RE: hacking challenge [7:66720]
Easy, show them RFC 3514 and let them know you would need a firewall to block the Evil bit...cash, check or charge? -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 11:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetwinc/104-99 01005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard on the access ports? Larry Letterman Network Engineer Cisco Systems - Original Message - From: Thomas N. To: [EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 8:14 PM Subject: VLAN loop problem [7:66656] Hi All, I got a problem in the production campus LAN here between VLANs. Please help me out! Below is the scenario: We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets. Routing is enable/allowed between the two subnets using MSFC of the 6500. Each subnet has a DHCP server to assign IP address to devices on its subnet. Spanning-tree is enable; however, portfast is turned on on all non-trunking/uplink ports. Recently, devices on VLAN 10 got assigned an IP address of 10.20.x.x , which is from the DHCP on the other scope and also from 10.10.x.x scope, and vice versa. It seems that we a loop somewhere between the 2 subnets but we don't know where. I noticed lots of end users have a little unmanged hub/switch hang off the network jacks in their cubicals and potentially cause loop. Is there any way that we can block the loop on the Cisco switches without visiting cubicals taking those little umanaged hubs/switches? Thanks! Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66770t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Getting out of hand?? [7:65676]
How is the industry supposed to keep up with this?? Cisco also announced today highly prestigious certification support across the entire PIX Family of security appliances. Certifications earned include the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and both ICSA Labs firewall and IPSec certifications. These certifications provide customers with independent and objective validation that a company's product meets certain levels of quality and reliability, and are among the industry's most respected and stringent criteria for certification. Providing customers broad certification support across the Cisco PIX family within a common operating system increases operational efficiencies and lowers support and management costs. Duncan Maccubbin US Network Support, Cable and Wireless CCNA, CCNP, CSS1, MCSE4 Work (703)287-6975 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65676t=65676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lost area on CCO [7:62511]
I used to be able to order ROMS and Documentation under entitlement from the old CCO page. I can't seem to find it anymore. Can anyone point me to it on the new page? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62511t=62511 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62110t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You are correct. Very nice feature eh? -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] I see, so if I want to debug for certain tcp protocols can I use extended access-lists? Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Just make a permit ACL for that host and the debug will only report on that one host. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: debug commands [7:62107] If I want to see all IP traffic from host 10.10.10.1 on a cisco router, what would the debug command look like? I looked at the help menu and I think its debug ip packet but then the options are: Access list Access list (expanded range) Do I have to create an access-list for the hosts I want to monitor? I'm used to using tcpdump and snoop so the debug commands are awkward for me. Its a production router so I know I can crash it if I'm not careful with this. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62114t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: debug commands [7:62107]
You really don't get an idea of how fantastic Cisco until you work with other products. We have several Enterasys routers here and they are very limited in what they can do as compared to IOS. I have used the debug packet acl command and it really makes life easier. -Original Message- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 29, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: Re: debug commands [7:62107] nice, not as nice as tcpdump, but nice ;-) Maccubbin, Duncan wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You are correct. Very nice feature eh? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62120t=62107 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to stop SYN Flood with Pix firewall? [7:61891]
If it wasn't for those Crappy Windows machines, we would have jobs. -Original Message- From: d tran [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 9:18 PM To: [EMAIL PROTECTED] Subject: Re: How to stop SYN Flood with Pix firewall? [7:61891] I am not sure how many Packets/Sec hping2 generate but I don't think 100BaseT was saturated because the whole thing is connected to a Cisco 2924-XL Enterprise switch (running 12.05(T)) IOS. Furthermore, while machines on 172.16.1.0/24 network have problem connecting to the linux web server via NATed address 172.16.1.71, they have NO problems surfing the Internet or any other network. In fact, I am writing you this email as my other two linux servers are sending SYN flood to the web server and the CPU on the Pix firewall is at 99%. You wouldn't have to fight the udp 1434 problem had you decided to scrap the shitty MS SQL server, running on crappy Windows machine and replace it MySQL (freeware) or real commercial database products like Oracle, running on Linux platform. Enjoy fighting udp1434. LOL DT Przemyslaw Karwasiecki wrote:How many packet per second hping2 generates? If it saturates 100BaseT, maybe you had just reached performance limit of PIX520? I am not trying to say that PIX will not handle traffic in proximity of 150,000-200,000 pps. I simply don't know that. But, if it needs to analyze 150,000 SYN packets per second, I can easily imagine that it will crawl. BTW -- very interesting experiment. Przemek (fighting with udp 1434 now) On Sat, 2003-01-25 at 16:40, d tran wrote: Guys, I have the following scenario: I have a pix 520 firewall (750MHz with 512MB of RAM) in the lab. The inside interface is 10.100.0.254/24 and the outside interface is 172.16.1.253/24. I have a linux server residing on the inside network with IP 10.100.0.71 running Apache Server and it is NATed to the outside with IP 172.16.1.71. I would like to make this web server availabe to outside world. My pix configuration looks like this: static (inside,outside) 172.16.1.71 10.100.0.71 access-list 100 permit tcp any host 172.16.1.71 eq 80 access-list 100 deny ip any any access-group 100 in interface outside floodguard enable Now on the outside network I have two linux servers, (172.16.1.67 and 172.16.1.7), running hping2 program that is capable of generating a lot of SYN connection to address 172.16.1.71. Now, when I run the hping2 program, I am seeing the cpu utilization on the firewall reaching 99% like this: pix1(config)# sh cpu usage CPU utilization for 5 seconds = 99%; 1 minute: 98%; 5 minutes: 98% However, the connection is less than 200 pix1(config)# sh conn count 125 in use, 7926 most used Other machines on the 172.16.1.0/24 network have problem reaching the webserver, 172.16.1.71, when hping2 is bombarding the webserver with SYN Flood. Fair enough, I decided to modify the access-list 100 to limit both the maximum connections and half-open connections to 500 and 250, respectively, as follows: static (inside,outside) 172.16.1.71 10.100.0.71 255.255.255.255 500 250 and I do clear xlate after that. That didn't help. The cpu utilization is still 99% and machines on the outside network still have problems accessing the website. My question is this. How do I defend against SYN flood like this? From what I've heard, Cisco Pix has an improved TCP intercept to defend against SYN attack. Why is it not working in my case? To make the matter worse, the CPU also reaches 99% when hping2 SYN flood port 22 even though the firewall does not allow port 22 to 172.16.1.71. I am testing with both version 6.2(2) and 6.3(0) build 131 on this Pix520 firewall. I would like to know how to defend against not only SYN flood but also from other attacks. It looks to me like Pix is not doing its jobs. Regards, DT - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61944t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BCRAN 640-505 [7:58871]
Having taken the original Remote Access exam and 640-605 with both books, there is a difference. Since I passed the 605 exam with the certification guide it can be done. It seemed to me the certification guide assumes you know remote access and you just want to brush up. It didn't really put a lot of effort into explaining things. I felt the 604 certification guide was much better. I did look at the 604 blue print and saw ATM was not on it so I skipped that chapter in the 604 book and there were no questions on ATM. I looked at the 605 blue print and I did not see the 700 on there and skipped that chapter and it was on the exam...go figure. -Original Message- From: Dion [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 6:34 AM To: [EMAIL PROTECTED] Subject: BCRAN 640-505 [7:58871] Would the CCNP remote Access exam certification guide for 640-505 by Brian Morgan and Craig Dennis be enough to pass the 640-605 exam? The book is kind of short compared to the BCRAN book. Thanks in advance! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58971t=58871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP/DP recertification [7:58564]
Recert is made up of questions from all the exams. -Original Message- From: jeff sicuranza [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 04, 2002 3:09 PM To: [EMAIL PROTECTED] Subject: CCNP/DP recertification [7:58564] Folks, I just received my 6 mos. heads up for my CCNP. My CCNP expires in May of 03 and my DP in June of 03. My second and hopefully last CCIE lab date is on for 7/30 but can be pushed out into September. Are there any re-certification books that specifically cover the recert. exam? Or, is the exam just a rehash of the same stuff with a few newer items in it? Has anyone taken these re-certifications exams yet? Any tips.. Greatly appreciated... With work and the CCIE stuff should I even bother to re-certify??? Regards... /JS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58609t=58564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP/DP recertification [7:58564]
CCIE does renew CCNP. -Original Message- From: Siddiqi Kenan [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 05, 2002 11:29 AM To: [EMAIL PROTECTED] Subject: RE: CCNP/DP recertification [7:58564] Hi there, First of all, the questions for the re-cert exam are from all the 4 exams individual subject matter. Secondly, as far as my knowledge extends, CCNP and CCIE are 2 different tracks. In the sense that getting ur CCIE doesn't renew your CCNP certification. And if it expires, you lose the option of giving only the recertification exam. This information is to the best of my knowledge. I suggest confirm with www.cisco.com and please let us know if anything differs. Good luck with ur lab attempt/exams... Cheers, Kenan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58636t=58564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco routers and MRTG [7:56794]
Note that this is in bytes per second while most network speeds are specified in bits per second. This number specifies 100 megabits per second (100 Mbps) and is divided by 8 to get 12.5 megabytes per second (12.5 MBps). -Original Message- From: Firesox [mailto:sando2;attbi.com] Sent: Monday, November 04, 2002 7:29 AM To: [EMAIL PROTECTED] Subject: Cisco routers and MRTG [7:56794] Folks, I am using MRTG to pull cisco Router's snmp mibs. On ehternet interface the graph shows the max speed of 1250.0K which is only 1.25 meg and on Fastthernet is shows as 12.5 megs. I am wondering why they don't show 10 meg and 100 megs respectively and starting to suspect how accurate MRTG is. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56802t=56794 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router Crash, any ideas? [7:52457]
Cache Error Exception This type of crash occurs when the router detects bad parity. It is either a transient problem, or a hardware failure. Refer to Processor Memory Parity Errors for troubleshooting. http://www.cisco.com/warp/public/122/crashes_pmpe.html -Original Message- From: Mark Hammontree [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 31, 2002 9:51 PM To: [EMAIL PROTECTED] Subject: Router Crash, any ideas? [7:52457] *** Cache Error Exception *** Cache Err Reg = 0xa0200118 data reference, primary cache, data field error , error not on SysAD Bus PC = 0xbfc0edc0, Cause = 0x8800, Status Reg = 0x34408007 Hello all, I have put together a nice lab to help prepare for my CCIE, plus my classroom lab. I have a Cisco 4700 M Router, and when it boots up the above message endlessly scrolls accross the screen. It seems that both of my 4700's are having this problem now. Does anyone have any clue as to what could be the problem? Thanks in advance for any advice. Mark Hammontree RS Lab Date April 2nd 2003 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52480t=52457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router IOS Upgrade bug in 12.1 images [7:52489]
Have you tried BOOT SYSTEM TFTP and then manually deleting the file? I had an old 2501 I had to do that on that had a 10.x image on it. Duncan -Original Message- From: Chuck's Long Road [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 01, 2002 4:01 PM To: [EMAIL PROTECTED] Subject: Router IOS Upgrade bug in 12.1 images [7:52489] I've done this before, and it's not like it's real tough, but. I am trying to upgrade my IOS images. Neither the Router Software Loader, not the good old copy tftp: flash: is working. RSL gives me some odd message the copy function never asks if I want to erase the current image on the flash - it just starts to copy, then stops, with a message that there is not enough rook on the destination device. sample output of my process: Router_7#copy tftp flash: NOTICE Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. Proceed? [confirm] Address or name of remote host []? 192.168.1.49 Source filename []? c2500-js56i-l.121-5.T10.bin Destination filename [c2500-js56i-l.121-5.T10.bin]? %FR-5-DLCICHANGE: Interface Serial0 - DLCI 201 state changed to DELETED %FR-5-DLCICHANGE: Interface Serial0 - DLCI 202 state changed to DELETED %FLH: c2500-js56i-l.121-5.T10.bin from 192.168.1.49 to flash ... System flash directory: File Length Name/status 1 16294768 c2500-jos56i-l.121-11.bin [16294832 bytes used, 482384 available, 16777216 total] Accessing file 'c2500-js56i-l.121-5.T10.bin' on 192.168.1.49... Loading c2500-js56i-l.from 192.168.1.49 (via Ethernet0): ! [OK] %Error: Image size exceeds free space %FLH: Flash download failed F3: 16002988+291748+1049272 at 0x360 As you can see - no asking to erase. I suspect this is a problem with the particular image. I had no problem upgrading a different router with a different image. Unfortunately, just about all my routers have this identical image in place. Anyone seen this? got a fix? CCO searches have not been regarding. TAC won't talk to me even though I work for a major partner. Apparently my management made some procedural changes, and I can't locate anyone internally who can help me out. They apparently have lives :- thanks much -- www.chuckslongroad.info still a work in progress, but on line for your enjoyment z Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52490t=52489 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: AAA Authentication [7:51668]
No problem, this will explain it(watch the wrap): http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu r_c/scprt1/index.htm -Original Message- From: Robert D. Cluett To: [EMAIL PROTECTED] Sent: 8/19/02 4:29 PM Subject: AAA Authentication [7:51668] I am going to install some sort of accounting and privlidge managment on an access server. Essentially I want to restrict certain commands from being used and log the amount of time that a user has used the system. Is there a method or application that will best suit this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51676t=51668 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: scariest IOS image name [7:51251]
How about xp9040.939 ... Enterasys code :) -Original Message- From: Neal Rauhauser [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 2:03 PM To: [EMAIL PROTECTED] Subject: scariest IOS image name [7:51251] Yes, this is a real image that I downloaded for real work - can anyone top it? c1700-bk8no3r2sy7-mz.122-8.T5.bin -- Neal Rauhauser CCNP, CCDP voice: 402-301-9555 mailto:[EMAIL PROTECTED] fcc : k0bsd I've seen the angels wearing their disguise, ordinary people leading ordinary lives - Tracy Chapman Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51252t=51251 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP support 640-606 [7:49837]
Although there aren't supposed to be any stupid questions, this type is very close. There isn't one test. There is a huge pool of questions and everyone's exam is different. The bonehead below that did not read the NDA may have had 4 appletalk and 6 IPX question but the next guy might not get any. You might get 10 drag and drops and 8 BGP questions. I've got an idea, read and understand the whole book and then take the test. Amazingly at that point it won't matter what type of questions they are asking. I know my ideas are radical but give it a shot. Duncan -Original Message- From: crow [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 28, 2002 8:04 AM To: [EMAIL PROTECTED] Subject: Re: CCNP support 640-606 [7:49837] hi sunsil!! i passed the 606 4 weeks ago with 958, no simulations, 4 appletalk and about 6 ipx questions, many troubleshooting scenarions including client connectivity. frame-relay and isdn too. 2 drag and drops. no bgp,eigrp or ospf questions. good luck crow sunil sunilindia schrieb im Newsbeitrag [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, Is this the new version toug, I have no hand's on experence in trouble shooting, I am planning to write this monday CCNP support, how many questions will be on simulation , are they really tough? Thank you Sunil Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49944t=49837 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: access-list for steaming audio [7:49817]
Be careful with this kind of thinking. More and more holes in IM are showing up everyday. If you let IRC on your network then you are asking for trouble. As for streaming audio, have you looked at the % of bandwidth they use? If you have a fairly utilized pipe or (like most companies) are paying for bandwidth then that is a consideration. Just my $0.02. Duncan -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 10:59 AM To: [EMAIL PROTECTED] Subject: Re: access-list for steaming audio [7:49817] I haven't been keeping up with NBAR, but they may have some pdm's to block the streaming audio apps. NBAR was built for stuff like that, but I don't feel there's a need to block this type of stuff. Same with IM. Let the users have some use of their PC and increase productivity. Spencer Plantier wrote in message news:[EMAIL PROTECTED]... Which ports need to be blocked for streaming video and audio. Thanks = Spencer Plantier Internet Solutions Engineer Cell 919-696-8848 __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49880t=49817 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: All this talk about IDS.... [7:46690]
As for #3 all the info you need is at www.snort.org. -Original Message- From: Maximus To: [EMAIL PROTECTED] Sent: 6/15/02 12:16 PM Subject: All this talk about IDS [7:46690] I've decided to take the plunge. 1.Has anyone ever successfully installed Snort on a 2000 box? 2.I downloaded Snort 1.8.6 and WinPcap. Dunno why I pulled down Winpcap, but I did. 3.Either way I'm just a newbie to Snort(IDS) and can't find a down and dirty guide to get started... Any help would be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46698t=46690 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone seen this? [7:45664]
My IDS from time to time pulls this up. I don't know how to track it down easily. Any ideas? IDS ALERT at: 2002-06-03 09:30:06 SIGNATURE: BAD TRAFFIC same SRC/DST HOST: TIP3-90Sub SID: 1 CID: 945479 SRC IP: 4.0.0.3 DST IP: 4.0.0.3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45664t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone seen this? [7:45664]
No, the Whois shows it belonging to BBN planet. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:04 AM To: 'Maccubbin, Duncan'; [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] First question: Is 4.0.0.3 a valid address on your network? -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 9:01 AM To: [EMAIL PROTECTED] Subject: Anyone seen this? [7:45664] My IDS from time to time pulls this up. I don't know how to track it down easily. Any ideas? IDS ALERT at: 2002-06-03 09:30:06 SIGNATURE: BAD TRAFFIC same SRC/DST HOST: TIP3-90Sub SID: 1 CID: 945479 SRC IP: 4.0.0.3 DST IP: 4.0.0.3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45675t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anyone seen this? [7:45664]
Host is just the name of the IDS location. Yes, it would have to generating inside my network and since I don't own that network it is being pushed out to the internet. Once it heads out to the internet the IDS sees it. Sadly, my network is fairly large and flat so I don't have many places I can catch it with an ACL. It is always the same address and it happens in bursts but not at the same times. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 12:05 PM To: [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] I can ping and trace to that address. 1654 ms48 ms48 ms l0.washdc3-cmb1.bbnplanet.net [4.0.0.3] What is the meaning of the Host: in your IDS output? It would seem that the true source of the packet would be within your own network. - Else how would it get there? Again, it would seem to be local to the IDS or from a location that had a default route to the IDS location. Can you set up access-lists on various router ports that would log traffic with those addresses? I'm assuming that it is the same ip address each time. -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 10:12 AM To: [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] No, the Whois shows it belonging to BBN planet. -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 11:04 AM To: 'Maccubbin, Duncan'; [EMAIL PROTECTED] Subject: RE: Anyone seen this? [7:45664] First question: Is 4.0.0.3 a valid address on your network? -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Monday, June 03, 2002 9:01 AM To: [EMAIL PROTECTED] Subject: Anyone seen this? [7:45664] My IDS from time to time pulls this up. I don't know how to track it down easily. Any ideas? IDS ALERT at: 2002-06-03 09:30:06 SIGNATURE: BAD TRAFFIC same SRC/DST HOST: TIP3-90Sub SID: 1 CID: 945479 SRC IP: 4.0.0.3 DST IP: 4.0.0.3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45678t=45664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS and boson [7:45499]
1 -Original Message- From: Shoaib Waqar [mailto:[EMAIL PROTECTED]] Sent: Friday, May 31, 2002 12:50 AM To: [EMAIL PROTECTED] Subject: MCNS and boson [7:45499] Can anybody tell me which boson exam is the best out of 3 test exams available regarding MCNS??? I am gonna purchase any one of the 3 and i m confused, can anybody help? Shoaib __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45512t=45499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 2 Test Tool [7:43484]
Not sure what equipment you are using but starting with CAT OS 6.1: Layer 2 Traceroute The Layer 2 Traceroute utility allows you to identify the physical path that a packet will take when going from a source to a destination. The Layer 2 Traceroute utility determines the path by looking at the forwarding engine tables of the switches in the path. -Original Message- From: Lowell Sharrah [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: Re: Layer 2 Test Tool [7:43484] cisco's CDP but you must have all cisco devices for this to work. Seelinger Bruce 05/07/02 08:40AM Does anyone know of a layer 2 connectivity test tool - something the equivalent of a MAC address based ping tool, (yes - I know that ping uses ICMP at layer 3, but you get the idea). Basically, have a bridged network where we want to perform a simple test to see if certain MAC filters are working appropriately. Need to probe a target node based on it's MAC address and see if it responds. Searched the net pretty extensively but no luck. Any ideas? Thanks in advance for the help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=43504t=43484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Intusion Detection and IT Security [7:40337]
I've learned quite a bit reading various security sites like cert.org, sans.org and securityfocus.com. The Ciscopress book Managing Cisco Network Security isn't bad if you don't mind looking at it as the world according to Cisco. Learning what IDS machines (snort.org, the Dragon website at enterasys...)look for is a good tool as well. You can even download shareware IDS systems to see what they do. You will get the best and fastest training when you have to stop a DDoS attack at 2 am one night though :). Duncan -Original Message- From: [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 03, 2002 11:54 AM To: [EMAIL PROTECTED] Subject: Intusion Detection and IT Security [7:40337] Does anyone have a suggestion on good books for learning about Intrusion Detection and IT Security for a beginner? The books don't necesarily have to be Cisco based, but more on the basics of Intrusion Detection and IT Security concepts and tools used. Thanks in advance _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=40342t=40337 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX commands help [7:39558]
Wouldn't syslog answer all of his issues? -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 1:56 PM To: [EMAIL PROTECTED] Subject: RE: PIX commands help [7:39558] As I can see that the first question has already been answered, so let me answer the next two. show conn This command shows active connections. http server enable http 172.16.1.1 255.255.255.255 These two commands enable the http server and allows only workstation 172.16.1.1 to access it. When running PDM, you're accessing the http server in the PIX, so by restricting the http access, you're automatically restricting the PDM access. HTH, Ole ~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~ http://www.RouterChief.com ~ Need a Job? http://www.OleDrews.com/job ~ -Original Message- From: John Green [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:13 AM To: [EMAIL PROTECTED] Subject: PIX commands help PIX questions how to find the time/date when the config file was last modified. (to find if any one else has tampered with it) how to find who is telnetted into the pix or who is using the PDM into the pix how to configure a particular IP address to be allowed to manage pix via the PDM and no one else is allowed __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39562t=39558 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7204 vxr bootflash [7:38777]
Another issue is that Cisco has several images out there that are too big for the bootflash: directory. If you want them to fit they need to be about 2.9MB or less. Duncan -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 10:34 AM To: [EMAIL PROTECTED] Subject: Re: 7204 vxr bootflash [7:38777] Not all the images have a parallel boot image. I just try and insure that the boot image is current enough to recognize all the PA's so that if you end up in boot mode you'll have a chance to access the router and download new IOS in necessary. Dave Patrick Donlon wrote: Whoops just read my post, I meant to say bootflash not bootrom Cheers -- email me on : [EMAIL PROTECTED] Patrick Donlon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All just wondered if anyone knows where I can find some information about boot rom versions. I'm looking at loading an image of IOS on a new 7204 and I'd like to know what version I should use for the boot rom cheers Pat -- email me on : [EMAIL PROTECTED] -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38809t=38777 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Should I buy IDS ? [7:36053]
For that small of a network SNORT would be fine and it costs quite a bit less. -Original Message- From: Arni V. Skarphedinsson [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 9:32 AM To: [EMAIL PROTECTED] Subject: Should I buy IDS ? [7:36053] I am administrating a network of about 500 computers, 30 servers, and somthink like 70 WAN locations, I have been thinking about the Cisco IDS system, anyone have any good reasons to use one, have you used it, and has it detected much intrusion. I realy need somthing to sell the ides to the managment. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36055t=36053 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: kazaa / morpheus blocking / rate-limiting [7:34529]
Those are some bandwidth hogs. I knocked down incoming/outgoing traffic on 1214 and used a sniffer to catch the internal offenders. Keep in mind you will probably have GNUTella running around as well which opens a port on the PC. If you do a port scan on the PC in question you will see the GNUTella port open. GNUTella is a bandwidth hog too. -Original Message- From: bergenpeak To: [EMAIL PROTECTED] Sent: 2/5/02 5:13 PM Subject: kazaa / morpheus blocking / rate-limiting [7:34529] Hi, Wondering if anyone has been using ACLs to block or rate-limit Kazaa/Morpheus traffic. I'd be interested in how well this worked. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=34562t=34529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Used Ports [7:32427]
Does anyone know of a site that has a list of what ports various programs use? I'm not taking about the port assignment lists like the one at iana.org. I want a list that tells me what ports AIM, MSN, Quakeuse. iana says port 1471 is for csdmbase, what the heck is that? Anyhow, any help is appreciated. Thanks, Duncan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=32427t=32427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NTP Question [7:29770]
Can use both: ntp 123/tcpNetwork Time Protocol ntp 123/udpNetwork Time Protocol -Original Message- From: Mcfadden, Chuck [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: NTP Question [7:29770] A friend of mine was doing a PIX installation on the edge of a W2K environment. He was trying to allow NTP through the PIX but it would not go. He found that, since he was using an inbound ACL, the packet would eventually reach the explicit deny. According to his research, he had to allow port 123 (NTP) in his ACL in able to allow it through the firewall, even though it was established. The question that has since been unanswered: Does NTP use UDP or TCP or both? Any ideas? ccie1ab (chuck) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=29775t=29770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: how to change the serial port IP of remote end [7:28665]
You could also TFTP up and new config with the changed IP address or if you have Cisco Works or some other SNMP enabled product you could use that to change it. -Original Message- From: Debbie Westall [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 8:59 AM To: [EMAIL PROTECTED] Subject: Re: how to change the serial port IP of remote end [7:28665] Rajneesh, You have two choices that I'm familiar with: 1. Using out-of-bound management, dial in to the router on the remote end and change the IP addres. Than change the host end. or 2. If you dont have a modem on the router at the remote end, telnet into the remote end of the router, change the IP addresss. You will lose connectivity to that remote immediately. Then change the IP on the host end. This is very risky, if you fat finger the IP on the remote end you will not have any connectivity at all, without power cycling the router. Good Luck Debbie Westall --- Rajneesh Yadav wrote: Hi all, I want to change serial IP of my both the router one is placed in UK.so my question is,can i change it remotely and how its possible.please if anyboby can help me out. Regards Rajneesh [EMAIL PROTECTED] __ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28672t=28665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: # of VLANs [7:28425]
I have to disagree here. We had a fairly loaded 7200 fail due to having too many sub-interfaces. I dug around on Cisco's site and found a document that broke down the amount of memory each sub-interface used. (no, I can't find it now) We actually got quite a few more than they had it rated for but there are memory concerns all the same. If your 2600 doesn't have a lot of memory it will be limited. How many sub-interfaces you talking about? How much memory does the box have? You may want to consult Cisco if you are going over 50 or so. Just my $0.02. Duncan -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 2:00 PM To: [EMAIL PROTECTED] Subject: Re: # of VLANs [7:28425] I take part of that back, there is an IDB limit but I'm sure your not looking at serveral hundred subinterfaces are you?!? dave NetEng wrote: How many sub-interfaces can I create for VLAN routing on a router, lets say a 2600 series? I can't find anything at cisco. -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=28447t=28425 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 7206 boot-image [7:25866]
7200 boot images are a tricky thing. I'm not sure of your wording below but the boot image is for the router to boot off of. After the router boots of off the boot image then it loads the main IOS image. The big thing I look for is if the boot image supports all the cards that are in the router. That way if the main image fails I know all the cards will work. Make sure you get an image taht fits in the boot directory (4mb) as Cisco desided to make several images that won't fit in there when they expand. You can still use those images but you will have to put them in the main flash area and use a boot system command. No, you don't have to have the boot image and main image being the same version. I'm sure if you search Cisco's website under 7200 boot image you will find all the info you need. Duncan -Original Message- From: JP To: [EMAIL PROTECTED] Sent: 11/11/01 9:12 PM Subject: 7206 boot-image [7:25866] All, I know the boot-image of 7206's onboard flash memory is a backup in case the primary IOS on flash cards fails. It only includes software to configure basic IP information. If this is right, I think I can just upgrade the IOS on the flash card, as the boot-image should basically be same. I noticed that there is a boot-image for each IOS, I assume we do not make them match each other, is this right? Thanks JP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=25940t=25866 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ios features [7:12945]
-Original Message- From: Donald B Johnson jr [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 19, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: ios features [7:12945] Does anyone remember the link that allows you to search for a IOS version based on a feature, say DHCP. Don Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12946t=12945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on Cat5k [7:12836]
The WS-X5010 will not do ISL. The WS-X5213A is what you are after. It is 12 ports 10/100 with ISL support. -Original Message- From: Munoz, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 1:29 PM To: [EMAIL PROTECTED] Subject: Question on Cat5k [7:12836] I am looking to purchase a Catalyst switch for my department to play with. I have found the deal from Optsys with Cat5k Sup1 and WS-X5010 Blade but am wondering about the capabilities of the switch.. Apparently the WS-X5010 is 24pt 10MBS as mentioned to me by Brad.. Assuming that I have a router with FastEthernet capabilities to run ISL, would the switch be able to handle this since the blade is not able to run 100mbs? I just want to make a good purchase for our lab.. At this time, we do not have any catalyst equipment. Thanks all for your help! Mike Munoz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12843t=12836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question on Cat5k - The answer [7:12847]
No confusion, he asked about the 10mbps ports. They couldn't do what he asked. I told him which blade did. Yes, he can trunk through the Sup port. He needs to makes sure they are TX and not FX though...unless his router has FX. -Original Message- From: Dennis Laganiere [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 2:15 PM To: [EMAIL PROTECTED] Subject: FW: Question on Cat5k - The answer [7:12847] I think there is some confusion here. The sup module has 100mbps ports, so you hook up the hosts to the 10mbps ports and the trunking port comes off the sup. Works great... --- Dennis -Original Message- From: Maccubbin, Duncan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 10:56 AM To: [EMAIL PROTECTED] Subject: RE: Question on Cat5k [7:12836] The WS-X5010 will not do ISL. The WS-X5213A is what you are after. It is 12 ports 10/100 with ISL support. -Original Message- From: Munoz, Michael [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 1:29 PM To: [EMAIL PROTECTED] Subject: Question on Cat5k [7:12836] I am looking to purchase a Catalyst switch for my department to play with. I have found the deal from Optsys with Cat5k Sup1 and WS-X5010 Blade but am wondering about the capabilities of the switch.. Apparently the WS-X5010 is 24pt 10MBS as mentioned to me by Brad.. Assuming that I have a router with FastEthernet capabilities to run ISL, would the switch be able to handle this since the blade is not able to run 100mbs? I just want to make a good purchase for our lab.. At this time, we do not have any catalyst equipment. Thanks all for your help! Mike Munoz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12850t=12847 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Insight [7:11803]
I disagree. I've run into many recruiters and HR people that knew they needed a CCNA and did not know what a CCNP is. If you are looking for a job you should put them all down so you don't get weeded out. Now he needs to get the CCIE Written cert :). Duncan -Original Message- From: Dennis H [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 11, 2001 9:02 AM To: [EMAIL PROTECTED] Subject: Re: Insight [7:11803] You don't need to mention CCNA when you reference being CCNP it's implied as you must pass CCNA to become CCNP. If you reference them both it appears like you're only focused on certs and probably lacking experience. men u wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... CCNP,CCNA,MCSE Looking for work in Montgomery, Alabama over 6 yrs exp in field. Any help will be appreciated. Resume upon request. _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11916t=11803 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router as TFTP Server [7:5426]
You may want to put in a static to where you want to go until you are done with the upgrade. Duncan -Original Message- From: Kelly D Griffin [mailto:[EMAIL PROTECTED]] Sent: 22 May 2001 14:24 To: [EMAIL PROTECTED] Subject: Router as TFTP Server [7:5426] I have configured a 2500 as a tftp server and have it connected via a WAN link in my lab to another 2500. I can ping across the circuit in both directions, but when I attempt a tftp transfer I get this: R2#copy tftp flash NOTICE Flash load helper v1.0 This process will accept the copy options and then terminate the current system image to use the ROM based image for the copy. Routing functionality will not be available during that time. If you are logged in via telnet, this connection will terminate. Users with console access can see the results of the copy operation. Proceed? [confirm] System flash directory: File Length Name/status 1 6418792 igs-j-l.110-13 [6418856 bytes used, 1969752 available, 8388608 total] Address or name of remote host [1.1.1.1]? 1.1.1.1 Source file name? c2500-d-l.120-9.bin Destination file name [c2500-d-l.120-9.bin]? Accessing file 'c2500-d-l.120-9.bin' on 1.1.1.1... Loading c2500-d-l.120-9.bin from 1.1.1.1 (via Serial0): ! [OK] Erase flash device before writing? [confirm] Flash contains files. Are you sure you want to erase? [confirm] Copy 'c2500-d-l.120-9.bin' from server as 'c2500-d-l.120-9.bin' into Flash WITH erase? [yes/no]yes %SYS-5-RELOAD: Reload requested %FLH: c2500-d-l.120-9.bin from 1.1.1.1 to flash ... System flash directory: File Length Name/status 1 6418792 igs-j-l.110-13 [6418856 bytes used, 1969752 available, 8388608 total] Accessing file 'c2500-d-l.120-9.bin' on 1.1.1.1... Loading c2500-d-l.120-9.bin ... [timed out] [failed] I can ping across the circuit from the tftp server router while the timeouts are occurring. The 1.1.1.1 address is the address of Loopback0 on R1. I am running EIGRP for routing and do not have a default route statement in either router. Any ideas? Kelly D Griffin, CCNA, CCDA Network Engineer Kg2 Network Design 877.418.4025 http://www.kg2.com http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=5437t=5426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Congrats [7:4044]
I had heard of a Vietnamese couple where the husband got the CCIE and then taught his wife and she got it too. Could have been the other way around too :). Duncan -Original Message- From: Daniel Cotts [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 2:41 PM To: [EMAIL PROTECTED] Subject: RE: Congrats [7:4044] There is a Vietnamese CCIE working as a SE for Cisco in the Northern Virginia area. Her husband is also a CCIE. I do not know if he is Vietnamese. Good luck in your studies. -Original Message- From: Frank Kim [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 10, 2001 1:01 PM To: [EMAIL PROTECTED] Subject: Congrats [7:4044] I'm proud of you. Go Vietnamese! I'm taking my lab this November also. I hope I will be the second Vietnamese person who will send out such good news to the group. -Frank On Thu, 10 May 2001, DUNG H. LE wrote: May 7-8, 2001 - RTP Lab facility This was attempt 2. I changed my study habits from attempt 1, and therefore testing technique, for my attempt 2 (you perform like you practice..right?). It paid off. The change was to monotonously ping every interface IP / IPX address from every router. I made a list of the addresses and ran through all of them from every router. I believe this lack of attention to detail is what did me in on attempt one. Time management was key. If I didn't know the config off the top of my head, I skipped it. This allowed me to complete the entire day 1 portion 3 hours early. I had 4 areas that I needed to think about, so I saved them for last. I methodically approached each of the 4 areas, knocked out each requirement, and had 1 hour left to do the testing above. My strategy was that no matter what, I would take the last hour to test thoroughly, I just happened to get my 4 items done. Day 2 was the same way...although only 3 hours for the first part, I still had 45 minutes to test it all. Troubleshooting was by far the most nerve-racking experience. I had a trouble ticket list and was told to find as many problems as I could and document/fix them (one liners). Unexpectedly I had to troubleshoot a different network than the one I had spent a day and a half configuring. 3 hours was the time limit to learn a new topology, IP scheme, protocol intent, and then fix as much as possible. I don't feel like I was ready for this, and must have just kept calm enough to manage it. The waiting is a nerve killer. You wait before the lab starts about an hour for everything and everyone to get ready. You wait all night long for status on day 1's score. You wait after day 2 build out...1.5 hours for me to find out if you made it to troubleshooting. Then you wait while they add up the points and spit a number out of the computer or not. Howard was the best!!! Comic relief goes a long way to ease my stress, and he delivered. I was very comfortable in the RTP environment. Study material used / frequency: Caslow 2nd edition - read it cover to cover once. Ccbootcamp labs - practiced daily (almost and minus weekends) for 4 months 4-6 hours per day on a rack of equipment that was very similar to the real thing. I was very comfortable with what was required of me for day 1 and 2 build out. In retrospect I would have practiced a bit more on troubleshooting. I was not comfortable with this at all and could have used some familiarity with strategy and tactic on this part. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4055t=4044 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quality Labs
I am looking for some quality labs to practice with. Perhaps someone who has taken the CCIE lab recently can comment on some prep labs they have used that they thought were good. I'd rather not buy 10 bad practice labs to get one good one. Duncan _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP !
Muhammed, A 1600 will support BGP4 in the IP PLUS feature set. I have the IOS version, IOS name and most of them have the memory needs inside the parenthesis. Here they are, good luck. Duncan 12.1(7) c1600-sy-l.12.1-7 (4/12) c1600-sy-mz.12.1-7 (N. A./4) 12.1(6) c1600-sy-l.12.1-6 (4/12) c1600-sy-mz.12.1-6 (N. A./4) 12.1(5) c1600-sy-l.12.1-5 (4/12) c1600-sy-mz.12.1-5 (N. A./4) 12.1(5)T c1600-sy-l.12.1-5.T (4/12) c1600-sy-mz.12.1-5.T (N. A./6) 12.1(5)T4 c1600-sy-l.12.1-5.T4 (N. A./) c1600-sy-mz.12.1-5.T4 (N. A./) 12.1(4) c1600-sy-l.12.1-4 (4/12) c1600-sy-mz.12.1-4 (N. A./4) 12.1(3) c1600-sy-l.12.1-3 (4/12) c1600-sy-mz.12.1-3 (N. A./4) 12.1(3)T c1600-sy-l.12.1-3.T (4/12) c1600-sy-mz.12.1-3.T (N. A./6) 12.1(2) c1600-sy-l.12.1-2 (4/12) c1600-sy-mz.12.1-2 (N. A./4) 12.1(2)T c1600-sy-l.12.1-2.T (4/12) c1600-sy-mz.12.1-2.T (N. A./6) 12.1(1) c1600-sy-l.12.1-1 (4/12) c1600-sy-mz.12.1-1 (N. A./4) 12.1(1)T c1600-sy-l.12.1-1.T (4/12) c1600-sy-mz.12.1-1.T (N. A./6) 12.0(9) c1600-sy-l.12.0-9 (4/8) c1600-sy-mz.12.0-9 (N. A./4) 12.0(8) c1600-sy-l.12.0-8 (4/8) c1600-sy-mz.12.0-8 (N. A./4) 12.0(7) c1600-sy-l.12.0-7 (4/8) c1600-sy-mz.12.0-7 (N. A./4) 12.0(7)T c1600-sy-l.12.0-7.T (4/8) c1600-sy-mz.12.0-7.T (N. A./4) 12.0(6a) c1600-sy-l.12.0-6a (N. A./) c1600-sy-mz.12.0-6a (N. A./) 12.0(6) c1600-sy-l.12.0-6 (4/8) c1600-sy-mz.12.0-6 (N. A./4) 12.0(5) c1600-sy-l.12.0-5 (4/8) c1600-sy-mz.12.0-5 (N. A./4) 12.0(5)T c1600-sy-l.12.0-5.T (4/8) c1600-sy-mz.12.0-5.T (N. A./4) 12.0(4) c1600-sy-l.12.0-4 (4/8) c1600-sy-mz.12.0-4 (N. A./4) 12.0(4)T c1600-sy-l.12.0-4.T (4/8) c1600-sy-mz.12.0-4.T (N. A./4) 12.0(3b) c1600-sy-l.12.0-3b (4/8) c1600-sy-mz.12.0-3b (N. A./4) 12.0(3) c1600-sy-l.12.0-3 (4/8) c1600-sy-mz.12.0-3 (N. A./4) 12.0(3)T c1600-sy-l.12.0-3.T (4/8) c1600-sy-mz.12.0-3.T (N. A./4) 12.0(3)T2 c1600-sy-l.12.0-3.T2 (N. A./) c1600-sy-mz.12.0-3.T2 (N. A./) 12.0(14) c1600-sy-l.12.0-14 (4/8) c1600-sy-mz.12.0-14 (N. A./4) 12.0(13) c1600-sy-l.12.0-13 (4/8) c1600-sy-mz.12.0-13 (N. A./4) 12.0(12) c1600-sy-l.12.0-12 (4/8) c1600-sy-mz.12.0-12 (N. A./4) 12.0(11) c1600-sy-l.12.0-11 (4/8) c1600-sy-mz.12.0-11 (N. A./4) 12.0(10) c1600-sy-l.12.0-10 (4/8) c1600-sy-mz.12.0-10 (N. A./4) -Original Message- From: Muhammed Khalilullah [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 11, 2001 9:51 PM To: [EMAIL PROTECTED] Subject: BGP ! Hi All, I just wanna know if 1600 routers support BGP. If yes, then which IOS version and what are the memory requirements. I've heard that BGP is rather a platform dependent routing protocol. Is this true? I've tried 12.0 IP and IP/PLUS versions and it says 'Unknown Routing Protocol' in response to the command 'Router BGP xxx' : Thanks in advance, Muhammad Khalilullah CCNP, MCSE __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ccbootcamp
Duncan -Original Message- From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]] Sent: Monday, February 26, 2001 1:40 PM To: [EMAIL PROTECTED] Subject: Re: ccbootcamp I used the nantech.com CCIE prep labs over the last week, and they seem closest to the real thing. The big advantage they have over the ccbootcamp labs is the way they are worded...The wording makes you think of the appropriate solution for any given task, as opposed to just asking you to configure specific features. Arinze Your observation about the wording is fascinating. I may be involved in setting up a commercial remote lab service, and, in any case, supervise scenario development for CertificationZone. The problem you are describing also applies to practice exam development as well as lab practice. It is my impression that the CCIE lab, at least, really does focus on specific features rather than best solution -- I'm thinking of comments I've heard such as static routes being forbidden in many scenarios. Such a focus does make sense, in a way, for Cisco -- it's easier to train proctors to evaluate more constrained solutions. But my own feeling is that scenarios that make you think about solutions are better from an educational standpoint -- definitely for real-world preparation, and secondarily for exam preparation. What's the feeling of people on this list? Do you prefer scenarios that mimic the lab as closely as possible (without violating NDA), scenarios that exercise problem analysis, or a mixture of the two with clear identification of the scenario designer's intention? Am I representing the lab reality correctly? From: "sparkest pig" [EMAIL PROTECTED] Reply-To: "sparkest pig" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ccbootcamp Date: Sat, 24 Feb 2001 03:00:52 I just wonder that how close is the ccbootcamp to the real exam? i am planning to write the lab exam and hope to get some lab practise. i heard that lab 8 of the ccbootcamp is very challenging and is a good representation of the real lab exam. How about other lab of the ccbootcamp? And besides ccbootcamp, where can I get labs that are equally (or more) challeging? Is fatkid also very challenging? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF command
network 192.168.100.0 0.0.0.255 area 0.0.0.1 Will the router take the 0.0.0.1 as area 1? Is there a good reason to do this? Thanks in advance, Duncan Maccubbin Senior Network Engineer - ICS LLC CCNA, CCNP _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP CCIE
managing it and not working in the field. He has lost touch with the technology and feels he can't pass the test. He isn't that concerned about it. I can't see the sense in letting it lapse but I see it as one less CCIE out there when I get mine. -Original Message- From: Fowler, Joey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 23, 2001 10:18 AM To: [EMAIL PROTECTED] Subject: RE: CCNP CCIE I thought it was notable, that 315 CCIE's have let there certification expire for over one year. If you went through all the work to get it, why would you let it lapse... -Original Message- From: J Roysdon [mailto:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 6:35 PM To: [EMAIL PROTECTED] Subject: Re: CCNP CCIE I don't know that the carrier certs are published anywhere publicly accessible. CCIE is updated regularly: http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_present.html 5278 CCIEs currently _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: % Warning: cannot change link type
then tried to delete it and bring it back up as a point-to-point. You will get this error with 11.x IOS. Delete the interface and restart the router. That should enable you to change the frame type to multipoint. Good luck, Duncan -Original Message- From: les flack [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 13, 2000 8:56 AM To: [EMAIL PROTECTED] Subject: % Warning: cannot change link type Help, I have a 3600 @ 11.3 which is running as a frame switch on some ports and I am trying to configure some of the other ports as routed point-to-point sub-ints. But when configuring the second sub int I get the following. frsw1(config)#int s0/0.1 point-to-point frsw1(config-subif)#exit frsw1(config)#int s0/0.2 point-to-point % Warning: cannot change link type Which results in the following configuration interface Serial0/0 no ip address no ip mroute-cache encapsulation frame-relay ! interface Serial0/0.1 point-to-point no arp frame-relay ! interface Serial0/0.2 multipoint no arp frame-relay Any ideas? Les _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Your comments please
I have it. It is fairly simple. I did the whole thing in about an hour. I didn't think it was worth the $200. -Original Message- From: Marshal Schoener [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 9:56 AM To: 'George Siaw'; [EMAIL PROTECTED] Subject: RE: Your comments please Where can I find this, "CCIE Expert Labs Simulator" The only simulator's I've seen so far are low quality and under-developed :-) thanks -Original Message- From: George Siaw [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 05, 2000 4:17 AM To: [EMAIL PROTECTED] Subject: Your comments please Importance: High Hi Everybody, If anyone has used CCIE Expert Labs Simulator, IP Routing: Cisco Interactive Mentor I will appreciate your view? Regards, George. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MPLS Transfer Protocol ???
Multiprotocol Label Switching (MPLS) is a high-performance method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply simple labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels with minimal lookup overhead. -Original Message- From: Circusnuts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 6:31 AM To: [EMAIL PROTECTED] Subject: MPLS Transfer Protocol ??? Has anyone heard of this. An prospective employer mentioned it in an interview. The search engine brings back Minneapolis information :-) Thanks !!! Phil ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to pronounce? router
I can verify this. We had a guy here last week from London. He kept talking about updating the roots in the rooter. Took me a minute to figure out what he was talking about. -Original Message- From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 9:50 AM To: 'Ajaz Nawaz'; [EMAIL PROTECTED] Subject: RE: How to pronounce? router Take a look here: http://www.dictionary.com/cgi-bin/dict.pl?term=router The funny thing is that it can be pronounced different ways. I, being from Denmark, have used the word both there and in Houston, Texas where I have lived for the last four years, and both places I have always used and heard it pronounced "rau-dor". I have never heard it pronounced "roo-ter" - not even at Hooters :-) Hth, Ole Ole Drews Jensen Systems Network Manager CCNA, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] -Original Message- From: Ajaz Nawaz [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 23, 2000 8:14 AM To: [EMAIL PROTECTED] Subject: Re: How to pronounce? router How should one pronounce - ROUTER In England most say - rooter I know in the US most say - rau ter Paul Borghese wrote: In Boston it is: Tkaas In New York it is: "Who wants to know?" In New Jersey it is pronounced TACACS but you need to give not just your Username and Password but also what exit. In Georgia it is pronounced Tacacs but you need to add a "ya' all" to the end and the password is always peach. In San Francisco it is pronounced: Tacacs.com Paul Borghese ""Cthulu, CCIE Candidate"" [EMAIL PROTECTED] wrote in message 8nvemd$p0t$[EMAIL PROTECTED]">news:8nvemd$p0t$[EMAIL PROTECTED]... Here's the way new Texans pronounce it... Tacacs = 'TIE- kax" RADIUS = "Ray Dee Us" HTH, Charles ""Victor Jia"" [EMAIL PROTECTED] wrote in message 8nvea4$noh$[EMAIL PROTECTED]">news:8nvea4$noh$[EMAIL PROTECTED]... Can anyone tell how to pronounce the words TACACS, RADIUS? Anywhere can I find the pronounciation of all those abbreviations? Thanks. ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SDSL statement : True or False ?
Sigh, why do ppl make such assumptions? Actually, Netopia tries to make their equipment work with everyone they can. When I worked with one of the larger DSL ISPs in the DC area they were very helpful. You could call them with an issue and if they could fix the issue without a major overhaul they would. I know, for example, their T1 router supports Cisco HDLC. Duncan -Original Message- From: Oz [mailto:[EMAIL PROTECTED]] Sent: Friday, August 11, 2000 10:17 AM To: [EMAIL PROTECTED] Subject: Re: SDSL statement : True or False ? I think some comes down to a control issue the ISP's don't want you playing with their Dslam etc and also they get very sweet deals on the last mile stuff. So why should they and there are compatability issues I forget right now what the issue was Als look at it from netopia's point why should they try to work with cisco if they don't they get to place stuff all the way to the end. If they do their sales end at the demark. It's called marketing , I have had this problem and created a need for a firewall after the netopia so lost a router and gained a firewall. Not a bad trade (heh) Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]