in an [7:42590] for instance : access-list 101 permit icmp any host 207.122.1.5 echo access-list 101 permit icmp host 207.122.2.3 any echo-reply but not access-list 101 permit icmp any echo-reply any Anthony Pace Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42598t=42598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Added HSRP can't surf or Resolve DNS [7:42592]
What did you set the default gateway for hosts on vlan2? Are you having issues from both vlans or just vlan2? Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Joel Panetta [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 4:43 PM To: [EMAIL PROTECTED] Subject: Added HSRP can't surf or Resolve DNS [7:42592] When adding hsrp does my default gateway become what is now my virtual gateway? Since implenting it in my test environment I can not resovle DNS and surf. I am using 1 cat 6509 each with an MFSC here is a sample of my test conf MFSC #1 interface Vlan1 ip address 10.8.1.2 255.255.255.0 no ip redirects no ip directed-broadcast standby 1 priority 110 stnadby 1 preempt standby 1 ip 10.8.1.1 ! interface Vlan2 ip address 10.8.2.2 255.255.255.0 no ip redirects no ip directed-broadcast standby 2 priority 110 standby 2 preempt standby 2 ip 10.8.2.1 MFSC #2 interface Vlan1 ip address 10.8.1.3 255.255.255.0 no ip redirects no ip directed-broadcast standby 1 priority 109 stnadby 1 preempt standby 1 ip 10.8.1.1 ! interface Vlan2 ip address 10.8.2.3 255.255.255.0 no ip redirects no ip directed-broadcast standby 2 priority 109 standby 2 preempt standby 2 ip 10.8.2.1 The IP for the 6509 is 10.8.1.4/24 I have set everything up with a default gateway of 10.8.1.1/24 Thanks all Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=42602t=42592 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router to Router VPNs- Longish [7:42245]
In your crypto map you need to call an access-list. In your ACL specify what traffic you want to encrypt. crypto map myvpn 10 ipsec-isakmp match address myvpn ip access-list extended myvpn permit ip 10.1.0.0 0.0.255.255 10.11.0.0 0.0.255.255 Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Mark Odette II [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 1:52 PM To: [EMAIL PROTECTED] Subject: Router to Router VPNs- Longish [7:42245] Hey folks, I am in a quandary, and am wondering if someone on the list has done this and figured out a working config. I've been challenged with putting a VPN together between two sites, and it shouldn't be a problem, as it seems to be a straight forward config, and I've used the example off of CCO. The problem is, I can't seem to pass traffic successfully across the VPN. :( Attached is the config for both ends of the network setup. As far as I know, as long as I've met the following criteria, this should work: 1. Both ends have to have a public static address for at least the Router. 2. Either end can have a static NAT for an extra inside host, such as a WWW server. 3. The VPN tunnel should work, no matter what type of outside interface the Crypto map is applied to; if regular private to public net connectivity works using NAT Overload, then End to End Tunnel termination should work so long as the access-lists are done right. This being said, this is what I got from CCO: ASCII Diagram of network scenario LAN(192.168.10.0) -- RouterHQ --(WIC1-ADSL) DSL --Internet-- SL --RouterBranchOffice--LAN (192.168.1.0) RouterHQ is assigned 5 public IPs, one assigned to the Router, 1 assigned to WWW Host via Static NAT RouterBO is assigned on public IP, which is assigned to the Router, with NAT Overload running for the hosts on the private LAN. * The description and ASCII art has been slightly modified from the CCO example only to use a WIC-1ADSL as the Outside interface on the HQ Router, rather than Ethernet Interfaces. Config From CCO: Daphne# service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Daphne ! memory-size iomem 10 ip subnet-zero ip audit notify log ip audit po max-events 100 ! !--- IKE policies: crypto isakmp policy 10 authentication pre-share crypto isakmp key ciscokey address 100.1.1.2 crypto ipsec transform-set to_fred esp-des esp-md5-hmac !--- IPSec policies: crypto map myvpn 10 ipsec-isakmp set peer 100.1.1.2 set transform-set to_fred !--- Include the private-network-to-private-network traffic !--- in the encryption process: match address 101 ! controller T1 0/0 shutdown ! controller T1 0/1 shutdown ! interface Loopback0 ip address 1.1.1.1 255.255.255.0 ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ip Nat inside ip route-cache policy ip policy route-map nonat ! interface Ethernet0/1 ip address 200.1.1.2 255.255.255.0 ip Nat outside crypto map myvpn ! !--- Except the private network from the NAT process: ip Nat inside source list 122 interface Ethernet0/1 overload ip Nat inside source static 10.1.1.3 200.1.1.25 ip classless ip route 0.0.0.0 0.0.0.0 200.1.1.1 !--- Include the private-network-to-private-network traffic !--- in the encryption process: access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 101 deny ip 10.1.1.0 0.0.0.255 any !--- Except the private network from the NAT process: access-list 122 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 access-list 122 deny ip host 10.1.1.3 any access-list 122 permit ip 10.1.1.0 0.0.0.255 any access-list 123 permit ip host 10.1.1.3 172.16.1.0 0.0.0.255 dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit !--- Except the private network from the NAT process: route-map nonat permit 10 match ip address 123 set ip next-hop 1.1.1.2 ! end Fred- Router Configuration Fred# service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname fred ! memory-size iomem 10 ip subnet-zero ! ip audit notify log ip audit PO max-events 100 ! !--- IKE Policies: crypto isakmp policy 10 authentication pre-share crypto isakmp key ciscokey address 200.1.1.2 !--- IPSec Policies: crypto ipsec transform-set to_fred ESP-Des esp-md5-hmac ! crypto map myvpn 10 ipsec-isakmp set peer 200.1.1.2 set transform-set to_fred !--- Include the private-network-to-private-network traffic !--- in the encryption process: match address 101 ! controller T1 1/0 shutdown ! controller T1 1/1 shutdown ! interface Ethernet0/0 ip address 172.16.1.1 255.255.255.0 ip Nat inside ! interface Ethernet0/1 ip address 100.1.1.2 255.255.255.0 ip Nat outside crypto map myvpn ! !--- Except the private network from the NAT process: ip Nat inside source list 175 pool interface Ethernet0/1 overload ip classless ip
RE: MBA or CCIE [7:41809]
I was considering both options I have a MIS degree from The Ohio State University. After getting my CCNP and working for a large ISP and seeing a co-worker pass the lab and get nothing but a pat on the back from our company; I made the decision to enroll in an MBA program this fall. After carefully reviewing my options, I did not want to put myself in such a nich market. I think you need to ask yourself where can you go with a CCIE? ISP, Consult, work for yourself. I know there are other companies that would hire a CCIE but you probably would not be utalized to your full potential. Also, a MBA does not expire and if you ever want to be a CTO or CIO most likely you are going to need the education. I have debated this same topic with my friends and co-workers and there is no easy answer. I think it is personal preference but I will say a few things about the CCIE, salaries are coming down due to the fact that there are more CCIE's(some are not the experts they should be). The only reason I say this is once you get your CCIE you should be an expert hence Internetworking Expert. I know people may disagree with some of these statements, but I have seen some CCIE candidates that have issues with basic skills. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Antonio Montana [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 18, 2002 5:07 AM To: [EMAIL PROTECTED] Subject: OT: MBA or CCIE [7:41809] Hi all, Maybe this topic is discussed several times but I still can't decide wether to go for the CCIE or to go back to a good business school for MBA. I am doing networking for 3 yrs now and can see that it's getting harder to find a good. Have all Cisco cert's except of the lab and some others Microsoft, Novell etc. and a Computer Science degree. The problem is, that here, in europe, some CCIE's are doing jobs like System or Network Administration, which is indeed not well paid at all. It's just like creating some user logins, assigning and administering IP addresses and do some entries or changes on DNS or even Exchange Servers. Ok I understand that, it's better than being unemployed. But is this a CCIE job ?? Really don't think so. I don't know when the telco market is going up again, but I really think about going to school and getting a management education. Jobs for MBA's are still there. Who knows if and when the market will give back the CCIE's the recognition they earn ?!? So, should I stop my track towards the CCIE and go to the dark side ?? What do you think guys ?? cheers tony Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41820t=41809 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router question.. [7:39788]
Set each subnet in a VLAN ex. 172.27.10.X vlan2, 172.27.11.x vlan3, 172.27.12.x vlan4. Then set up a trunking protocol 802.1q or ISL between the router and switch. To do this you create subinterfaces on the router's ethernet for each subnet. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Ricky Chan [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: Router question.. [7:39788] Hi all, My boss just come up and give me a senario question like this. He told me that I owned a company which uses 3 different LANs, for example, 172.27.10.x, 172.27.11.x, 172.27.12.x. But I only have one cisco 2600 series router and 2900 series switch. I can't use the serial ports from the router. Just the two ethernet ports (by default). My question is, is it possible? Please advice. Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39819t=39788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Console Cable [7:39585]
9600 8,N,1 should be the settings on your hyperterminal. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Stephen Neville [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 27, 2002 8:05 AM To: [EMAIL PROTECTED] Subject: Console Cable [7:39585] Hi group Iam having trouble with using a console cable into any of my routers. The problem is when I power on the router, I can see it loading on the screen but when it comes up press return to get started nothing happens when I do press return. I have tried this on all my routers, using hyper terminal and tera term. I have made sure the cable is fitted right. The keyboards return key works on other applications. This has only just started to happen. Any ideas? 2nd Question Iam trying to connect 2 2501 by the aux port and use them as a frame relay switch does any one know the configuration for this? Thanks Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39653t=39585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNA, CCNP Titles [7:39437]
Why do people even care? I thought this group study was to ask technical questions! However, we are debating what goes on an e-mail signature. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: geek [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 3:31 PM To: [EMAIL PROTECTED] Subject: Re: CCNA, CCNP Titles [7:39437] I also agree that it belongs on a resume but listing everything you've accomplished in an email (or NG) sig is a bit much. We should always be proud of our accomplishments but lets try not to get hung up on titles. -Joe- ABC, DEF, GHI, JK, LMNOP, QRST (written), nose picker, butt picker and picker flicker :^) John Faubion wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This is probably a dumb question but when placing your certification in your title block, shouldn't the highest certification be the only one listed? I mean since the CCNA is a requirement to attain your CCNP, you should only list CCNP in your title block, right? The reason I ask is due to the number of people on this list that show CCNA, CCNP in their title. Thanks, John Faubion, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39520t=39437 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CAR bandwidth limitation problem [7:39533]
Make sure you turned on CEF. Also, make sure your access-lists are correct. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Cisco Breaker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:12 AM To: [EMAIL PROTECTED] Subject: CAR bandwidth limitation problem [7:39533] Hi all, I wanted to limit our internet usage so I applied rate-limit command to our internet routers serial interface bu couln't make it work. configuration is below. what I wanted to do is I want to give 96000 bits bandwidth to users who come from the firewall with 192.168.2.5 and I want to give all the others who are coming with ip address 192.168.2.6 only 16000 bits. But it doesnt work, when I look with sh int ser 0 rate-limit, all I see is nothing conformed. I applied it as input because download is important for us not upload. Any help will be appreciated? I am tired of trying so many things so I thought maybe someone can help. Best regards, Cisco Breaker, CCNP,CCDP Router#sh run Building configuration... Current configuration : 1959 bytes ! interface Ethernet0 ip address 192.168.1.3 255.255.255.0 interface Serial0 ip address 192.168.2.2 255.255.255.252 rate-limit input access-group 5 96000 8000 16000 conform-action transmit exceed-action drop rate-limit input access-group 110 16000 1500 2000 conform-action transmit exceed-action drop ! interface Serial1 no ip address ! no ip classless ip route 0.0.0.0 0.0.0.0 192.168.2.1 no ip http server ! no logging trap access-list 5 permit 192.168.2.5 log access-list 110 permit ip host 192.168.2.6 any log Router#sh int ser 0 rat Serial0 Input matches: access-group 5 params: 96000 bps, 8000 limit, 16000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 1213151652ms ago, current burst: 0 bytes last cleared 00:24:18 ago, conformed 0 bps, exceeded 0 bps matches: access-group 110 params: 16000 bps, 1500 limit, 2000 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop last packet: 1213151692ms ago, current burst: 0 bytes last cleared 00:23:58 ago, conformed 0 bps, exceeded 0 bps Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39555t=39533 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:39172]
I took much harder exams in college. The Ohio State University (College of Business). Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: RE: CCNP exams [7:39172] At 01:39 PM 3/22/02, Lomker, Michael wrote: something? If simulations and a new format are scaring you that bad you shouldn't even be taking the exams I understand what you are saying, but your comments are simplistic. There are a lot of people out there with considerable experience and skill that are not good test takers (a good friend of mine is one of them). People that are not native English speakers can also have problems with these exams. It doesn't matter. The Cisco IOS CLI isn't English! ;-) Seriously, the majority of Cisco software engineers aren't native English speakers either. Priscilla Many of the certification exams test your ability to memorize command syntax (that in real life you'd use the ? for), have trick questions, or flat out have poor wording. To think that these exams are an accurate reflection of ability is tough to believe. Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39224t=39172 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP Issue... [7:38877]
When you use the ebgp-multihop command make sure you specify the number of hops your neighbor is. neighbor a.b.c.d ebgp-multihop 2 Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 9:27 PM To: [EMAIL PROTECTED] Subject: RE: BGP Issue... [7:38877] No need at all. Make a neighbor statement with the remote-as then add another neighbor statement like this: Neighbor a.b.c.d ebgp-multihop http://www.cisco.com/warp/public/459/13.html#A5.0 Thanks Larry -Original Message- From: Stanzin Takpa [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 6:55 PM To: [EMAIL PROTECTED] Subject: BGP Issue... [7:38877] Is it required in eBGP that the two routers should be directly connected (physically) or can be logically connected directly. Stanzin Takpa Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38920t=38877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSEC UDP [7:38782]
I PIX 515 can terminate 2,000 IPsec tunnels. Read Cisco Secure PIX Firewalls by CISCO Press. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 9:12 AM To: [EMAIL PROTECTED] Subject: IPSEC UDP [7:38782] I want to create an IPSEC UDP from one Lan to another via the internet. Going across both firewall and routers, possibly though NAT. I am trying to find out more information on this. I read that some cheap routers using NAT, you can only have 1 IPSEC UDP session, from 1 client at a time, and that is all. Are there any issues like this with a Pix? Is running IP SEC UPD as simple as opening UDP Port 500, and that's all I have to do? Does the 3DES license on a pix come in to play at all when doing this? How secure is 3DES UDP, I know this is a lot of questions, but I just wondered if someone could suggest a book or site... Thanks in Advance, Brian Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38815t=38782 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IGP's in ISP [7:38614]
ISIS Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 9:07 AM To: [EMAIL PROTECTED] Subject: Re: IGP's in ISP [7:38614] Do you have an IGP? -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com Ladrach, Daniel E. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... On our backbone we use Juniper routers. Also, we do not run OSPF either. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Jeffrey Reed [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 7:22 AM To: [EMAIL PROTECTED] Subject: RE: IGP's in ISP [7:38614] Is it a good assumption that most ISP's, big small run Cisco routers in their core networks? If so, why don't they use EIGRP? I've run into so many Cisco routers guys in corporations who threaten holy wars when you ask them to move to standards-based OSPF. They claim EIGRP runs more efficiently on a Cisco router than OSPF... less memory, less CPU etc. If this is correct, why don't ISPs run that as their interior routing protocol? Jeffrey Reed Classic Networking, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter van Oene Sent: Sunday, March 17, 2002 8:35 PM To: [EMAIL PROTECTED] Subject: Re: IGP's in ISP [7:38614] ISP's typically run one of IS-IS, or OSPF as their IGP's and manage only link and loopback address space within it. IBGP is always fully meshed, although most use tools like Route Reflection and Confederations to avoid the n*(n-1)/2 scaling issues IBGP can present. Synchronization is an antiquated feature that hasn't been turned on in production ISP's for years. Most new routing implementations do not even include the functionality in their BGP code. An overall design theory is to keep the IGP as small and efficient as possible to as to maximize convergence, and to keep everything else in BGP where rich tools like community based policy can be leveraged fully. pete At 05:52 PM 3/17/2002 -0500, Steven A. Ridder wrote: Hey guys and gals, I have never worked in an ISP, so I have no idea how they run. I'm just curious, do they run an IGP in addition to IBGP and is it fully synchronized? I'm just curious to see how it's done in the real world. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38652t=38614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Who is Priscilla Oppenheimer ? [7:38662]
She wrote Top Down Network Design Cisco Press. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: dk [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 10:51 AM To: [EMAIL PROTECTED] Subject: Who is Priscilla Oppenheimer ? [7:38662] Who is this mystery woman .. who seems to know everything ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38687t=38662 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Stacking 3548s [7:38208]
Cisco Switch Clustering Breakthrough Cisco Switch Clustering technology enables up to 16 interconnected Catalyst 3500 XL, Catalyst 2900 XL, and Catalyst 1900 switches, regardless of geographic proximity, to form a single IP management domain. Cisco Switch Clustering supports a broad range of standards-based connectivity options and configurations to deliver levels of performance that are scalable to meet customer requirements. Switch Cluster connectivity options for the Catalyst 3500 Series XL include Ethernet, Fast Ethernet, Fast EtherChannel, low-cost Cisco GigaStack GBIC, Gigabit Ethernet, and Gigabit EtherChannel connectivity. Because the technology is not limited by proprietary stacking modules or stacking cables, Cisco Switch Clustering expands the traditional stacking domain beyond a single wiring closet and lets users mix and match interconnections to meet specific management, performance, and cost requirements. Catalyst 3500 XL switches can be configured either as command or member switches in a Cisco switch stack or cluster. The command switch serves as the single IP address management point and disburses all management instructions dictated by the network administrator. Command switches can cluster up to 15 additional interconnected member switches regardless of interconnection media. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Thomas [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 2:59 AM To: [EMAIL PROTECTED] Subject: Stacking 3548s [7:38208] What's the maximum number of Catalyst 3548s can I stack them together? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38221t=38208 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP exams [7:38097]
The CCNA is a joke. If a employer is requiring a CCNA or CCNP I would hope that they would do a little research and understand what goes into getting these certifications. Also, you need the CCNA to get your CCNP so I don't see how the CCNA would be more attractive. I am not sure why Cisco has changed the CCNP track again, maybe too many people are passing the exams. However, I passed all the exams in just under 6 months and I thought that self study and the books were plenty to get throught the exams. Also, the 500 or 600 dollars you spend is for advancement and marketability in our industry. I feel the most qualified candidate for a job will have On The Job Experience along with an education and certifications. Remember this is your career. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 13, 2002 9:56 AM To: [EMAIL PROTECTED] Subject: CCNP exams [7:38097] My comment is with the CCNP exams. When I started it was the 500 series, which was not long ago, now its changing to the 600 series. For some people it takes a while to pass a CCNP exam, so I have not had enough time to get a lot done in the 500 series, let alone switch to 600. I know the 600 is not out yet, but still. Also here is a question, why would someone want to take the last exam in the CCNP series, because when you take the last exam, your 2 year timer starts ticking. Where is the motivation there? I think I am just going to work on the course material, and not take the rest of the exams, $125 a pop is a lot, and you're right there are so many exams. So for CCNP it would cost me $500. Then if I wanted to do the security, another 400-500$, that saying if I passed everything on the 1st go. Then the books and courseware. Then re-certification, this is an expensive proposition. And I don't see a significant salary increase for CCNP certification. Like a regular experienced Network engineer with MCSE/CCNA makes say like 60-85K. Well that is the same range as a CCNP would make. I donno, the way some of these help wanted ads are written, you would think that CCNA is better then CCNP. I always see like CCNA highly desired. I am already scheduled for 503, so there is nothing I can do about that. But I ask myself this question. What is the difference between me going to a testing center, paying 125$ for each of these exams vs. me going in my bedroom, sitting down with a Boston or transcender to test my knowledge. I think I might do just that. Besides, everyone says it is more important to know the material, and then have some paper. I am not knocking the CCNP, it's a great program. But right now I can afford these ongoing cost, and the ongoing cost are not exactly justified. I thought the exams for the CCNP did test my knowledge of the subject fairly. My plan for right now is to learn all the material I would need to be a CCNP, but not take the rest of the exams. If an employer request I have my CCNP, Ill just say gimme $500 and Ill go do that. -Original Message- From: Yahoudi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 13, 2002 2:15 AM To: [EMAIL PROTECTED] Subject: Re: Quality of Cisco exams [7:38063] should anyone be surprised that Cisco too is becoming victim to the certification craze? 1) cert tests for everything under the sun 2) reduction of the CCIE Lab from two days to one 3) obsolete and EOL'd equipment in the Lab 4) lower level tests that have too many filler questions centered around marketing materials 5) poorly worded questions? sometimes I wonder if this is just the excuse of those who don't really know the materials, but since I know your work, Robert, in your case I will accept your judgement on this It would be impossible for Cisco to test for everything out there - old and new. The question becomes this: is any certification forward looking or backwards looking? Face it, the whole reason for certification is for companies to go to the marketplace and show potential buyers that if they buy a particular company's products, there are plenty of people around who can work on it. This goes for any technology - from Microsoft to Linux to Cisco to anyone. Certification is nothing more than a marketing tool, and one more means to help companies sell. If certification is too easy, then sure, there is some marketplace backlash, but if certification is too hard, requires too much expertise, too much experience, then that has negative effects as well. One would hope that being a beta test, Cisco would throw out a lot of the bad questions just because their analysis shows them as bad questions. But you never can tell. I sometimes suspect that Cisco deliberately keeps a certain percentage of bad questions in their exams just so that you have to be smarter than the average bear to pass, because you have to do so much better with the remainder. Does that make sense? Robert Padjen wrote in message [EMAIL PROTECTED]">news:[EMAIL
RE: T1 Vs ISDN PR [7:37983]
You would have to get a different CSU for your router. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 3:29 PM To: [EMAIL PROTECTED] Subject: RE: T1 Vs ISDN PR [7:37983] OK this answered my question. If my only choice is a T1 PRI, then I don't have to worry about things not working. Like my router and firewall, I was just thinking it was something out of the ordinary. I need just a regular T1 for internet access, and wasn't sure what PRI was. And if a CAS only does voice, that would not work for what I am doing. I was thinking that if it was a T1 PRI I would need some special cards on the router or something. -Original Message- From: Chris Charlebois [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 2:43 PM To: [EMAIL PROTECTED] Subject: RE: T1 Vs ISDN PR [7:37983] T-1 is the layer 1 standard. ISDN PRI uses T-1 for layer 1 connectivity. Therefore, whenever you say ISDN PRI, you are referring to T-1. However, not all T-1's are ISDN PRI. The other T-1 is referred to as CAS, channel associated signaling and, as far as I know, is only used for voice. It allows 24 channels of sampled voice. ISDN PRI (aka common channel signaling) is a digital standard and supports 23 64k B channels (that can carry voice or data) and 1 64k D channel that carries control information. Voice over ISDN PRI has the advantage of a dedicated control channel for troubleshooting and additional call information from the telephone provider. However, it has 1 less channel. So if you are ordering a data T-1, your only choice is ISDN PRI. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38017t=37983 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISL or 802.1q? [7:37859]
ISL is Cisco proprietary and uses an encapsulation around the frame and does not modify the Ethernet frame. 802.1Q is IEEE standard and uses frame tagging and it modifies the Ethernet frame. ISL also allows you to violate the Ethernet MTU size because it encapsulates the frame and does not alter the frame. I hope this helps! Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED]] Sent: Monday, March 11, 2002 9:59 AM To: [EMAIL PROTECTED] Subject: ISL or 802.1q? [7:37859] Repost. First one didn't make it. -Original Message- From: Kaminski, Shawn G Sent: Friday, March 08, 2002 2:54 PM To: 'Groupstudy' Subject: ISL or 802.1q? After a search of the archives and reading the posts, I realize this has been discussed before. I also searched CCO. However, there didn't seem to be a clear answer on what I was looking for. We have two Distribution Cisco 6509 switches trunked together and there is an argument as to whether we should use ISL or 802.1q on this trunk. Our network is all Cisco. Some people are saying 802.1q on everything because Cisco is leaning towards this direction anyway. Some say ISL should be used between the Distribution switches and 802.1q between Distribution and Access switches. I don't know why because I couldn't find anything on this. Some of the people here keep saying that ISL has more features than 802.1q. Could some of you please give your opinions about what you would use (ISL or 802.1q) in this situation? Thanks, Shawn G. Kaminski EDS Network Engineering - DowNET Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37869t=37859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can i choose which firewall to use for internet? [7:36920]
Create a static route statement next hop to the appropriate firewall. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: beth [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 10:02 PM To: [EMAIL PROTECTED] Subject: Can i choose which firewall to use for internet? [7:36920] Is there anyway to configure a cisco router to use a particular firewall for its internet connection? for instance i want router A to use xxx.xxx.xxx.100 and router B to use firewall xxx.xxx.xxx.200 ANY replies would be appreciated. (any with examples would be GREATLY appreciated! :) ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36952t=36920 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem of upgrading IOS for a router at remote site [7:36961]
If you have a CCO account you can FTP it from cisco's web site. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 8:13 AM To: [EMAIL PROTECTED] Subject: Problem of upgrading IOS for a router at remote site [7:36954] Hi group, I run into a big problem when upgradeing IOS for a router at remote site. I used copy tftp: flash: command on a Cisco 2620 router via telnet. It first erased the existing IOS from the flash and then start to copy the image from my tftp server, which is also running on my laptop. But the router will close the telnet session after certain period of idle time, and surprisingly close the tftp session as well. It ends up that the router's flash memory has no valid IOS stored! There is no technical staff on that remote site, and it is more than a thousand KMs away so I couldn't use a console cable to directly attach to it. I repeated the above several times, watched those ! going on until the telnet session closed, and have to pray that there is no power surge happened to that router before I find a solution! Anyone faced this problem before? Please help! Tony -- __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36961t=36961 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP Question [7:36770]
The Null interface is typically used for preventing routing loops. EIGRP, for instance, always creates a route to a Null interface when it summarizes a group of routes. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Hunt Lee [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 12:20 AM To: [EMAIL PROTECTED] Subject: EIGRP Question [7:36770] Hi all, I have an EIGRP question. It would be greatly appreciated if someone can shed some light on this. I found the following Routing Table from TCP / IP Vol1 by Jeff Doyle. But I don't understand why a summary route would be pointing to Null0? Jeff explains it as this route helps to prevent potential black holes when default and summary routes are used... which confuses me even more :( Show ip route D192.168.16.0/24 [90/3219456] via 172.20.15.5, 00:41:41, Serial 0 C192.168.17.0/24 is directly connected, Ethernet 0 C192.168.18.0/24 is variably subnetted, 2 subnets, 2 masks D EX 172.25.0.0/16 [170/2221056] via 172.20.15.5, 00:41:48, Serial 0 172.20.0.0/16 is variably subnetted, 2 subnets, 2 masks D172.20.10.0/24 [90/2195456] via 172.20.15.5, 00:41:48, Serial 0 C172.20.15.4/30 is directly connected, Serial 0 D172.20.15.0/30 [90/2681856] via 172.20.15.5, 00:41:48, Serial 0 D172.20.0.0/16 is a summary, 00:00:09, Null0 Please help... Best Regards, Hunt Lee Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36792t=36770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF Network Type (In)Compatabilities [7:36781]
No matter what type of network you chose for a subnet, all OSPF routers attached to it must agree on its type. They will refuse to operate at all on that subnet. Also, the router will respond with warning messages about mis-matching network types. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Richard Botham [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 11:06 AM To: [EMAIL PROTECTED] Subject: Re: OSPF Network Type (In)Compatabilities [7:36781] Tim, I have also been looking into this. As far as I know this is definate -you cannot have a the following: Hub - ip ospf network point-to-multipoint and spokes - ip ospf network broadcast ( Or the other way around ) due to a mismatch in the hello packets ala 3d00h: OSPF: Rcv hello from 192.168.1.1 area 1 from Serial0/0 10.128.10.8 3d00h: OSPF: Mismatched hello parameters from 10.128.10.8 3d00h: Dead R 120 C 40, Hello R 30 C 10 Mask R 255.255.255.0 C 255.255.255.0 3d00h: OSPF: Rcv hello from 192.168.1.1 area 1 from Serial0/0 10.128.10.8 3d00h: OSPF: Mismatched hello parameters from 10.128.10.8 Also remember that: ip ospf network broadcast gives subnet routes and DR/BDR ala r2#sh ip os ne r2#sh ip os neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 1 FULL/DR 00:00:3310.128.10.8 Serial0/0 r2#sh ip route r2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 1 subnets C 10.128.10.0 is directly connected, Serial0/0 -- Note subnet r2# ip ospf network point-to-multipoint gives host routes ,neighbours and no DR/BDR ala r2#sh ip os ne r2#sh ip os neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.1.1 1 FULL/ -00:01:4210.128.10.8 Serial0/0 r2#sh ip route r2#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C 10.128.10.0/24 is directly connected, Serial0/0 O 10.128.10.3/32 [110/128] via 10.128.10.8, 00:01:09, Serial0/0 O 10.128.10.8/32 [110/64] via 10.128.10.8, 00:01:09, Serial0/0 ^ Note host routes | Hope this helps Rich Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36816t=36781 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP !! CCIE 2B or NOT? [7:36542]
I was considering the same thing! I have my CCNP and I was considering the CCIE. However, I have decided to go for my MBA, I start in the Fall. There are a lot of Cisco people out there, but there won't be a lot of Cisco and MBA (as an added bonus the MBA never expires). I will however, probably pursue added Cisco certifications as I am doing my MBA. Think of it this way. What happens if these certifications turn into the MCSE? Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Jerry P. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: HELP !! CCIE 2B or NOT? [7:36542] Hi all: I have a dilemma that I was wondering if I could ask your opinion on concerning CCIE status. I am a Network Admin for the cisco lab at a university. The racks of equipment in the lab is available to use for any BGP, VLAN or multicast network possible it seems like. But I'm at a point in my life where there's a fork in the road; it looks like the CCIE route or MBA route and I am leaning towards the MBA with a lower cert like CCNP. But with all this equipment and abundance of lab time here, would I be foolish not to take advantage of this situation? And suppose I do go for it and hope that I pass the big one, I'm curious what kinds of jobs are out there in this industry for someone like myself with 5 years of experience, 1-2 years of it concentrated in IT? What should I do?? Thanks. Jerry CCNA CCDA MCSA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36623t=36542 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TWO ISP AND ONE FAILURE [7:36371]
Run HSRP between the two cisco routers and then point your default gateway to the VIP address. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: TWO ISP AND ONE FAILURE [7:36371] Hello i have a frecuent porblem with one of my isp, i have two cisco routers and each one to different isp. Frequentily i have to change the gateway of one of my servers, because one isp is failure. I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i could do the change automatically to the other active isp. It happening me right now. And when i have to do that i have to reset one of my servers.. :S. Is a costs operatrion its a mail server. So if somebody knows how to resolve between routers with different isp each one, how to route accross the other good gateway. Thnx in advance Yassl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36389t=36371 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TWO ISP AND ONE FAILURE [7:36371]
Come on Track the Serial interface! Basic HSRP! Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Hire, Ejay [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 1:20 PM To: 'Ladrach, Daniel E.'; [EMAIL PROTECTED] Subject: RE: TWO ISP AND ONE FAILURE [7:36371] Come on guys, Think about it for a minute. Do you really think the router is failing, or is his downtime caused by the wan link? HSRP won't significantly increase your uptime if the wan link is failing and he has to manually change his server's IP/default gateway to switch to the other link. A diferent way to think of it... If you had a car with no brakes and a broken tail-light, which would you fix first? -Ejay -Original Message- From: Ladrach, Daniel E. [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 11:48 AM To: [EMAIL PROTECTED] Subject: RE: TWO ISP AND ONE FAILURE [7:36371] Run HSRP between the two cisco routers and then point your default gateway to the VIP address. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: TWO ISP AND ONE FAILURE [7:36371] Hello i have a frecuent porblem with one of my isp, i have two cisco routers and each one to different isp. Frequentily i have to change the gateway of one of my servers, because one isp is failure. I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i could do the change automatically to the other active isp. It happening me right now. And when i have to do that i have to reset one of my servers.. :S. Is a costs operatrion its a mail server. So if somebody knows how to resolve between routers with different isp each one, how to route accross the other good gateway. Thnx in advance Yassl Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36422t=36371 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SNMP Vulnerabilities [7:35954]
They key is to have a community string that is aplha-numeric, or hard to crack. Also, I would recommend writing an access-list for an individual host or hosts for the SNMP. Daniel Ladrach CCNA, CCNP WorldCom -Original Message- From: Wes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 10:49 AM To: [EMAIL PROTECTED] Subject: RE: SNMP Vulnerabilities [7:35954] Author: Kevin Pan () Date: 02-20-02 09:56 Has anyone heard about the captioned problem on Cisco devices? Please comment. Rgds, Kevin Yes, many Cisco devices affected. However, it looks like you can only cause the device to reset. Software fixes being published now. http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-pub.shtml I'm not sure how critical a vulnerability it is, but regardless, check out the security advisory and adjust your security stance accordingly. --Wes Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35982t=35954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE starting pay [7:33899]
I agree! There is no substitute for experience! Daniel Ladrach CCNA, CCNP WorldCom Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33925t=33899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
