RE: Access list or Conduit? [7:72514]

[Mark Smith]

Statics/Conduits are the old pre-Cisco way of doing things in a PIX.
Works well, is easy to configure but Cisco says that at some point support
for that command will likely be discontinued.
Cisco is trying to make the PIX OS more IOS-centric and has brought access
lists into the command fold as of about v5.x. I was slow to adopt the change
to access lists in my PIX's as I hadn't used them much before then. I was
very familiar with conduits but since becoming more familiar with access
lists I haven't found anything that I could do with conduits that I can't
with access-lists and I'm not concerned that support for ACL's is
disappearing anytime soon.
Only thing I'd say is that I've read you can experience some very weird and
unexpected results if you mix an access list and conduits together. Go with
all one or all of the other.

Mark

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
E. Keith J.
Sent: Thursday, July 17, 2003 4:12 PM
To: [EMAIL PROTECTED]
Subject: Access list or Conduit? [7:72514]


Hi all



The boss wants to allow ping.

In the website I found the way by using an access list.

In another config I see a conduit is used.



What is the difference between using a conduit and an access list to allow
ping



Is it that a conduit is to a specific host

Rather than permit any?



Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72527t=72514
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Probably the dumbest question that will be asked all day [7:71447]

[Mark Smith]

I have a router (actually a pair of them in HSRP but that's irrelavent) that
connects two networks in non-contiguous IP address ranges through a 100MB
F/E TX port on the inside to an ISP network on the outside, also via a 100MB
F/E TX port, at a colo facility. I have a half of a hundred MB pipe to the
outside world. The two networks behind the router are independent of each
other, seperated by PIX's behind the routers but, on occasion, they do
communicate with each other. I currently have a primary and secondary IP
address set on the inside F/E interface, one for each network.  I've never
seen any mention if sub-interfaces being used in Ethernet or Fast Ethernet
interfaces in any Cisco literature. They primarily seem to be mentioned in
regards to serial interfaces. Is there an advantage to using sub-if's here
over a primary and secondary IP address? Any packet filtering is handled by
the PIX's so I don't ever foresee the use of access-lists on the router.
This router simply routes packets. I don't foresee the use of more than two
networks inside but I suppose that's a slight possibility down the road if I
would need more IP addresses and couldn't get contiguous addresses.  I'm not
sure if you can use more than a single secondary address on an interface or
if you can pnly use a single one. I guess I'm not sure if recommended
practice would be to always use sub-if's when connecting more than one
network to any interface, use sub's only with serial i/f's and use
primary/secondary addresses with F/E interfaces or if it's time to consider
adding more F/E modules with 2 or more networks. I've used this
primary/secondary config for a couple of years and it's worked fine but, as
my colo facility is Sprint and they've decided to get out of the hosting
biz, it would be a good time for me to reconfigure things during the move if
there is an advantage in doing so.
Thanks.






Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71447t=71447
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Probably the dumbest question that will be asked all day [7:71457]

[Mark Smith]

I never tried using sub's on the the LAN interface. I could have used VLAN's
at the time I initially set it up but didn't see a need for it at the time
(still don't unless it's the officiallly Cisco-blessed method and then I'd
just be curious as to why). I just set up a secondary and then later on I
got to wondering if I was doin' the right thing.

It ain't broke. Guess I don't need to fix it.

Thanks.




-Original Message-
From: Zsombor Papp [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 11:38 AM
To: Mark Smith
Cc: [EMAIL PROTECTED]
Subject: Re: Probably the dumbest question that will be asked all day
[7:71447]


Ask your router. I did, and it said:

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

:)

In other words, secondary IP addresses will do just fine. And btw you can
have more than one per interface (up to 255, or so?).

You might also want to check out the other thread about encapsulations and
such.

Thanks,

Zsombor

At 03:27 PM 6/26/2003 +, Mark Smith wrote:
I have a router (actually a pair of them in HSRP but that's irrelavent)
that
connects two networks in non-contiguous IP address ranges through a 100MB
F/E TX port on the inside to an ISP network on the outside, also via a
100MB
F/E TX port, at a colo facility. I have a half of a hundred MB pipe to the
outside world. The two networks behind the router are independent of each
other, seperated by PIX's behind the routers but, on occasion, they do
communicate with each other. I currently have a primary and secondary IP
address set on the inside F/E interface, one for each network.  I've never
seen any mention if sub-interfaces being used in Ethernet or Fast Ethernet
interfaces in any Cisco literature. They primarily seem to be mentioned in
regards to serial interfaces. Is there an advantage to using sub-if's here
over a primary and secondary IP address? Any packet filtering is handled by
the PIX's so I don't ever foresee the use of access-lists on the router.
This router simply routes packets. I don't foresee the use of more than two
networks inside but I suppose that's a slight possibility down the road if
I
would need more IP addresses and couldn't get contiguous addresses.  I'm
not
sure if you can use more than a single secondary address on an interface or
if you can pnly use a single one. I guess I'm not sure if recommended
practice would be to always use sub-if's when connecting more than one
network to any interface, use sub's only with serial i/f's and use
primary/secondary addresses with F/E interfaces or if it's time to consider
adding more F/E modules with 2 or more networks. I've used this
primary/secondary config for a couple of years and it's worked fine but, as
my colo facility is Sprint and they've decided to get out of the hosting
biz, it would be a good time for me to reconfigure things during the move
if
there is an advantage in doing so.
Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=71457t=71457
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Internet is very slow behind Pix 515E UR [7:70783]

[Mark Smith]

100basetx is 100MB, half duplex. Try interface ethernet0 100full and
interface ethernet1 100full instead.
Make sure that whatever is on the other side of the outside interface is
100/full or auto too.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 17, 2003 10:19 AM
To: [EMAIL PROTECTED]
Subject: Internet is very slow behind Pix 515E UR [7:70783]


Whenever I access the web site which is behind the Pix firewalls, the speed
is really slow.

I bypassed the firewall and accessed the same site and it's fast!

I checked my settings and made sure all the connected devices are running at
100 and full duplex, they all are!

I mean why this is happening ... is it because the pix have to inspect each
packet!

The Bandwidth from the service provider is 64k.

Any Idea Please.


Any ideas?


The Pix version is 6.1 besides this is satellite connection

The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0
Outside address range is 10.15.9.163-183 255.255.255.224
Default Gateway: 10.15.9.62 255.255.255.224
DNS1: 195.238.62.1
DNS2: 195.238.40.30




AN# show config
: Saved
:
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security10
enable password kC9ZDwfWejkBqApp encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname AN
domain-name ciscopix.com
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list acl_in permit icmp any any
access-list acl_in permit udp any any
access-list acl_in permit tcp any any
pager lines 10
logging buffered debugging
interface ethernet0 100basetx
interface ethernet1 100basetx
interface ethernet2 auto shutdown
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 10.15.9.163 255.255.255.224
ip address inside 191.1.1.85 255.255.0.0
ip address intf2 127.0.0.1 255.255.255.255
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 10.15.9.164-10.15.9.180
global (outside) 1 10.15.9.181
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_out in interface outside
access-group acl_in in interface inside
route outside 0.0.0.0 0.0.0.0 10.15.9.163 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
http server enable
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
no sysopt route dnat
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de
AN#



Ismail Al-Shelh

[GroupStudy removed an attachment of type image/gif which had a name of
image001.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70809t=70783
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Kind of off season for this question [7:70479]

[Mark Smith]

What's the general opinion/experience/wisdom regaridng the writing off of
home lab gear costs from one's taxes if the only thing done with this gear
is to study for certifications to further one's career? I say only. I've
also used this gear to test config's for work as we have no test network
gear to try new stuff on - just a production network. I' ve been on a buying
binge this year and, between the costs to add gearto my lab and my out of
pocket costs for schooling, I'm afraid that I'll red flag my tax return next
year. I'm probably around $10-11K so far and it's only June. I don't see a
lot more for this year but I sure don't need no steenkeen' audit next year.
Any experience on what others do is greatly appreciated.

Thanks.


FYI - I'm specifically referring to the US tax code.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70479t=70479
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PDM for PIX [7:69852]

[Mark Smith]

Maybe I'm mistaken but I think PDM v1.0 only worked with Netscape, not
Internet Explorer.
Something about the virtual machine in IE wasn't compatible with PDM v1.0.
It required Netscape's implementation of Java.
Could be way off on this one. It's been a while.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Kenan Ahmed Siddiqi
Sent: Friday, May 30, 2003 2:30 AM
To: [EMAIL PROTECTED]
Subject: PDM for PIX [7:69852]


Hi there,
I have a PIX 515E. I am trying to use PDM on it. The configuration is IOS
version 6.0 and PDM version 1.0. The client is Windows 2000 with IE 6.0 and
all the service packs intalled. When I try connecting to the PIX via the
browser, somehow it just doesn't work. Everything else seems to be okay. PIX
is configured to accept PDM connections from the client. Any suggestions how
to fix it? Is there some encryption or something that needs to be
enabled/disabled?

TIA,

Kenan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69882t=69852
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX Firewall --- DMZ to Inside Access [7:69877]

[Mark Smith]

Try this:

pix(config)# access-list  permit tcp host 10.1.1.X host
192.168.20.10 eq 7000
pix(config)# access-group  in interface 

where you fill the correct value for X in the source IP addess that's
needing to access the inside, where  is whatever you want
to name your access list and  is the name you gave the DMZ
interface interface in the nameif command.
Note: Currently all traffic from the DMZ to the outside is allowed. The
moment you apply that access list to the DMZ interface all outbound traffic
(traffic INTO the DMZ interface and headed to parts anywhere to the outside)
will now be blocked. There is an implied deny any any at the end of the
access list. You will have to then open up ports to the outside that boxes
in your DMZ will need to use. If the same box needs WWW access to the
outside world you will need a statment like this:

pix(config)# access-list  permit tcp host 10.1.1.X any eq
80

The any is the destination IP address. If it only goes to a specific WWW
site you can add host A.B.C.D instead of any. With the statement as
written above you've allowed the pix to access any web server anywhere,
assuming it's running on port 80. The same can be done with FTP, SMTP, DNS
(except if would be permit udp instead of permit tcp) or any other
traffic originating from the DMZ. Any traffic already allowed via access
lists from the outside to the DMZ will not be affected, only traffic
originating in the DMZ. The official line from Cisco is that it's not a good
idea to mix static/conduits and access-list/access-groups on the same box.
If you're allowing traffic from the outside into your DMZ via static/conduit
pairs you may have intermittent troubles using both. I've not experienced it
personally. I just know what I've read in all of Cisco's doc's about it. You
may need to consider switching to access-list/access-group instead of
conduits. The static statements should remian the same.

If you were going from the inside to the DMZ you would need a static
statement defining the inside network to the DMZ but I don't believe you do
from a less secure interface to a more secure interface. The two statements
above should be all you need to put in your config.

Hope this helps (and it wasn't 10,000 times more info than you wanted).


Mark Smith




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 10:26 AM
To: [EMAIL PROTECTED]
Subject: PIX Firewall --- DMZ to Inside Access [7:69877]


Fellows -
I have a senario here,
I have a PIX firewall with 3 Interfaces , Inside, Outside and DMZ.
Machines on the Inside Interface can access Server on DMZ Zone, no problem,
I have to facilitate limited access from DMZ zone Servers to Host on Inside
Interface.
Let take an example,
I have a Server on DMZ zone 10.1.1.1 and i need to alow TCP Port 7000 from
this Server to a host on Inside zone whoes IP address is 192.168.20.10
I have a raw configuration in my mind since i dont a PIX with 3 Interfaces
in my LAB i can not test it. I know i have put an Access List / NAT to do
this.
Any config welcome.

thanks


--
Curious

MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69892t=69877
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Am I over my head guys? [7:69746]

[Mark Smith]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
John Neiberger
Sent: Thursday, May 29, 2003 9:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Am I over my head guys? [7:69746]

 B Rudy 5/29/03 2:41:29 AM 
Hey guys, I just got an offer to become a 2nd senior network engineer for
this company in Orange Country.  Great News i know!!

Dilemma:  I am a CCNP but have no local Area Nework Experience.  Going to
be
workin with Catalyst 6500 switches.  Also i have about 2 yrs working with
cisco equipment, however, dont feel i am ready for a senior title and
duties.  Also working with cisco routers.

What do you guys think i should do?

1.  Take the job and see how it works out?  Maybe mess up their network
and
look real dumb and unknowledgable on some troubleshooting.  risked getting
fired?
2.  Let the job go, and watch a great opp float away?
3.  Keep the existing job i have working with cisco equipment and
technology?

p.s.  This job is a senior position, so meaning senior pay. very positive
aspect, and a great company going places. over 4000 employees.

Your output is greatly appreciated. Really need some advice. Thanx

Yowza!  Two-years Cisco experience, CCNP, and no real-world experience on
LANs gets you a *senior* position??

What's the name of this company?  I feel a move to Orange County coming
on...   :-)

Seriously, you must have shown the skills they were requiring of a
senior-level person in their organization, and every organization has
different guidelines.  Heck, I don't even qualify to be a senior person in
our company yet!  That's related to time in the department, though.  Still,
you seem to be a little worried that they might expect more from a senior
person than you're ready to deliver.  Take an honest assessment of your
capabilities and if you're still worried, start studying your tail off
right
now.  You know we're always here to help when we can.  Show some confidence
and be willing to continually learn as much as possible as quickly as
possible; be thorough and conscientious; be trustworthy, loyal, helpful,
friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean, and
reverent.  (Hopefully someone will get that joke,  )


And don't forget to always Be prepared. (I was a Boy Scout too.)


If you have a good enough grasp of things to get the CCNP then you should do
fine. Every new job is a learning experience. At least mine have been. If
you passed BCMSN then you tested on the 5000. It uses the CatOS like the
6500. In my experience anyone with enough integrity to worry about doing
their job correctly usually goes above and beyond. It's the folks that just
look at the money or the title or just flat don't think things thru that
fail. You obviously think things through.
If you've weighed all of the options re: long term prospects at this
company, who you'll be working with/for benefits, working conditions, etc
and it all looks good and the only thing that's holding you back is
confidence in your own ability, IMHO, take it. I felt the exact same way
after the first networking job I was offered. I didn't think there was
anyway in he** I should accept it and told my prospective boss that. She
sought me out as she had heard about my work ethic. I told her I work hard
and study a lot but don't know what she needed me to know. Her response was
I'd rather have someone that's hungry and willing to learn like you then
someone who knows everything. There's lots of resources available to fill in
whatever gaps you may have in your knowledge for someone willing to use them
and you are. I can teach you whatever facts you don't know but I can't give
you the drive to work hard and do the job correctly. She was right. And she
didn't ever have to teach me anything. I always found some way to get
whatever info I didn't have at my immediate grasp and I still do.
I suspect she could have been talking about you too.
Good luck in whatever you chose.






Dive in head first and work your tail off and you should have a great
chance
at succeeding.  If they've offered the job, take it and run with it.

Regards,
John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=69827t=69746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Volunteering in a Village in Nigeria. [7:66028]

[Mark Smith]

Usually when I get a letter from Nigeria someone's either asking for my bank
account information so they can transfer millions of ill-gotten $$$ into it
and then they'll transfer most of it later on to another account but I get
to keep some of it for my own trouble or, in a variation of the above
scheme, they need me to first send them a few thousand $$$ up front so they
can then send me the several millions of dollars. The last one I received
was a beg for someone to send high end medical equipment (to be paid for
later, of course) over there as there was a huge need for it right now and a
lot of money to be made in the market.
Cisco training nowthis is a new one.
 
 

Quoting olubunmi :

 Hey Folks...
 Nigeria is slowly grapping with the IT world and
 people are ready to learn
 here. i am looking for volunteers with whom i can work
 together to set up a
 a Cisco academy in Uyo , south South Nigeria.This may
 be starting any time
 within the next 3 months.  I will give details to
 whoever is interested. Uyo
 is a  peaceful state capital in south south Nigeria ,
 with a University, a
 polytechnic, and a metropolitan hub  for the south
 south NIgeria.
 Volunteer(s) will enjoy the hospitality of the town,
 help bring up locals
 and motivate unversity and secondary schools student
 towards a career in IT.
 I welcome anyone interested to email me ;
 [EMAIL PROTECTED] for further
 details.
 Kindly pass this message across to anyone you know
 might be interested. 
 thank you
 olubunmi Isinkaye CCNP, 
 Lagos Nigeria
 Cisco Certification Digest  wrote:
 Cisco Certification Digest Thursday, March 20 2003
 Volume 02 : Number 2494
 
 
 
 In this issue of the Cisco Certification Mailing List
 Digest:
 RE: 6509 cam entries [7:65758]
 Re: RSM Equivalent for the Catalyst 6500 [7:65760]
 RE: IP header [7:65718]
 RE: CCNP Certification [7:65759]
 IPSec and nated ISDN router [7:65782]
 pix 501 limitations [7:65785]
 RE: Anybody heard of banff counters? [7:65765]
 Re: Cisco Instructor - CCNA Class [7:65742]
 RE: FrameRelay dlci + IP address [7:65713]
 DS3 bandwidth issues [7:65790]
 Re: IPSec and nated ISDN router [7:65782]
 Re: pix 501 limitations [7:65785]
 Re: IP header [7:65718]
 Re: Getting out of hand?? [7:65676]
 RE: PIX VPN home access question [7:65666]
 RE: Unable to delete flash [7:65529]
 RE: Rack Mount Kit for 4000 [7:65752]
 Re: IP header [7:65718]
 Re: DS3 bandwidth issues [7:65790]
 RE: AW: ISDN Callback Config [7:65649]
 Re: DS3 bandwidth issues [7:65790]
 span sessions [7:65531]
 RE: ISDN 803 Callbacks [7:65754]
 dial up problem [7:65801]
 Difference on L3 switching of Cat4500 and Cat6500?
 [7:65802]
 RSP7000 and RSP-4-COOKIE message [7:65803]
 Attack on Iraq [7:65805]
 RE: is 10baseT dead? [7:65263]
 PIX Questions [7:65806]
 RE: Cisco Instructor - CCNA Class [7:65742]
 RE: Finding device on network via cisco switch
 [7:65670]
 Re: DS3 bandwidth issues [7:65790]
 Large number of VLANS [7:65815]
 RE: ISDN 803 Callbacks [7:65754]
 Re: Difference on L3 switching of Cat4500 and Cat6500?
 [7:65818]
 2511 Reverse Telnet [7:65819]
 RE: ISDN 803 Callbacks [7:65754]
 RE: ISDN 803 Callbacks [7:65754]
 eBGP Multi-hop [7:65823]
 RE: Voice Level Adjustment [7:65701]
 RE: Convert from Custome Queue to CBWFQ [7:65700]
 RE: 2511 Reverse Telnet [7:65819]
 RE: Large number of VLANS [7:65815]
 Re: 2511 Reverse Telnet [7:65828]
 RE: IPSec and nated ISDN router [7:65782]
 OT: Satellite Modem [7:65830]
 RE: Policy based routing [7:65776]
 Re: Difference on L3 switching of Cat4500 and Cat6500?
 [7:65832]
 RE: Large number of VLANS [7:65815]
 Why did Cisco do this? Off Topic [7:65834]
 Re: eBGP Multi-hop [7:65823]
 RE: eBGP Multi-hop [7:65823]
 Cisco 2000 problems [7:65837]
 RE: 2511 Reverse Telnet [7:65819]
 Re: Difference on L3 switching of Cat4500 and Cat6500?
 [7:65839]
 Re: Open http: traffic on firewall... [7:65755]
 Re: Large number of VLANS [7:65815]
 RE: Convert from Custome Queue to CBWFQ [7:65700]
 Anyone configured nat under tunnel [7:65843]
 Re: eBGP Multi-hop [7:65823]
 
 --
 
 Date: Wed, 19 Mar 2003 21:55:19 GMT
 From: Priscilla Oppenheimer 
 Subject: RE: 6509 cam entries [7:65758]
 
 steve wrote:
  
  guys i have the following entry in my cam table that
 i cannot
  remove
  
  here is the config
  
  VLAN Dest MAC/Route Des [CoS] Destination Ports or
 VCs /
  [Protocol Type]
  - -- - 
  ---
  17 00-02-a5-e8-97-35 X 9/40
 
 
 00-02-a5 is a Compaq vendor code. So it's an Ethernet
 interface from Compaq,
 if that helps.
 
 The list of vendor codes is here:
 
 http://standards.ieee.org/regauth/oui/oui.txt
 
 I have no idea why it would get stuck though. Seems
 like a bug?
 
 Priscilla
 
  
  here i smy Show Ver
  
  WS-C6509 Software, Version NmpSW: 5.3(2)CSX
  Copyright (c) 1995-1999 by Cisco Systems
  NMP S/W compiled on Oct 11 1999, 17:45:02
  
  System Bootstrap Version: 5.2(1)
  

RE: Cisco Visio Stencil [7:65281]

[Mark Smith]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Steiven Poh-(Jaring MailBox)
Sent: Thursday, March 13, 2003 3:02 AM
To: [EMAIL PROTECTED]
Subject: Cisco Visio Stencil [7:65281]


Hi,

I'm trying search the visio stencil on cisco website and can't find it. Any
idea? :-)

Rgds,
Steiven




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65447t=65281
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: take me off this list, Please! [7:65428]

[Mark Smith]

If they're running out either he can't be that bad or his patients just
aren't that sick.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Symon Thurlow
Sent: Friday, March 14, 2003 2:55 PM
To: [EMAIL PROTECTED]
Subject: RE: take me off this list, Please! [7:65428]


Why? Are you a bad doctor?

-Original Message-
From: Edgar A. Howard [mailto:[EMAIL PROTECTED]
Sent: 14 March 2003 13:45
To: [EMAIL PROTECTED]
Subject: take me off this list, Please! [7:65428]


Someone please get me off this list. I have tried everything. I used
the website. Nothing works!  My patients is running out.
-edgar
=

 This email has been content filtered and
 subject to spam filtering. If you consider
 this email is unsolicited please forward
 the email to [EMAIL PROTECTED] and
 request that the sender's domain be
 blocked from sending any further emails.

=



=




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65475t=65428
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: The CCNP BSIN ( I Think Exam ) [7:63749]

[Mark Smith]

It's the BSCI (Building Scalable Cisco Internetworks) exam  - 640-901. I
took it about three weeks ago. It was tough for me but then I don't get as
much real-world hands on experience with routing protocols and such as I'd
like.

For info check here:
http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam
s/640-901.html


There is a new book out for the BSCI test
http://www.ciscopress.com/catalog/product.asp?product_id={E9CBCDAF-77DF-468E
-B2F6-C902C0B78D6F}

but I used the old for the the BSCN test and the info from here at Cisco on
IS-IS:
http://www.ciscopress.com/content/images/1578702283/downloads/2283newchap2.p
df?session_id={191E20FE-35FE-420B-94D2-D7BAA31347FC} and it worked out OK
for me.

I had 57 questions. Passing score was 700 out of 1000. I passed but I ain't
bragging about my score.
Strange as it might sound, most of my routing test was on routing protocols.
It was very pretty evenly spread between OSPF, BGP and IS-IS. Know them.
Really know IS-IS. Probably 20% of my test was on IS-IS. I was told to
expect 3 or 4 questions max on it but I had a lot more on mine. Understand
CLNP and CLNS. Had some questions on VLSM, redistributing and optimizing
routes, RIP2, EIGRP too - basically everything in the BSCN book and from the
pdf above. If you have access to a real lab or have one of your own (thank
you, eBay) you will be way ahead of the game. If you do, get the Cisco
Academy Semester 5  - Advanced Routing - info and do all the labs in there.
If you can't actually do them then study them. Don't know anything about the
router sims available. They may be a decent alternative to having access to
routers.  Someone else may be able to speak to that. Get familiar with the
commands to accomplish tasks within the individual protocols. There's a lot
of memorization in this test. It covers a lot of ground. And my test covered
a lot of some of it and a little of all of the rest of it. Only surprise I
had was how much IS-IS was on the test.

Boson, Fravo and TestKing make some decent practice tests too. Any one of
them would probably do as they're all pretty similar.


Good luck.


Mark


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Steven Aiello
Sent: Tuesday, February 25, 2003 11:23 AM
To: [EMAIL PROTECTED]
Subject: The CCNP BSIN ( I Think Exam ) [7:63749]


I have been readibng through the boards and from what I've seen the new
CCNP Routing exam seems to be a bear.  This is the next test I am
studying for.  Any one out there that have passed the test, that can
give me a generally study out line?  Also what books or test prep did
you use.

You guys ( and ladies ) are all great,
Steve




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63769t=63749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: bsci passed [7:62805]

[Mark Smith]

I took a class recently at a local juco that was very good. They used labs
from the Academy material aimed towards advanced router config. I have a lab
at home with a couple of 2600's and a couple of 2500's that I've picked up
off of eBay over the last couple of years and was able to do the labs over
again at home. What I blew thru in the class due to time constraints I was
able to dissect a little more completely and try different commands and such
with at home. As far as reading material I used the BSCN text book and
printed out the Cisco link on IS-IS that is available here (watch for text
wrap)
http://www.ciscopress.com/content/images/1578702283/downloads/2283newchap2.p
df?session_id={191E20FE-35FE-420B-94D2-D7BAA31347FC}
but I understand the actual BSCI text book is available now
http://www.ciscopress.com/catalog/product.asp?product_id={E9CBCDAF-77DF-468E
-B2F6-C902C0B78D6F}
I used a couple of practice tests that were very good but very similar to
each other in content. Either would have probably been enough.
http://www.fravo.com/cisco/index.htm and
http://216.197.111.79/testking/index.cfm?pageid=714productid=102
Both were outstanding (IMHO) conceptually. If you're looking for braindump,
these-are-exactly-the-questions-you'll-see-on-the-real-test-type study
guides then these aren't what you're looking for. I didn't see any *exact*
questions from either of these on my test but all of the concepts I found on
the test were covered in both of these. TestKing is a PDF and Fravo is a
little app that you run. Fravo probably has more questions but not any more
material is covered. They just ask the same type question 3 different ways.
From my experience with the test know IS-IS. I was told to expect maybe 3 or
4 questions on IS-IS. I got more like a dozen or maybe even more. The rest
was pretty evenly scattered thru all of the topics that the BSCI topics list
at Cisco has in it. No one area was hit any harder than any other in mine. I
did have fewer actual config the scenario questions than I expected.
Know how OSPF, BGP work and how to set them up. Understand route
sumarization and VLSM. Understand EIGRP and how it interacts with IGRP. Know
IS-IS and CLNS. Know route redistribution. Be familiar with RIP v2.
Basically, know everything in the BCSN book and IS-IS.
I know I'm Forrest Gump-like compared to most I see post here regularly so I
may not be the most accurate indicator of it's difficulty but that was my
toughest cert test of the eight that I've taken to date.





-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Faulk
Sent: Wednesday, February 12, 2003 8:53 AM
To: [EMAIL PROTECTED]
Subject: Re: bsci passed [7:62805]


Hey guys, what were your study materials?

John


On Tue, Feb 11, 2003 at 03:47:01PM +, Mark Smith wrote:
 Congratulations, Alejandro.

 That was a tough test for me too. I passed mine yesterday morning. I'm not
 exactly bragging about the score but I passed. Got a lot more on IS-IS
than
 I expected - about 20% or more of my test. Had only read about it. My home
 lab routers aren't beefy enough to set it up and play with it and I've
never
 used it in the real world. Guess I read enough about it though.

 On to switching.


 Mark



 Quoting Alejandro Quemada :

  Hi
  it4s mi first post
  I have just passes bsci test this morning. it was a
  bit hard but passing
  score 700
  [EMAIL PROTECTED]
--




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62893t=62805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: bsci passed [7:62805]

[Mark Smith]

Congratulations, Alejandro. 

That was a tough test for me too. I passed mine yesterday morning. I'm not
exactly bragging about the score but I passed. Got a lot more on IS-IS than
I expected - about 20% or more of my test. Had only read about it. My home
lab routers aren't beefy enough to set it up and play with it and I've never
used it in the real world. Guess I read enough about it though.

On to switching.

 
Mark



Quoting Alejandro Quemada :

 Hi
 it4s mi first post
 I have just passes bsci test this morning. it was a
 bit hard but passing
 score 700
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62806t=62805
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX firewall simultaneous connections [7:62575]

[Mark Smith]

I have approximately 2 million hits a day on web pages behind a pair of PIX
515's in failover and send out a little more than a million subscription
(not spam) email's every night and the only issue I have is that the
available 1550 (Ethernet) blocks drops to zero at times during the 3 or 4
hours in the middle of the night that I'm shoving out all of that email. We
even run some small animated Flash things on some pages however I don't
serve any streaming media. I do have FTP services that serve from 1500-2000
users anywhere from 10 to 100MB each daily. Now the FTP users are pulling
packages of graphics though, not 700MB ISO CD images. During the day, when
the lion's share of the web activity occurs, I never notice any of the PIX's
resources taxed to anywhere close to a point I consider worrisome. The boxes
I have to keep an eye on are my 3640 routers. That's where I see the meters
pegging, mostly in the mornings when people check their morning emails. I
used to have QoS running on them for certain traffic I wanted to restrict
bandwidth on but that absolutley choked the CPU's in the AM. Never seen a
router CPU run at 100% use and stay there until then. Had to remove it. Like
Charles said, a single user will open many connections one web page hit but
each individual connection not open too long. The PIX just keeps on chuggin'
right along. Now I run no encryption on that pair and have tunnels in from
the outside coming in thru another PIX that processes no web traffic. These
2 boxes are simple firewalls. I would like to upgrade to at least 525's (not
to mention a beefier router) or just a REALLY beefy router running firewall
IOS but, alas, it's not in the budget this year so I chug right along with
my 515's doing exactly what I need them to.  If you're not running really
big flash animations, streaming media or some other big bandwidth hog type
of traffic, you don't have a bunch of secure tunnels built or your 2 million
users don't all hit within a 2 hour time frame I really doubt you'll have
any issues with a 515 or bigger box but I would personally recommend bigger
than a 515 with the idea in mind of a liitle room for your business to grow
and not max'ing out the box in 6 months or a year.  Our traffic has only
seen modest growth over the last 2 years or so. I believe we still have
quite a bit more we can squeeze out of the PIX's before we have no choice
but to upgrade.

That's my experience anyway. Don't know how closely your requirements match
mine though. Hope this helps.
 

Mark


Quoting Charles Riley :

 I believe that if you check the Cisco website or
 documentation, you will see
 that it defines a session as a single TCP or UDP
 connection.  If somehow you
 had 2M users, yet their total number of sessions never
 exceeded 500K, then
 your firewall could handle 2M users.  I am not
 addressing performance at all
 here.
 
 Realistically, though, your users are going to have
 any number of sessions
 established as they read their email, check the web,
 download files, and so
 on.  It's possible that your 500K PIX firewall could
 only be able to handle
 about 5K or 50K of your users if they are the kind of
 users to keep hundreds
 or thousands of sessions going at once.
 
 HTH,
 
 Charles
 
 
 Kenan Ahmed Siddiqi  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hello groupies,
  I was reading the PIX book and it apparently said
 that the no. of
 connection
  supported by a PIX firewall (higher order) is
 500,000. Does this mean that
  upto 500,000 sessions can be established or
 something else? If so, what do
 I
  do if I have a thoroughput of say 2 million users?
 Thanks in adv.
 
  Cheers,
 
  Kenan
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62587t=62575
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Richard A. Deal Books [7:62027]

[Mark Smith]

I think his PIX book is very good. I've not found many errors in it but then
maybe I've not looked at it in as much depth as you have. If I have a gripe
about it it's for one thing. I use it as a desktop reference. Sometimes I'm
looking up how to accomplish X and find out that before I can do that I
need to accomplish A, B and/or C. The instructions will simply say That
process was covered earlier and won't be repeated here. Now to accomplish
X.  Earlier?  WhereEXACTLY? I've spent more time looking for
earlier sometimes than I do accomplishing the task at hand. Earlier in
this chapter under the blah heading or this was covered in the chapter on
blah blah would be helpful. As far as the info in the book goes I've found
stuff in there that I can't find at CCO (it may be there but I can't find
it) or anywhere other than maybe from tech in a TAC call. Either that or
I've had to look for it in a dozen different places and now it's all
together in one book.
It's the best book I've found on using a PIX. Beats the Cisco Press book on
the PIX by a long shot.
Don't know about any others he's written.

IMHO.

Mark



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam Sneed
Sent: Tuesday, January 28, 2003 9:57 AM
To: [EMAIL PROTECTED]
Subject: Re: Richard A. Deal Books [7:62027]


His PIX firewall book is OK. It does have a lot of errors in it though. Hope
his other books have proofreaders.


Joseph R. Taylor  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi Everyone,
 I'm interested in knowing how good Richard A. Deal's books are.
 Especially in reference to MCNS. Thank you in advance.
 Joseph R. Taylor
 MCSE, CCNP




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62036t=62027
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

REQ: Opinion from experienced folks regarding the [7:60619]

[Mark Smith]

I am thinking about enrolling in a CCNP non-credit track at a local
community college. As this is non-credit, it's considerably higher priced
than standard comm college classes - approx $5600 for the 4 CCNP track
classes. It's Cisco cirriculum and they have a pretty extensive lab facility
(but then so do I, at home). It's taught by an instructor that I respect
very much. I had him 8 or 9 years ago when I was first starting my education
for a career shift after 15 years in a crap job in a different part of the
technology field. He's a great instructor that takes a sabbatical
periodically to work as a network design contractor for a major telecomm
company in my geographical area. He then comes back to teach at the college.
He stays current with changing technology. So much for the particulars of
the school, at least as I see them.

My question is not about the quality of the class. That's strictly my call
and I'm sure it will be top notch as far as a class like this goes. My
question is more how far do classes like this go in the first place?.
What's the general feeling about the basic intrinsic value of this type of
quasi-boot camp style training. While this is not a true boot camp per se -
it's taught over a period of roughly a college semester with a week or two
breaks between the 4 modules - it's still fairly intensive training. How
valid is training like this from some of the more well known training
mills - Global Knowledge, etc?  I guess wondering whether in the opinion of
the folks that have been around for a while, generally are these classes a
big waste of $$$? Am I just throwing away five grand and change?  Are these
types of classes generally teaching a test or do they teach actual usable
knowledge or mabe both? I hear these advertisements for schools touting Get
the equivalent of 2 years of real world experience in 6 weeks...blah blah.
Call me crazy but I've always been of the belief that it takes you roughly
two years working in a field to get 2 years experience in it.  I took a
couple of ju co classes and spent lots of personal time studying to pass my
CCNA and MCSE. No boot camps or expensive training classes but then it took
me a couple of years to get them both. The junior college classes helped but
it still took a lot of digging on my own. I really don't want to be another
year and half or two years finishing my CCNP too. With all that I seem to
have to keep up with in my job it'll take me that long. I'd also like to
spend more time working with Cisco security but finding the time learn it on
my own, along with the hundred thousand other things I just have to stay
current on, is the trick.

For the last three years I've work as the network admin for a small dot com,
am CCNA and MCSE (woo hoo), do all the router and switch config and
monitoring, security and firewall work, I'm the Veritas guy, the Windows
guy, one of four Linux/UNIX guys here along with the half a million other
little administrative pains in my a#$ that fill my day. Before this current
job I was an NT admin at a large midwestern bank. Most of what I know I've
just dug out of books on my own - definitely the slow way to go for me as I
have to try to keep current on about 2000 different things or so it seems.
The world of technology that I'm exposed to at my current employer is pretty
small and I will never see some of what I'm learning for the CCNP tests
here. I have another personal agenda for this training in other prospects
for employment. I'm not doing it for a raise at my current position as my
current employer has never acknowledged any cert anyone here has. I'm doing
this for me but I don't want to think I'm moving forward when in fact I'm
just p---ing away a bunch of money for nothing. I'm paying for this training
myself. The company I'm with currently has no training budget.

Sorry about the length of this. This feels more like it should have been be
a whining letter to Dear Abby (Make my decison for me, Abby) than one to
the cisco study group asking for the experience of folks whose opinions I
value.  Bottom line is what is the general consensus towards the intensive
CCNP, or for that matter, CSS1(CSSP) or MCSE or any other of these types of
classes? Good?  Bad?  Why?  If this is a poor choice, then what's a better
way? Obviously I'm not asking about my specific school. I'm asking about the
concept of this type of training in general. I know that for you guys and
gals 5600 bucks is pocket change but for me it's almost a full week's.   : )

I have no doubt that I can learn this stuff on my own but I already spend at
least a couple of hours a day reading on all that I have to stay current
with. Maybe I'm Forrest Gump but teaching myself protocols that I don't see
used on equipment I rarely get to work with just ain't real easy for me. Do
these schools really help or are they just bank account vacuums? Any
observations are appreciated.

Thanks.






Message Posted at:

Re: Profession Cert or PhD!!! [7:60385]

[Mark Smith]

Quoting Jimmy :

 If you will given a choice, would you choose to go for
 PhD in networking
 area or juz stay in your field and pursuing profession
 certification such as
 CCNP/CCDP etc. Assume that both is fully sponsored,
 can anyone tell me which
 one will paid off in a long run?
 
 Cheers!
 


I'm not sure exactly what a doctorate would give you except the ability to
write prescriptions. Personally I have no need for that. I'd stick with the
CCNA...or better yet just an MCP and just forget the Cisco certsif it
were me.



(Silly questions demand even sillier reponses.)
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60432t=60385
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Good PIX book? [7:60039]

[Mark Smith]

Cisco PIX Firewalls - Richard Deal
ISBN: 0072225238
Osborne/McGraw Hill

or

Cisco PIX Firewalls - David Chapman
ISBN: 1587050358
Cisco Press

Deal hangs around this group some too. Not sure about Chapman.
Both are good. The CiscoPress book is a little more geared towards Cisco
firewall certification. Deal's book starts from basic Firewall 101 and
continues on thru some pretty advanced configuration of the PIX. Lots of
good troubleshooting/show command info in there too. I have 'em both on my
desk at work but use Deal's a lot more as a day to day reference.

There's probably other good ones aout there too. I know about these two.

Mark


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sam Sneed
Sent: Tuesday, December 31, 2002 2:28 PM
To: [EMAIL PROTECTED]
Subject: Good PIX book? [7:60039]


Can anyone recommend a good PIX book for a PIX beginner. i
ve got good understanding of TCP/IP and firewalls/pack filters but no PIX
experience.

Thanks

P.S.   HAPPY NEW YEARS from NYC!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60041t=60039
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco Work 2000 Manual user guide [7:58959]

[Mark Smith]

I was just curious. I've almost bought that one a couple of different times
in the past (at any given moment there are always two or three of them
listed) as it doesn't specifically state Sales Essentials as some of the
ones obviously geared towards sales folks do but I still wonder if it's very
detailed.  I think the info on Cisco's link that you also posted is just
what the doctor ordered.
Thanks.

Mark



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Leonardo FUK
Sent: Monday, December 16, 2002 1:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco Work 2000 Manual user guide [7:58959]


I think that you're right. This is (probably) one of the many sales-oriented
tools. It might have something technical, but not at the level you are
looking for.

But it's cheap, isn't it?

I'll look for something else then.

--
Leonardo Furtado
Network Engineering and Security Architecture



Mark Smith  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are
geared
 more to sales folks and, from what I gather, not too technical. Is this
one
 for folks that acutally install/configure/use the product or a 500 feet
high
 overview that highlights the strong points from a selling prespective?
 Thanks.


 Quoting Leonardo FUK :

  You may try these links:
 
  Documentation:
  http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm
 
  Self-paced CBT
  http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225
 
  Leonardo
 
  Han Chuan Alex Ang  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   hi, Anybody have ideas on book or site that reveal
  good information on how
   to install, configure and use Cisco Work 2000,
  thanks
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59317t=58959
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Work 2000 Manual user guide [7:58959]

[Mark Smith]

How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are geared
more to sales folks and, from what I gather, not too technical. Is this one
for folks that acutally install/configure/use the product or a 500 feet high
overview that highlights the strong points from a selling prespective?
Thanks.


Quoting Leonardo FUK :

 You may try these links:
 
 Documentation:
 http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm
 
 Self-paced CBT
 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225
 
 Leonardo
 
 Han Chuan Alex Ang  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  hi, Anybody have ideas on book or site that reveal
 good information on how
  to install, configure and use Cisco Work 2000, 
 thanks
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59264t=58959
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Mac network [7:58945]

[Mark Smith]

If you're talking about a $100 switch (like a NetGear or LinkSys) can you
even set any of the port parameters on that switch? No cheapy NetGear I've
seen allows you to do that.
If you hook up a Win2K/Linux/etc to this network do you have these same
problems?

Quoting John Smith :

 I have worked on Cisco, Cabletron and Nortel switches
 and I had to come with
 different solutions with.
 
 I think the switch ports are set to Auto Neg. ON. Try
 port setting to 100
 Half for G4s and 10 half for G3s and see what happens.
 
 Sayeed
 
 Dwayne Saunders  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Hi all Mac users
  I have a small problem with a network that I was
 asked to look at
  there is 6 end user machines and 1 server all
 connected via a switch the
  problem is that when connected to the switch network
 transfers to and from
  the server are very slow i.e. 100meg file take
 approx 18 minutes
  Now I have swapped the cheap $100 switch out and
 replaced it with a
 another
  one from the supplier still the same problem I then
 replaced the switch
 with
  a hub and now everything flies along
  The Mac's are running 9.2 os and from what I can see
 without doing a
 network
  capture there is speed and duplex conflict these
 settings cant be changed
 on
  this os.
 
  So any help with this would be greatly appreciated.
 
  Regards
 
  D'Wayne Saunders
  Data Network Administrator
 
  Phone: +61 8 8950 7742
  Mobile: +61 412 832 322
  Fax:   +61 8 8952 1112
 
  www.lasseters.com.au
 
  World's First Government Licensed and Regulated
 Online Casino...
 
 


  ***
  This email message (and attachments) may contain
 information that is
  confidential to Lasseters Online. If you are not the
 intended recipient
 you
  cannot use, distribute or copy the message or
 attachments. In such a case,
  please notify the sender  by return email
 immediately and erase all copies
  of the message and attachments. Opinions,
 conclusions and other
 information
  in this message and attachments that do not relate
 to the official
 business
  of Lasseters Online are neither given nor endorsed
 by it.
 


  ***
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59090t=58945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Mac network [7:58945]

[Mark Smith]

If I recall correctly, G3 beige mini-towers and older hardware all came with
10MB NICs. Without checking Apple's online specs site, I don't know what
generation laptops started using 10/100 cards - somewhere in the G3
generation I'd guess. What PC hardware is running on this network?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dwayne Saunders
Sent: Wednesday, December 11, 2002 10:32 AM
To: [EMAIL PROTECTED]
Subject: Mac network [7:58945]


Hi all Mac users
I have a small problem with a network that I was asked to look at
there is 6 end user machines and 1 server all connected via a switch the
problem is that when connected to the switch network transfers to and from
the server are very slow i.e. 100meg file take approx 18 minutes
Now I have swapped the cheap $100 switch out and replaced it with a another
one from the supplier still the same problem I then replaced the switch with
a hub and now everything flies along
The Mac's are running 9.2 os and from what I can see without doing a network
capture there is speed and duplex conflict these settings cant be changed on
this os.

So any help with this would be greatly appreciated.

Regards

D'Wayne Saunders
Data Network Administrator

Phone:  +61 8 8950 7742
Mobile: +61 412 832 322
Fax:  +61 8 8952 1112

www.lasseters.com.au

World's First Government Licensed and Regulated Online Casino...


***
This email message (and attachments) may contain information that is
confidential to Lasseters Online. If you are not the intended recipient you
cannot use, distribute or copy the message or attachments. In such a case,
please notify the sender  by return email immediately and erase all copies
of the message and attachments. Opinions, conclusions and other information
in this message and attachments that do not relate to the official business
of Lasseters Online are neither given nor endorsed by it.

***




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58998t=58945
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 640-901 Passed !!!!!!!!!! [7:59012]

[Mark Smith]

Quoting The Long and Winding Road :

 Btma1  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Well, I just passed it today with a score of 
 813.YEAH
  !!. My first towards CCNP status.
 
  The exam was straight forward, but some question are
 tricky and wordy.
  The simulation is based, (for my exam) on what you
 are good at
  configuring. I realized this after the exam.
  Before the exam there was a survey asking you if you
 are strong in
  configuration with routing protocol. I happen to
 tick that I was strong
  with configuring OSPF. My suggestion is to know all
 configuration for
  all IP routing protocols. And select the routing
 protocol that you are
  confident with this survey. That is, ticking the
 'Expert or
  Intermediate' box for confidence in configuration of
 routing protocol/s
  that you are familiar with. example OSPF, EIGRP,
 BGP, and IS-IS.
 
 
 CL: assuming this is true, I recommend everyone check
 the strong on RIP v1
 box   ;-


LMAO!


 CL: BTW, CONGRATULATIONS


Congrats, Binh!!


 
 
 
 
  Anyway, I hope those sitting for the 640-901 exam
 will find this
  helpful. As for me the next will be the  Remote
 640-605 exam.Good
  Luck !!!
 
  Binh
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59014t=59012
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Graphical Bandwidth Utilization [7:58819]

[Mark Smith]

MRTG is what I use. Runs in Linux or Windows. (Maybe UNIX too. Didn't try.)
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/

A troublesome for me to get it working in Linux. Had problems with the gd
library but I backed up a couple versions older than the latest and it works
fine now. No troubles getting it working in Microsoft-land.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Matthews
Sent: Monday, December 09, 2002 2:49 PM
To: [EMAIL PROTECTED]
Subject: Graphical Bandwidth Utilization [7:58819]


Does anyone have any sugestions for how I can monitor the port on my router
that is connected to my Internet T1 in a way that I can generate a graphical
representation of the bandwidth utilization through out a normal business
day??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58826t=58819
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: MRTG related [7:58497]

[Mark Smith]

Kevin's right. The perl process stopped running (evidently at a high traffic
time on the firewall) on the Linux box I've got MRTG running on over a
weekend. I got a steady high traffic flat line over a weekend during which
time use is usually low.  Scratched my head on that one for a little while
until I decided to stop and restart the daemon, did a ps to find the process
ID to kill it and discovered it wasn't even running. It appeared to continue
to populate with the last good number it got from the firewall. As soon as I
restarted it all was well in mrtg-land again.


Quoting Kevin Stone :

 Check that MRTG is still connecting to the router.  If
 MRTG loses
 connectivity it will continue to use the last number
 it had.  If this
 was during a peak it would look like the utilization
 had jumped up.  It
 could also simply be increased usage.
 
 -Kevin
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]] On 
  Behalf Of puro prasad
  Sent: Tuesday, December 03, 2002 5:50 PM
  To: [EMAIL PROTECTED]
  Subject: MRTG related [7:58497]
  
  
  I am running mrtg to monitor one of my ethernet
 ports on the 
  router. Since a few days, the utilization shown has
 raised 
  4fold though no major changes have been carried out
 on the 
  intranet. Anybody aware of any such problem. regs.,
 prasad.
  Report misconduct 
  and Nondisclosure violations to [EMAIL PROTECTED]
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58524t=58497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Learnkey or Keystone learning [7:58303]

[Mark Smith]

Have you taken anything from them, NetEng? The concept is VERY cool but I've
never heard of them (not that I know everything about everything but I do
try to keep up on affordable training options available). Just makes me
wonder what the training is like. I see several schools that I'd like to
attend but I live/work in Kansas City, not exactly one of the primo stops on
Global Knowledge's or any of the other traveling road shows classroom tours.
I go to Chicago or Dallas or ??? to take one of their classes I have the
costs of the school, the transportation out there and meals/lodging while
I'm there. Don't know about most businesses these days but training budgets
where I work are just about non-existent. I'll probably end up pay for the
frickin' class myself here if I take a couple of them.  Knowledgenet's costs
are quite reasonable for what they offer, there's no travel involved and yet
it's live training. Sounds like the best of all worlds for me but what's
their training like?

Thanks.

   

Quoting NetEng :

 Take a look at knowledgenet.com.  They have some
 pretty good training.
 
 Kazan, Naim  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I am interested in purchasing CBT's for my Cisco
 security certifications.
 I
  was just curious of your opinions on learnkey
 product for the PIX, VPN ,
  etc... by Michael Storm and Keystone in general.
 
  -Original Message-
  From: Mark Smith [mailto:[EMAIL PROTECTED]]
  Sent: Friday, November 29, 2002 2:47 PM
  To: [EMAIL PROTECTED]
  Subject: Re: CSS1/CCSP [7:58241]
 
 
  I was teasing, Richard. I ordered yours and a new
 one by a Callisma(?) and
  Umer Khan called Cisco Security Specialist's Guide
 to PIX Firewall from
  Bookpool.com yesterday after the post here
 mentioning it. When are you
 going
  to write one for CiscoPress anyway? I'm surprised
 they haven't approached
  you about it. Never did understand why Ceeesco used
 to have Firewall IOS
  covered on the PIX test anyway. Glad to see they've
 changed it. While I
 may
  go for CCSP the reason I bought yours is because of
 the areas you cover in
  it. I work with PIX's and have no training on them.
 It's a small part of
 my
  daily chores and I don't have the time to devote to
 learning about them
 that
  I wish I did. Too many other things to do and keep
 up with. Not much
  available on the PDM. Cisco's got squat on their
 site about it other than
  installation. Wonder what all I can do thru the PDM
 that I just don't know
  about.
  Thanks for writing the book.
 
  Mark
 
  Quoting Richard Deal :
 
   Mark,
  
   Actually, Mark, I'm one step ahead of you :-). My
 PIX
   book came out at the
   end of October from McGraw-Hill/Osborne. I wrote
 it as
   a non-certification
   book, but it covers everything you'd see on the
 new
   PIX exam. You can check
   out a free chapter on Osborne's web site:
  
 http://shop.osborne.com/cgi-bin/osborne/0072225238.html
   (watch the wrap!).
  
   I also have some extra stuff on my web site that I
   couldn't fit in the book
   because of page constraints. Just vist my home
 page
   below.
  
   Cheers!
   --
  
   Richard A. Deal
  
   Visit my home page at
   http://home.cfl.rr.com/dealgroup/
  
   Author of Cisco PIX Firewalls, CCNA Secrets
 Revealed!,
   CCNP Remote Access
   Exam Prep, CCNP Switching Exam Cram, and CCNP
 Cisco
   LAN Switch Configuration
   Exam Cram
  
   Cisco Test Prep author for QuizWare, providing the
   most comprehensive Cisco
   exams on the market.
  
  
  
   Mark Smith  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
So when are you going to write one, Rich?
We're waiting.   :)
   
   
Quoting Richard Deal :
   
 John,

 The CSS1 exams are valid until the end of
 January,
 upon which you must take
 the new exams. CiscoPress doesn't have any
 books
   out
 yet on the new tests.

 Cheers!
 --

 Richard A. Deal

 Visit my home page at
 http://home.cfl.rr.com/dealgroup/

 Author of Cisco PIX Firewalls, CCNA Secrets
   Revealed!,
 CCNP Remote Access
 Exam Prep, CCNP Switching Exam Cram, and CCNP
   Cisco
 LAN Switch Configuration
 Exam Cram

 Cisco Test Prep author for QuizWare, providing
 the
 most comprehensive Cisco
 exams on the market.


 John Cianfarani  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Can we still write CSS1 or has it been
 replaced
   with
 the CCSP?
 
  Thanks
  John
 
  -Original Message-
  From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, November 28, 2002 8:30 PM
  To: [EMAIL PROTECTED]
  Subject: RE: CSS1/CCSP [7:58241]
 
  I havent take the new CSI exam, but for CSS1
 i
 suggest you do the
  following
  : MCNS - PIX - VPN - IDS, and if you already
   pass
 all of them, i dont
  think
 

Re: CSS1/CCSP [7:58241]

[Mark Smith]

So when are you going to write one, Rich?  
We're waiting.   :)


Quoting Richard Deal :

 John,
 
 The CSS1 exams are valid until the end of January,
 upon which you must take
 the new exams. CiscoPress doesn't have any books out
 yet on the new tests.
 
 Cheers!
 --
 
 Richard A. Deal
 
 Visit my home page at
 http://home.cfl.rr.com/dealgroup/
 
 Author of Cisco PIX Firewalls, CCNA Secrets Revealed!,
 CCNP Remote Access
 Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco
 LAN Switch Configuration
 Exam Cram
 
 Cisco Test Prep author for QuizWare, providing the
 most comprehensive Cisco
 exams on the market.
 
 
 John Cianfarani  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Can we still write CSS1 or has it been replaced with
 the CCSP?
 
  Thanks
  John
 
  -Original Message-
  From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, November 28, 2002 8:30 PM
  To: [EMAIL PROTECTED]
  Subject: RE: CSS1/CCSP [7:58241]
 
  I havent take the new CSI exam, but for CSS1 i
 suggest you do the
  following
  : MCNS - PIX - VPN - IDS, and if you already pass
 all of them, i dont
  think
  you would have problems with CSI.
 
 
  Ardi
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58292t=58241
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CSS1/CCSP [7:58241]

[Mark Smith]

I was teasing, Richard. I ordered yours and a new one by a Callisma(?) and
Umer Khan called Cisco Security Specialist's Guide to PIX Firewall from
Bookpool.com yesterday after the post here mentioning it. When are you going
to write one for CiscoPress anyway? I'm surprised they haven't approached
you about it. Never did understand why Ceeesco used to have Firewall IOS
covered on the PIX test anyway. Glad to see they've changed it. While I may
go for CCSP the reason I bought yours is because of the areas you cover in
it. I work with PIX's and have no training on them. It's a small part of my
daily chores and I don't have the time to devote to learning about them that
I wish I did. Too many other things to do and keep up with. Not much
available on the PDM. Cisco's got squat on their site about it other than
installation. Wonder what all I can do thru the PDM that I just don't know
about.
Thanks for writing the book.

Mark

Quoting Richard Deal :

 Mark,
 
 Actually, Mark, I'm one step ahead of you :-). My PIX
 book came out at the
 end of October from McGraw-Hill/Osborne. I wrote it as
 a non-certification
 book, but it covers everything you'd see on the new
 PIX exam. You can check
 out a free chapter on Osborne's web site:
 http://shop.osborne.com/cgi-bin/osborne/0072225238.html
 (watch the wrap!).
 
 I also have some extra stuff on my web site that I
 couldn't fit in the book
 because of page constraints. Just vist my home page
 below.
 
 Cheers!
 --
 
 Richard A. Deal
 
 Visit my home page at
 http://home.cfl.rr.com/dealgroup/
 
 Author of Cisco PIX Firewalls, CCNA Secrets Revealed!,
 CCNP Remote Access
 Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco
 LAN Switch Configuration
 Exam Cram
 
 Cisco Test Prep author for QuizWare, providing the
 most comprehensive Cisco
 exams on the market.
 
 
 
 Mark Smith  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  So when are you going to write one, Rich?
  We're waiting.   :)
 
 
  Quoting Richard Deal :
 
   John,
  
   The CSS1 exams are valid until the end of January,
   upon which you must take
   the new exams. CiscoPress doesn't have any books
 out
   yet on the new tests.
  
   Cheers!
   --
  
   Richard A. Deal
  
   Visit my home page at
   http://home.cfl.rr.com/dealgroup/
  
   Author of Cisco PIX Firewalls, CCNA Secrets
 Revealed!,
   CCNP Remote Access
   Exam Prep, CCNP Switching Exam Cram, and CCNP
 Cisco
   LAN Switch Configuration
   Exam Cram
  
   Cisco Test Prep author for QuizWare, providing the
   most comprehensive Cisco
   exams on the market.
  
  
   John Cianfarani  wrote in message
   [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Can we still write CSS1 or has it been replaced
 with
   the CCSP?
   
Thanks
John
   
-Original Message-
From: [EMAIL PROTECTED]
   [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 28, 2002 8:30 PM
To: [EMAIL PROTECTED]
Subject: RE: CSS1/CCSP [7:58241]
   
I havent take the new CSI exam, but for CSS1 i
   suggest you do the
following
: MCNS - PIX - VPN - IDS, and if you already
 pass
   all of them, i dont
think
you would have problems with CSI.
   
   
Ardi
   [EMAIL PROTECTED]
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58299t=58241
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Forrest Gump-like arp(?) question [7:56680]

[Mark Smith]

I need to replace a router in a cabinet at the facility where my hosted
servers and equipment is. My equipment is talking to the hosting
facility's network via a port on a 6509 switch. I replaced my router and
then nothing from my network could connect to the outside world. I waited
about 2 minutes (during which time my entire site's down and my bosses get
VERY nervous) and I never was able to connect from inside and my tester on
the outside was never able to get in to me. I finally put router #1 back in
and all was well again. I've scoured the configuration and #2's is identical
with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the
reason for this is the 6509 port's ARP cache is looking for the MAC address
of router #1 and it ain't there anymore. Would this ass-u-me-ption be
correct or is it possibly something else I'm not thinking/aware of? If it is
an ARP issue, is there a way that I can remotely force the 6509 port to
reset/clear/refresh it's ARP cache? I'm at a Sprint facility and I'd sooner
get a live body (that's not a first level phone answerer anyway) to talk to
me when I'm calling Mars than trying to get one at Sprint.

Any ideas/thoughts/chastisements on missing the obvious here? As much as I'd
like to work with Cisco gear full time, it's only a very small part of my
current job and, consequently, due to my lack of familiarity with what you
guys do all day every day, it's very likely that I'm missing something that
all in the world except me know about.
Thanks for any help or ideas. 

Mark




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56680t=56680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Forrest Gump-like arp(?) question [7:56680]

[Mark Smith]

Thanks. I'll try that.
  
I say the routers are identical. They are in config  but not in IOS version.
I need to implement some traffic policing and shaping using some commands
that aren't available in the IOS version currently on #1. #2 has the latest
IOS but w/o any of the QOS set up yet. My eventual goal is to have the two
routers at the same IOS with shaping and policing setup in HSRP. I want to
add #2 in while I take #1 offline and bring it up to the same IOS version. I
guess that once #1 is back in the mix and I have HSRP setup then this will
all be moot.

Out of my own curiosity, if it turns out that it is the problem is there a
way to force a refresh of the 6509 switch port other than tracking down
someone at Sprint to manually clear it?
  

Quoting Router Man :

 Change the mac-address of the second router to the
 mac-address of the first
 router using the mac-address
 comand.  This will answer your question about the
 arp-cache.
 
 router(config-if)#mac-address ..
 
 Mark Smith  wrote in message
 news:200211011409.OAA10912;groupstudy.com...
  I need to replace a router in a cabinet at the
 facility where my hosted
  servers and equipment is. My equipment is talking
 to the hosting
  facility's network via a port on a 6509 switch. I
 replaced my router and
  then nothing from my network could connect to the
 outside world. I waited
  about 2 minutes (during which time my entire site's
 down and my bosses get
  VERY nervous) and I never was able to connect from
 inside and my tester on
  the outside was never able to get in to me. I
 finally put router #1 back
 in
  and all was well again. I've scoured the
 configuration and #2's is
 identical
  with #1 so I don't believe that is the problem. I'm
 ass-u-me-ing that the
  reason for this is the 6509 port's ARP cache is
 looking for the MAC
 address
  of router #1 and it ain't there anymore. Would this
 ass-u-me-ption be
  correct or is it possibly something else I'm not
 thinking/aware of? If it
 is
  an ARP issue, is there a way that I can remotely
 force the 6509 port to
  reset/clear/refresh it's ARP cache? I'm at a Sprint
 facility and I'd
 sooner
  get a live body (that's not a first level phone
 answerer anyway) to talk
 to
  me when I'm calling Mars than trying to get one at
 Sprint.
 
  Any ideas/thoughts/chastisements on missing the
 obvious here? As much as
 I'd
  like to work with Cisco gear full time, it's only a
 very small part of my
  current job and, consequently, due to my lack of
 familiarity with what you
  guys do all day every day, it's very likely that I'm
 missing something
 that
  all in the world except me know about.
  Thanks for any help or ideas.
 
  Mark
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56687t=56680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Forrest Gump-like arp(?) question [7:56680]

[Mark Smith]

Unfortunately I don't have access to the 6509 or it would be a done deal. My
stuff's at a Sprint co-lo facility and getting thru to a live tech across
the country at Sprint is next to impossible. The 6509 is theirs and is what
I connect to on their network to get out to the world. I was just looking
for a way to force their equipment to clear or refresh it's arp cache.
Thanks.

Quoting Priscilla Oppenheimer :

 Can't you just do a clear arp on the 6509? That's a
 commonly-used IOS
 command. I would assume it works on the 6509. Or
 should I say ass-u-me it
 works. :-)
 
 Priscilla
 
 Mark Smith wrote:
  
  I need to replace a router in a cabinet at the
 facility where
  my hosted servers and equipment is. My equipment is
 talking
  to the hosting facility's network via a port on a
 6509 switch.
  I replaced my router and then nothing from my
 network could
  connect to the outside world. I waited about 2
 minutes (during
  which time my entire site's down and my bosses get
 VERY
  nervous) and I never was able to connect from inside
 and my
  tester on the outside was never able to get in to
 me. I finally
  put router #1 back in and all was well again. I've
 scoured the
  configuration and #2's is identical with #1 so I
 don't believe
  that is the problem. I'm ass-u-me-ing that the
 reason for this
  is the 6509 port's ARP cache is looking for the MAC
 address of
  router #1 and it ain't there anymore. Would this
 ass-u-me-ption
  be correct or is it possibly something else I'm not
  thinking/aware of? If it is an ARP issue, is there a
 way that I
  can remotely force the 6509 port to
 reset/clear/refresh it's
  ARP cache? I'm at a Sprint facility and I'd sooner
 get a live
  body (that's not a first level phone answerer
 anyway) to talk
  to me when I'm calling Mars than trying to get one
 at Sprint.
  
  Any ideas/thoughts/chastisements on missing the
 obvious here?
  As much as I'd like to work with Cisco gear full
 time, it's
  only a very small part of my current job and,
 consequently, due
  to my lack of familiarity with what you guys do all
 day every
  day, it's very likely that I'm missing something
 that all in
  the world except me know about.
  Thanks for any help or ideas. 
  
  Mark
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56709t=56680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Forrest Gump-like arp(?) question [7:56680]

[Mark Smith]

Unfortunately I'm about 70 miles from the equipment right now. I'm headed
that way tomorrow AM and will try it then.
Thanks.

Quoting routerman :

 Did changing the Mac address work?
 
 
 Mark Smith  wrote in message
 news:200211011409.OAA10912;groupstudy.com...
  I need to replace a router in a cabinet at the
 facility where my hosted
  servers and equipment is. My equipment is talking
 to the hosting
  facility's network via a port on a 6509 switch. I
 replaced my router and
  then nothing from my network could connect to the
 outside world. I waited
  about 2 minutes (during which time my entire site's
 down and my bosses get
  VERY nervous) and I never was able to connect from
 inside and my tester on
  the outside was never able to get in to me. I
 finally put router #1 back
 in
  and all was well again. I've scoured the
 configuration and #2's is
 identical
  with #1 so I don't believe that is the problem. I'm
 ass-u-me-ing that the
  reason for this is the 6509 port's ARP cache is
 looking for the MAC
 address
  of router #1 and it ain't there anymore. Would this
 ass-u-me-ption be
  correct or is it possibly something else I'm not
 thinking/aware of? If it
 is
  an ARP issue, is there a way that I can remotely
 force the 6509 port to
  reset/clear/refresh it's ARP cache? I'm at a Sprint
 facility and I'd
 sooner
  get a live body (that's not a first level phone
 answerer anyway) to talk
 to
  me when I'm calling Mars than trying to get one at
 Sprint.
 
  Any ideas/thoughts/chastisements on missing the
 obvious here? As much as
 I'd
  like to work with Cisco gear full time, it's only a
 very small part of my
  current job and, consequently, due to my lack of
 familiarity with what you
  guys do all day every day, it's very likely that I'm
 missing something
 that
  all in the world except me know about.
  Thanks for any help or ideas.
 
  Mark
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56714t=56680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Forrest Gump-like arp(?) question [7:56680]

[Mark Smith]

Boy do I feel like a dumb*!$# about now..

In an effort to reduce downtime I booted #2 and let it get completely thru
the boot process BEFORE switching the wiring around to take #1 down and
bring #2 online, AFTER it had already done the ARP broadcast you mention
below.
I won't get a chance to try it until tomorrow but why do I get the strong
feeling that it's gonna work fine when I do?
For my own curiosity I'm gonna try what routerman suggested too. I've not
tried to manully set a MAC address on anything before. I always either used
the burned in address or let the processes running decide if they want to
use virtual addresses.

I guess that's why you're PRISCILLA and I'm forrest.

I guess it's true what my mama always said
Life is like a box of chocolates.

Thanks.

fg


Quoting Priscilla Oppenheimer :

 A cisco router broadcasts a gratuitous ARP response
 announcing to the world
 its IP address when it boots. See this example:
 
 Ethernet Header
   Destination:  FF:FF:FF:FF:FF:FF  Ethernet
 Broadcast
   Source:   00:00:0C:3F:00:D4
   Protocol Type:0x0806  IP ARP
 ARP - Address Resolution Protocol
   Hardware: 1  Ethernet (10Mb)
   Protocol: 0x0800  IP
   Hardware Address Length:6
   Protocol Address Length:4
   Operation:2  ARP Response
   Sender Hardware Address:00:00:0C:3F:00:D4
   Sender Internet Address:172.16.10.1
   Target Hardware Address:FF:FF:FF:FF:FF:FF  Ethernet
 Broadcast
   Target Internet Address:172.16.10.1
 
 Is your router not doing that for some reason? You
 could do some sniffing to
 see whether it does it. The gratuitous ARP should put
 the right ARP data
 into the 6509's ARP cache.
 
 So, I'm wondering if the ARP cache is the real
 problem. 
 
 When you had the new router installed, what did show
 int ethernet display?
 Was it up/up?
 
 Can you send us some of your config for some more
 clues??
 
 ___
 
 Priscilla Oppenheimer
 www.troubleshootingnetworks.com
 www.priscilla.com
 
 Mark Smith wrote:
  
  Unfortunately I don't have access to the 6509 or it
 would be a
  done deal. My stuff's at a Sprint co-lo facility and
 getting
  thru to a live tech across the country at Sprint is
 next to
  impossible. The 6509 is theirs and is what I connect
 to on
  their network to get out to the world. I was just
 looking for a
  way to force their equipment to clear or refresh
 it's arp cache.
  Thanks.
  
  Quoting Priscilla Oppenheimer :
  
   Can't you just do a clear arp on the 6509?
 That's a
   commonly-used IOS
   command. I would assume it works on the 6509. Or
   should I say ass-u-me it
   works. :-)
   
   Priscilla
   
   Mark Smith wrote:

I need to replace a router in a cabinet at the
   facility where
my hosted servers and equipment is. My equipment
 is
   talking
to the hosting facility's network via a port on
 a
   6509 switch.
I replaced my router and then nothing from my
   network could
connect to the outside world. I waited about 2
   minutes (during
which time my entire site's down and my bosses
 get
   VERY
nervous) and I never was able to connect from
 inside
   and my
tester on the outside was never able to get in
 to
   me. I finally
put router #1 back in and all was well again.
 I've
   scoured the
configuration and #2's is identical with #1 so I
   don't believe
that is the problem. I'm ass-u-me-ing that the
   reason for this
is the 6509 port's ARP cache is looking for the
 MAC
   address of
router #1 and it ain't there anymore. Would this
   ass-u-me-ption
be correct or is it possibly something else I'm
 not
thinking/aware of? If it is an ARP issue, is
 there a
   way that I
can remotely force the 6509 port to
   reset/clear/refresh it's
ARP cache? I'm at a Sprint facility and I'd
 sooner
   get a live
body (that's not a first level phone answerer
   anyway) to talk
to me when I'm calling Mars than trying to get
 one
   at Sprint.

Any ideas/thoughts/chastisements on missing the
   obvious here?
As much as I'd like to work with Cisco gear full
   time, it's
only a very small part of my current job and,
   consequently, due
to my lack of familiarity with what you guys do
 all
   day every
day, it's very likely that I'm missing something
   that all in
the world except me know about.
Thanks for any help or ideas. 

Mark
   [EMAIL PROTECTED]
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56717t=56680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP dumps????????????? [7:55156]

[Mark Smith]

To paraphrase an old Saturday Night Live routine:
Robertyou ignorant slut

Did you happen to notice Erwin's email address?
Erwin  
SG = Singapore.

Erwin's comments *were* pretty stupid. Almost as stupid as yours. Take your
US bashing somewhere else.

 

Quoting Robert Edmonds :

 Nice racist attitude there.  Nothing like good ole
 American bigotry posted
 all over the global Internet to win world favor.  Keep
 it up!!!
 
 Erwin  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Go and find it in your own country !
 
  Vinod Raju  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   Could someone please tell me where to avail latest
 CCNP dumps especially
  for
   BSCI (routing) and BSCSN (switching)?
  
   Please reply fast 
  
   Thanx in advance,
  
   Raj
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55176t=55156
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ISDN-SIMULATION [7:51598]

[Mark Smith]

I've not tried this one but this is the cheapest simulator I've seen. 

http://www.vconsole.net/simulator_isdn.html

Any one used this one? There are several others but all others I've seen are
more than $1000. Maybe they have other functionality that this one doesn't
but I can't imagine much else but a simple 2BRI ISDN connection that I'd need.

Here's another one:

http://www.cheapisdn.com/
(I usually see this one sell for about $1K on eBay)

And a couple on eBay currently:

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2046342178
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2046745550
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2046406202

Not exactly cheap and I'm sure that they're not what you were looking for
but they'll do what you are looking for.

With any of these you can use the S/T ports that you have available on your
existing hardware.
 

Quoting crow :

 Hi Group,
 need some advise what would be the best way to
 simulate a isdn connecten.
 (also the cheapest plz)
 my current lab include: 2x2501, 1x2503(1
 BRIS/T),1x4000,1x4000m(8 briS/T)
 maybe some of you are having some experience and want
 to help me.
 
 Thx in advance
 Andy
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51603t=51598
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Notes on salaries [7:51052]

[Mark Smith]

Quoting Robert D. Cluett :

 I like this statement
 
 Times have changed, he said. Six years ago the
 technology was complex.
 Certification was important because it told an
 employer and customers that
 the certified professional could find his way around
 complicated networks.
 But now networks are easier to install and maintain.
 Now they've dumbed it down to the point where a
 12-year-old can install a
 Cisco router, Mazurek said.



Spoken like a true member of upper management.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51085t=51052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Anniversary [7:45937]

[Mark Smith]

Quoting Andrew Smith :

 On 06-Jun-2002, Howard C. Berkowitz wrote:
  At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote:
  Exactly one year as a made man. Time to start
 studying for the recert.
 So,
  I'm back!
  
  Ken
  #7544
  
  
  I'm not sure I like the examplewhat if the Mafia
 required you to 
  recertify in making your bones?
  
  :-)
  
  Might be useful for Noo Yawk CCIEs
 
 Be sure to study the newly implemented equine
 fragmentation protocol when
 translating from STABLE to BED.
  

Aaa.fuhgit uhbow dit


 ---
   ** Andrew W. Smith ** [EMAIL PROTECTED] ** Senior
 Network Engineer **
 ** http://www.neosoft.com/neosoft/staff/andrew **
 1-888-NEOSOFT **
  ** NeoSoft, Inc. An Internet America Company 
 1-800-BE-A-GEEK **
** Opportunities multiply as they are seized
 - Sun Tzu **
 ---
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45961t=45937
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: yes i tried the groupstudy site and when all i [7:31036]

[Mark Smith]

I'm in Hotel California. 
I can check out but I can never leave.   :D




Quoting Tom Lisa :

 Paul,
 
 Hey, here's an idea.  Membership is free, removal by
 list owner requires
 a fee.  Maybe then they will pay attention.  Well, at
 least they will
 pay.  :)
 Considering how many can't unsubscribe, you should
 cover the cost of
 several new servers in no time.
 
 Prof. Tom Lisa, CCAI
 Community College of Southern Nevada
 Cisco Regional Networking Academy
  
 
 Paul Borghese wrote:
 
   [EMAIL PROTECTED] wrote:
   
When i said i tried everything , i tried
 everything, the
unsubscribe command
at the sites and all other avenues and got back
 undeliverable
mail
 
   I am not sure what was the problem as I was able to
 unsubscribe you
   by using
   the Listserver box on www.groupstudy.com. 
 Following the
   instructions
   included in the link at the bottom of every e-mail
 would have also
   worked.
 
   So I am open to suggestions.  I think it is pretty
 easy to get off
   the list,
   but am always open to suggestions on how to make it
 even easier.
 
   Paul Borghese
   [EMAIL PROTECTED]
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31118t=31036
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: yes i tried the groupstudy site and when all i [7:31071]

[Mark Smith]

Try emailing [EMAIL PROTECTED] and ask them to remove you.


Quoting [EMAIL PROTECTED] :

 When i said i tried everything , i tried everything,
 the unsubscribe command 
 at the sites and all other avenues and got back
 undeliverable mail
 
 thank you,
 joseph
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31071t=31071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: yes i tried the groupstudy site and when all i [7:31036]

[Mark Smith]

If I were guessing I would guess that the problem could be @aol.com.

Possibly on several levels.

 

Quoting Paul Borghese :

 [EMAIL PROTECTED] wrote:
  
  When i said i tried everything , i tried everything,
 the
  unsubscribe command
  at the sites and all other avenues and got back
 undeliverable
  mail
 
 I am not sure what was the problem as I was able to
 unsubscribe you by using
 the Listserver box on www.groupstudy.com.  Following
 the instructions
 included in the link at the bottom of every e-mail
 would have also worked.
 
 So I am open to suggestions.  I think it is pretty
 easy to get off the list,
 but am always open to suggestions on how to make it
 even easier.
 
 Paul Borghese
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31097t=31036
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF across PIX [7:24608]

[Mark Smith]

Try these for the access-group commands:

access-group 101 in interface inside
access-group 102 in interface outside


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Patrick Ramsey
Sent: Tuesday, October 30, 2001 9:22 AM
To: [EMAIL PROTECTED]
Subject: Re: OSPF across PIX [7:24608]


ahhh.. I may have to investigate this...   This is interesting.  I didn't
realize pix had this abillity!

-Patrick

 Engelhard M. Labiro  10/30/01 12:26AM 
Pat,

Since OSPF uses IP protocol 89, permit this protocol between
the two OSPF routers with access-list applied at outside and inside
PIX interfaces, something like this:
access-list 101 permit 89 host 1.1.1.1 host 2.2.2.2
access-list 102 permit 89 host 2.2.2.2 host 1.1.1.1
access-group 101 interface inside
access-group 102 interface outside

At the OSPF routers, put neighbour command, so they can speak
each other directly without multicasting the hello packets.

Hope you get the idea.

- Original Message -
From: pat
To:
Sent: Tuesday, October 30, 2001 1:01 PM
Subject: OSPF across PIX [7:24608]


 Does anybody has any ideas on how to run OSPF across
 firewall. What ports to be open  how to make router
 esablish nighbour relations across firewall.

 Any thought on this will be greatly appriciated.

 Thanks,
 patterson.

 __
 Do You Yahoo!?
 Make a great connection at Yahoo! Personals.
 http://personals.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24664t=24608
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 'It's not the US they want to destroy. It's our arrogance' [7:20005]

[Mark Smith]

I might say the same thing to you.
Our American hearts go out to you. You'll pull through Gareth.
You always do.  :)

Mark Smith



PS: Thanks for the kind words.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Gareth Hinton
Sent: Thursday, September 13, 2001 8:32 PM
To: [EMAIL PROTECTED]
Subject: Re: 'It's not the US they want to destroy. It's our arrogance'
[7:19889]




I have no answers,




Which is especially unfortunate as I have a CIT exam in 9 hours.



Our British hearts go out to the people of the US during these terrible
times.
You'll pull through, you always do.







Curtis Phillips  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am curious if our non-American friend would attempt to defend the
British
 government and their history of foriegn
 policy?
 - Original Message -
 From: A non-American
 To:
 Sent: Thursday, September 13, 2001 1:20 PM
 Subject: RE: 'It's not the US they want to destroy. It's our arrogance'
 [7:19805]


  Gutless ? What cause would you train months for with a guarantee of
death
 or
  life imprisonment ?
 
  The facts as I see them are -
 
  A. the victims were blameless and deserved nothing of what they
received.
 My
  heart goes out especially to the rescue crews, imagine dying trying to
 help!
 
  B. the organisation and commitment was amazing, in a nuclear world
  retaliation must be very precise and fully calculated rather than
 knee-jerk.
  Do not underestimate these people, it would be very dumb indeed to
assume
  that they are less intelligent than yourselves.
 
  C. many reading this will not like this but the actions of the US
 government
  for decades has been in the interest of the US and much blood has been
 spilt
  by them and 3rd parties funded by them. Is the hatred you feel for your
  attackers of your people less valid than theirs ? What attack against
 these
  people would you find unacceptable ? The gloves are off - no ? Somebody
 else
  out there feels this against your country. The US must try and find
these
  people to make them answer for this but must also look inwards at the
same
  time!! priority is to stop it happening again no ? Look at the tit for
tat
  mess Israel is in...
 
  I'm English and for a long time American money has paid for bullets and
  semtex used in my country - children are dead as are many policemen not
to
  mention the civilians popped off because they have the wrong religion.
The
  level of ignorance in the US is truly amazing, everybody outside the US
is
  disgusted by this act but not many are asking why, we've got a pretty
good
  idea.
 
  Word of advice - we get CNN too and it's biased as hell, listen to the
 news
  from somewhere ANYWHERE else once in a while.
 
  A non-American
 
 
 
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  Fenech, William J
  Sent: 13 September 2001 01:55
  To: [EMAIL PROTECTED]
  Subject: RE: 'It's not the US they want to destroy. It's our arrogance'
  [7:19699]
 
 
  Don't waste your time with idiots like this (aka Reeta Sinha). The
people
  who pulled off this gutless act, and the ones who support them should be
  exterminated, pure and simple.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20005t=20005
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Deepest Sympathy [7:19532]

[Mark Smith]

My sister in law was hit by falling debris from the second building as she
was leaving the first building but she is alive. She is so much luckier than
what I fear may end up being many thousands of others are. My heart, prayers
and tears go to all those survived and the families and friends of those
that didn't.


Quoting Wayne Lawson :

 On behalf of IPexpert, Inc. our deepest sympathy,
 thoughts
 and prayers go out to all of the hearts affected by
 today's
 tragic act.  May God bless the victims of today's
 tragedy
 and comfort their families  friends.
 
 With deepest sympathy,
 
 Management  Technical Staff
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19537t=19532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Failover cable [7:18001]

[Mark Smith]

Does anyone have the part number for the failover cable for a 515 PIX. Mine
went MIA during a company move. I can't find on Cisco's or any vendor's site
where I can order just the cable by itself. A part number would be really
nice. Next best thing would be the pin out for the cable so I could (maybe)
modify a standard cable. Couldn't find that either.

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=18001t=18001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Basics help needed--beginner [7:12406]

[Mark Smith]

Explain VPN's to me - what you are asking is not a 25 words or less
response. They've written entire books answering the questions that you're
asking. One of the best books that I've read on the subject is a Cisco Press
book called Managing Cisco Network Security. It covers basics about VPN's
and tunnels quite well and is very readable for beginners to this subject
(which I'm not far from myself). Some of the cryptography books that I've
looked at are written by and for PHD's. This one is written for folks that
have to learn and implement Cisco security/firewalls/VPN technology and may
not have much experience at it.
It's here at
http://www-selfpacedorders.cisco.com/smPage?k=680260492t=psrlevel=client_html/22/v2/detailsku_id=1588parent_id=103
Another Cisco training tool that may be helpful is
http://www-selfpacedorders.cisco.com/smPage?k=680260492t=psrlevel=client_html/22/v2/detailsku_id=parent_id=103,111
Cisco has another book out now (I don't recall the title right now) that I
saw the other day nut frankly it just looks like a smaller version of the
MCNS book that's been rearranged a little. Not bad info - just not much new
info but my view of it was limited to the couple of minutes that I leafed
through it. There may be more in it than I saw.
 

Quoting Arun :

 Hi
 i am new to this VPN world i need to know some basics
 about it .how do i
 start lets say i have mainoffice i want to connect it
 ot my clients ...take
 may be 2 from different lcoations .
  Location1
 mainoffice --|
 
 Location 2
 
 now i know that both location 1 and 2 have their own
 connectivity  to the
 internet and also mainoffice if we have to go for
 cheap solution.
 If i have a internet connection from main office say
 3600 series router  and
 may be other location it coould be same .(do we
 require this)
 Thats it ..all i know about VPN
 My question are for the locations 1 and 2 ,what will
 be we using to connect
 to  mainoffice ..VPN clients i think are these clients
 to be from cisco for
 it to work with it can anybody tell in brief
 about how it all works
 then i think i should go about other things.
 
 I have read cicso have products for VPN ...what they
 basically do
 ...security  i think is main thing ..or they do
 somethig else besides
 that.
 if  ihave a Pix won't it solve the purpose  if i let
 only certain ip's
 (which ip's i don't know) to have access.
 
 
 i am really confused i tried reading about it but i
 cann't find the basic
 things ..any help will be appreciated.
 
 
 Regardss
 
 arun Sharma
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12414t=12406
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2008 Olympics Goes to Beijing [7:12286]

[Mark Smith]

And then deny any of it ever happened


Quoting Dennis H :

 Great... now they can beat, torture, and execute some
 athletes...
 
 
 Bosco  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  2008 Olympics Goes to Beijing
 
!@!@Beijing has won the host of the 2008
 Summer Olympic Games
 
 
  --
  3Comp.Broadband - $@-S1M,01zS3]o,J 3Comp.Broadband
 - Your own Broadband
 Newsgroup
  news://news.3home.net/3comp.broadband
 
  3talk.ITPeople - IT$Ho,J%@,I
  3talk.ITPeople - IT People's World
  news://news.3home.net/3talk.ITpeople
 
  $@-S$Q%D1P.{)M+D$Q%D1P.{o,J+H%u60$$a!C
  news://news.3home.net/3talk.catholic
 
  $T+N9q0T(
  news://news.3home.net/3talk.telecom
 
  3home DIY/overclocking/problem*)$w8gX(V,0hardware*)
  3home hardware*)Cover Team(-{$'$@
  news://news.3home.net/3Comp.hardware
 
  %?!
  news://news.3home.net/3Comp.tweak
 
  $G$b9q8#3n5wEi6R=f
  news://news.3home.net/3Comp.forsale
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12306t=12286
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Weird VPN issue [7:11055]

[Mark Smith]

I am using several PIX units to tunnel between locations for where I work.
The Pix to Pix tunnels works fine.
I also have users tunneling in from home/dialup/remotely however they chose
to connect. These connections work almost fine. They all share the same
issue. They cannot see one NT4 server on the internal network. They can't
map drives to it and they can't even ping the IP address. Unfortunately
there are user files on this box. All other internal addresses are
completely accessible through their external connection except this one.  I
called Cisco TAC and they just shrugged their shoulders on this one. This
box is a domain controller, internal DHCP and WINS server and has some users
flat files stored on it (no apps running on it) and I have a DFS share
pointing to a directory it. Don't know if that matters any.
Any ideas as to why I can access the entire 172.25.1.0 network except for
172.25.1.21?

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=11055t=11055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DELIVERY FAILURE: User r wilewski (r wilewski@ibmpl) not [7:11158]

[Mark Smith]

Maybe he was driving IBM crazy too and that's why he's not there anymore.

Quoting Sam Sneed :

 Yeah, he's driving me crazy too!!!
 
 
 Circusnuts  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Yes- can we get rid of this guy !!!
 
  - Original Message -
  From: Allen May
  To:
  Sent: Thursday, July 05, 2001 12:34 PM
  Subject: Fw: DELIVERY FAILURE: User r wilewski (r
 wilewski@ibmpl) not
  [7:11091]
 
 
   Does anyone else get this with every single sent
 message?  Can we get it
   removed it from the list?  I've been getting this
 for over a week now.
  
   Allen
   - Original Message -
   From:
   To: Allen May
   Sent: Thursday, July 05, 2001 11:27 AM
   Subject: DELIVERY FAILURE: User r wilewski (r
 wilewski@ibmpl) not listed
  in
   public Name  Address Book
  
  
Your message
   
  Subject: Re: IPSec question [7:10965]
   
was not delivered to:
   
  [EMAIL PROTECTED]
   
because:
   
  User r wilewski (r wilewski@ibmpl) not listed
 in public Name 
 Address
   Book
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=11158t=11158
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Recommendations on PIX upgrade [7:10380]

[Mark Smith]

This may be a stupid question but that's never stopped me from asking before.

At one site I have 2 UR 515's running in failover config. They are at 5.2(1)
software. I'd like to upgrade them but can only afford an absolute minimum
of down time (measured in seconds, maybe). From what I've read about the PIX
units, for failover to work, I believe each unit must be configured
identically - same hardware, OS version, configuration - or failover doesn't
work.
What my plan currently is to start by taking the standby PIX (PIX2) down and
do a 6.0.1 upgrade. I guess the question that I have is, and here comes the
stupid part, if I reconnect the two with PIX2 at 6.0.1 and PIX1 still at
5.2(1) will anything bad happen (my hair fall out, I contract an incurable
STD, smoke come from either/both of the boxes)? Assuming that nothing
horrible happens, when I take the PIX1 box down to upgrade it will PIX2 (now
on a different OS version) detect that the hot PIX has dropped offline and
come up as in failover? If it won't on it's own can I do a failover active
or a similar command to force PIX2 to become active? Will the children play
well together again after I do a 6.0.1 upgrade on PIX1? Or will I have to
bring PIX2 down, upgrade it (while PIX1 is still up) and then bring PIX1
down (leaving PIX2 down), upgrade it and then bring both back up together
once they are on the same OS version level? I realize that with a laptop
that has TFTP server software connected to PIX1 and has the pix601.bin image
on it the upgrade process doesn't take long. But if I choose the last method
of taking both boxes down that, by the time that cables are switched around
as required, box(es) are rebooted, bring the 2nd box up in monitor mode,
copy the image, reboot, reconnect failover cabling (as needed), the process
would probably measured in minutes of total down time before both would be
back online. That might as well be days as far as my bosses are concerned.
Just looking for alternatives.
Thanks for any advice/experience/thoughts. Sorry if this doesn't belong in
studygroup.com. I just know that there's a lot of experience and common
sense here.

(END stupid questions)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=10380t=10380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Recommendations on PIX upgrade [7:10380]

[Mark Smith]

Thanks for the ideas, Allen. I'll probably just give that a try. I just am
still not sure if, once I bring PIX1 back online after doing an upgrade on
it and connect it to PIX2, and now they're at different versions, if the
xlate table will sync back up on PIX1. If not and I make PIX1 hot and take
PIX2 down for an upgrade to it, then it will just take a little while for
that table to rebuild on PIX1 and folks will get timeouts during that
rebuilding time. I'll give it a try though.
Thanks. 

Quoting Allen May :

 I think you're overdoing the solution when you have an
 almost zero downtime
 solution ni front of you.  Just fail the first unit 
 let the 2nd take over.
 Then with the first one offline, upgrade it  let the
 failover..well...failover ;)  When done just make sure
 the config is correct
 on the first one and do whatever it takes to get the
 first one back online.
 I've never tried just shutting the failover box off to
 see if it would
 trigger back to the first box with a different OS but
 even if that fails
 just reboot the first one and it should come back up
 happy.  Now your
 network is back the way it was with only 2 very small
 windows of downtime.
 Upgrade 2nd PIX and hook up failover.
 
 If you're concerned about the primary taking over
 again when you're trying
 to upgrade, don't.  Just boot it up hitting ESC so it
 doesn't load the
 config so you can manually give it an IP, subnet,
 gateway, and tftp server
 address.  Without the config loaded it won't be part
 of the failover.
 
 Allen
 
 - Original Message -
 From: Mark Smith 
 To: 
 Sent: Friday, June 29, 2001 1:53 AM
 Subject: Recommendations on PIX upgrade [7:10380]
 
 
  This may be a stupid question but that's never
 stopped me from asking
 before.
 
  At one site I have 2 UR 515's running in failover
 config. They are at
 5.2(1)
  software. I'd like to upgrade them but can only
 afford an absolute minimum
  of down time (measured in seconds, maybe). From what
 I've read about the
 PIX
  units, for failover to work, I believe each unit
 must be configured
  identically - same hardware, OS version,
 configuration - or failover
 doesn't
  work.
  What my plan currently is to start by taking the
 standby PIX (PIX2) down
 and
  do a 6.0.1 upgrade. I guess the question that I have
 is, and here comes
 the
  stupid part, if I reconnect the two with PIX2 at
 6.0.1 and PIX1 still at
  5.2(1) will anything bad happen (my hair fall out, I
 contract an incurable
  STD, smoke come from either/both of the boxes)?
 Assuming that nothing
  horrible happens, when I take the PIX1 box down to
 upgrade it will PIX2
 (now
  on a different OS version) detect that the hot PIX
 has dropped offline and
  come up as in failover? If it won't on it's own can
 I do a failover
 active
  or a similar command to force PIX2 to become active?
 Will the children
 play
  well together again after I do a 6.0.1 upgrade on
 PIX1? Or will I have to
  bring PIX2 down, upgrade it (while PIX1 is still up)
 and then bring PIX1
  down (leaving PIX2 down), upgrade it and then bring
 both back up together
  once they are on the same OS version level? I
 realize that with a laptop
  that has TFTP server software connected to PIX1 and
 has the pix601.bin
 image
  on it the upgrade process doesn't take long. But if
 I choose the last
 method
  of taking both boxes down that, by the time that
 cables are switched
 around
  as required, box(es) are rebooted, bring the 2nd box
 up in monitor mode,
  copy the image, reboot, reconnect failover cabling
 (as needed), the
 process
  would probably measured in minutes of total down
 time before both would be
  back online. That might as well be days as far as my
 bosses are concerned.
  Just looking for alternatives.
  Thanks for any advice/experience/thoughts. Sorry if
 this doesn't belong in
  studygroup.com. I just know that there's a lot of
 experience and common
  sense here.
 
  (END stupid questions)
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=10417t=10380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP FINISHED AT LAST!!! [7:9461]

[Mark Smith]

Congrats Michael. 

Quoting Michael L. Williams :

 On a wild hair, I changed my CIT from this Sunday to
 today (called Prometric
 this morning)...
 
 Scored a 908!!!  Woohoo  So I guess I need to
 update my signature =)
 
 Thanks to all in the group who like to talk and argue
 about things most
 people could care less about!
 
 Now it's on to CID... I hear that's a bear of an
 exam. We'll see
 =)
 
 Mike W.
 CCNP, CCDA, CVOICE
 [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=9472t=9461
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]