RE: Access list or Conduit? [7:72514]
Statics/Conduits are the old pre-Cisco way of doing things in a PIX. Works well, is easy to configure but Cisco says that at some point support for that command will likely be discontinued. Cisco is trying to make the PIX OS more IOS-centric and has brought access lists into the command fold as of about v5.x. I was slow to adopt the change to access lists in my PIX's as I hadn't used them much before then. I was very familiar with conduits but since becoming more familiar with access lists I haven't found anything that I could do with conduits that I can't with access-lists and I'm not concerned that support for ACL's is disappearing anytime soon. Only thing I'd say is that I've read you can experience some very weird and unexpected results if you mix an access list and conduits together. Go with all one or all of the other. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of E. Keith J. Sent: Thursday, July 17, 2003 4:12 PM To: [EMAIL PROTECTED] Subject: Access list or Conduit? [7:72514] Hi all The boss wants to allow ping. In the website I found the way by using an access list. In another config I see a conduit is used. What is the difference between using a conduit and an access list to allow ping Is it that a conduit is to a specific host Rather than permit any? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72527t=72514 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Probably the dumbest question that will be asked all day [7:71447]
I have a router (actually a pair of them in HSRP but that's irrelavent) that connects two networks in non-contiguous IP address ranges through a 100MB F/E TX port on the inside to an ISP network on the outside, also via a 100MB F/E TX port, at a colo facility. I have a half of a hundred MB pipe to the outside world. The two networks behind the router are independent of each other, seperated by PIX's behind the routers but, on occasion, they do communicate with each other. I currently have a primary and secondary IP address set on the inside F/E interface, one for each network. I've never seen any mention if sub-interfaces being used in Ethernet or Fast Ethernet interfaces in any Cisco literature. They primarily seem to be mentioned in regards to serial interfaces. Is there an advantage to using sub-if's here over a primary and secondary IP address? Any packet filtering is handled by the PIX's so I don't ever foresee the use of access-lists on the router. This router simply routes packets. I don't foresee the use of more than two networks inside but I suppose that's a slight possibility down the road if I would need more IP addresses and couldn't get contiguous addresses. I'm not sure if you can use more than a single secondary address on an interface or if you can pnly use a single one. I guess I'm not sure if recommended practice would be to always use sub-if's when connecting more than one network to any interface, use sub's only with serial i/f's and use primary/secondary addresses with F/E interfaces or if it's time to consider adding more F/E modules with 2 or more networks. I've used this primary/secondary config for a couple of years and it's worked fine but, as my colo facility is Sprint and they've decided to get out of the hosting biz, it would be a good time for me to reconfigure things during the move if there is an advantage in doing so. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71447t=71447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Probably the dumbest question that will be asked all day [7:71457]
I never tried using sub's on the the LAN interface. I could have used VLAN's at the time I initially set it up but didn't see a need for it at the time (still don't unless it's the officiallly Cisco-blessed method and then I'd just be curious as to why). I just set up a secondary and then later on I got to wondering if I was doin' the right thing. It ain't broke. Guess I don't need to fix it. Thanks. -Original Message- From: Zsombor Papp [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 11:38 AM To: Mark Smith Cc: [EMAIL PROTECTED] Subject: Re: Probably the dumbest question that will be asked all day [7:71447] Ask your router. I did, and it said: % Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN. :) In other words, secondary IP addresses will do just fine. And btw you can have more than one per interface (up to 255, or so?). You might also want to check out the other thread about encapsulations and such. Thanks, Zsombor At 03:27 PM 6/26/2003 +, Mark Smith wrote: I have a router (actually a pair of them in HSRP but that's irrelavent) that connects two networks in non-contiguous IP address ranges through a 100MB F/E TX port on the inside to an ISP network on the outside, also via a 100MB F/E TX port, at a colo facility. I have a half of a hundred MB pipe to the outside world. The two networks behind the router are independent of each other, seperated by PIX's behind the routers but, on occasion, they do communicate with each other. I currently have a primary and secondary IP address set on the inside F/E interface, one for each network. I've never seen any mention if sub-interfaces being used in Ethernet or Fast Ethernet interfaces in any Cisco literature. They primarily seem to be mentioned in regards to serial interfaces. Is there an advantage to using sub-if's here over a primary and secondary IP address? Any packet filtering is handled by the PIX's so I don't ever foresee the use of access-lists on the router. This router simply routes packets. I don't foresee the use of more than two networks inside but I suppose that's a slight possibility down the road if I would need more IP addresses and couldn't get contiguous addresses. I'm not sure if you can use more than a single secondary address on an interface or if you can pnly use a single one. I guess I'm not sure if recommended practice would be to always use sub-if's when connecting more than one network to any interface, use sub's only with serial i/f's and use primary/secondary addresses with F/E interfaces or if it's time to consider adding more F/E modules with 2 or more networks. I've used this primary/secondary config for a couple of years and it's worked fine but, as my colo facility is Sprint and they've decided to get out of the hosting biz, it would be a good time for me to reconfigure things during the move if there is an advantage in doing so. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71457t=71457 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Internet is very slow behind Pix 515E UR [7:70783]
100basetx is 100MB, half duplex. Try interface ethernet0 100full and interface ethernet1 100full instead. Make sure that whatever is on the other side of the outside interface is 100/full or auto too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Internet is very slow behind Pix 515E UR [7:70783] Whenever I access the web site which is behind the Pix firewalls, the speed is really slow. I bypassed the firewall and accessed the same site and it's fast! I checked my settings and made sure all the connected devices are running at 100 and full duplex, they all are! I mean why this is happening ... is it because the pix have to inspect each packet! The Bandwidth from the service provider is 64k. Any Idea Please. Any ideas? The Pix version is 6.1 besides this is satellite connection The internal Address range is 191.1.1.0-191.1.1.254 255.255.0.0 Outside address range is 10.15.9.163-183 255.255.255.224 Default Gateway: 10.15.9.62 255.255.255.224 DNS1: 195.238.62.1 DNS2: 195.238.40.30 AN# show config : Saved : PIX Version 6.1(4) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password kC9ZDwfWejkBqApp encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname AN domain-name ciscopix.com fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names access-list acl_in permit icmp any any access-list acl_in permit udp any any access-list acl_in permit tcp any any pager lines 10 logging buffered debugging interface ethernet0 100basetx interface ethernet1 100basetx interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 10.15.9.163 255.255.255.224 ip address inside 191.1.1.85 255.255.0.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm pdm history enable arp timeout 14400 global (outside) 1 10.15.9.164-10.15.9.180 global (outside) 1 10.15.9.181 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group acl_out in interface outside access-group acl_in in interface inside route outside 0.0.0.0 0.0.0.0 10.15.9.163 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si p 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius http server enable no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh timeout 5 terminal width 80 Cryptochecksum:97ca54591b41f6b215dabb457fe7c9de AN# Ismail Al-Shelh [GroupStudy removed an attachment of type image/gif which had a name of image001.gif] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70809t=70783 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Kind of off season for this question [7:70479]
What's the general opinion/experience/wisdom regaridng the writing off of home lab gear costs from one's taxes if the only thing done with this gear is to study for certifications to further one's career? I say only. I've also used this gear to test config's for work as we have no test network gear to try new stuff on - just a production network. I' ve been on a buying binge this year and, between the costs to add gearto my lab and my out of pocket costs for schooling, I'm afraid that I'll red flag my tax return next year. I'm probably around $10-11K so far and it's only June. I don't see a lot more for this year but I sure don't need no steenkeen' audit next year. Any experience on what others do is greatly appreciated. Thanks. FYI - I'm specifically referring to the US tax code. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70479t=70479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PDM for PIX [7:69852]
Maybe I'm mistaken but I think PDM v1.0 only worked with Netscape, not Internet Explorer. Something about the virtual machine in IE wasn't compatible with PDM v1.0. It required Netscape's implementation of Java. Could be way off on this one. It's been a while. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kenan Ahmed Siddiqi Sent: Friday, May 30, 2003 2:30 AM To: [EMAIL PROTECTED] Subject: PDM for PIX [7:69852] Hi there, I have a PIX 515E. I am trying to use PDM on it. The configuration is IOS version 6.0 and PDM version 1.0. The client is Windows 2000 with IE 6.0 and all the service packs intalled. When I try connecting to the PIX via the browser, somehow it just doesn't work. Everything else seems to be okay. PIX is configured to accept PDM connections from the client. Any suggestions how to fix it? Is there some encryption or something that needs to be enabled/disabled? TIA, Kenan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69882t=69852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Firewall --- DMZ to Inside Access [7:69877]
Try this: pix(config)# access-list permit tcp host 10.1.1.X host 192.168.20.10 eq 7000 pix(config)# access-group in interface where you fill the correct value for X in the source IP addess that's needing to access the inside, where is whatever you want to name your access list and is the name you gave the DMZ interface interface in the nameif command. Note: Currently all traffic from the DMZ to the outside is allowed. The moment you apply that access list to the DMZ interface all outbound traffic (traffic INTO the DMZ interface and headed to parts anywhere to the outside) will now be blocked. There is an implied deny any any at the end of the access list. You will have to then open up ports to the outside that boxes in your DMZ will need to use. If the same box needs WWW access to the outside world you will need a statment like this: pix(config)# access-list permit tcp host 10.1.1.X any eq 80 The any is the destination IP address. If it only goes to a specific WWW site you can add host A.B.C.D instead of any. With the statement as written above you've allowed the pix to access any web server anywhere, assuming it's running on port 80. The same can be done with FTP, SMTP, DNS (except if would be permit udp instead of permit tcp) or any other traffic originating from the DMZ. Any traffic already allowed via access lists from the outside to the DMZ will not be affected, only traffic originating in the DMZ. The official line from Cisco is that it's not a good idea to mix static/conduits and access-list/access-groups on the same box. If you're allowing traffic from the outside into your DMZ via static/conduit pairs you may have intermittent troubles using both. I've not experienced it personally. I just know what I've read in all of Cisco's doc's about it. You may need to consider switching to access-list/access-group instead of conduits. The static statements should remian the same. If you were going from the inside to the DMZ you would need a static statement defining the inside network to the DMZ but I don't believe you do from a less secure interface to a more secure interface. The two statements above should be all you need to put in your config. Hope this helps (and it wasn't 10,000 times more info than you wanted). Mark Smith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 10:26 AM To: [EMAIL PROTECTED] Subject: PIX Firewall --- DMZ to Inside Access [7:69877] Fellows - I have a senario here, I have a PIX firewall with 3 Interfaces , Inside, Outside and DMZ. Machines on the Inside Interface can access Server on DMZ Zone, no problem, I have to facilitate limited access from DMZ zone Servers to Host on Inside Interface. Let take an example, I have a Server on DMZ zone 10.1.1.1 and i need to alow TCP Port 7000 from this Server to a host on Inside zone whoes IP address is 192.168.20.10 I have a raw configuration in my mind since i dont a PIX with 3 Interfaces in my LAB i can not test it. I know i have put an Access List / NAT to do this. Any config welcome. thanks -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69892t=69877 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Am I over my head guys? [7:69746]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Neiberger Sent: Thursday, May 29, 2003 9:36 AM To: [EMAIL PROTECTED] Subject: Re: Am I over my head guys? [7:69746] B Rudy 5/29/03 2:41:29 AM Hey guys, I just got an offer to become a 2nd senior network engineer for this company in Orange Country. Great News i know!! Dilemma: I am a CCNP but have no local Area Nework Experience. Going to be workin with Catalyst 6500 switches. Also i have about 2 yrs working with cisco equipment, however, dont feel i am ready for a senior title and duties. Also working with cisco routers. What do you guys think i should do? 1. Take the job and see how it works out? Maybe mess up their network and look real dumb and unknowledgable on some troubleshooting. risked getting fired? 2. Let the job go, and watch a great opp float away? 3. Keep the existing job i have working with cisco equipment and technology? p.s. This job is a senior position, so meaning senior pay. very positive aspect, and a great company going places. over 4000 employees. Your output is greatly appreciated. Really need some advice. Thanx Yowza! Two-years Cisco experience, CCNP, and no real-world experience on LANs gets you a *senior* position?? What's the name of this company? I feel a move to Orange County coming on... :-) Seriously, you must have shown the skills they were requiring of a senior-level person in their organization, and every organization has different guidelines. Heck, I don't even qualify to be a senior person in our company yet! That's related to time in the department, though. Still, you seem to be a little worried that they might expect more from a senior person than you're ready to deliver. Take an honest assessment of your capabilities and if you're still worried, start studying your tail off right now. You know we're always here to help when we can. Show some confidence and be willing to continually learn as much as possible as quickly as possible; be thorough and conscientious; be trustworthy, loyal, helpful, friendly, courteous, kind, obedient, cheerful, thrifty, brave, clean, and reverent. (Hopefully someone will get that joke, ) And don't forget to always Be prepared. (I was a Boy Scout too.) If you have a good enough grasp of things to get the CCNP then you should do fine. Every new job is a learning experience. At least mine have been. If you passed BCMSN then you tested on the 5000. It uses the CatOS like the 6500. In my experience anyone with enough integrity to worry about doing their job correctly usually goes above and beyond. It's the folks that just look at the money or the title or just flat don't think things thru that fail. You obviously think things through. If you've weighed all of the options re: long term prospects at this company, who you'll be working with/for benefits, working conditions, etc and it all looks good and the only thing that's holding you back is confidence in your own ability, IMHO, take it. I felt the exact same way after the first networking job I was offered. I didn't think there was anyway in he** I should accept it and told my prospective boss that. She sought me out as she had heard about my work ethic. I told her I work hard and study a lot but don't know what she needed me to know. Her response was I'd rather have someone that's hungry and willing to learn like you then someone who knows everything. There's lots of resources available to fill in whatever gaps you may have in your knowledge for someone willing to use them and you are. I can teach you whatever facts you don't know but I can't give you the drive to work hard and do the job correctly. She was right. And she didn't ever have to teach me anything. I always found some way to get whatever info I didn't have at my immediate grasp and I still do. I suspect she could have been talking about you too. Good luck in whatever you chose. Dive in head first and work your tail off and you should have a great chance at succeeding. If they've offered the job, take it and run with it. Regards, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69827t=69746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Volunteering in a Village in Nigeria. [7:66028]
Usually when I get a letter from Nigeria someone's either asking for my bank account information so they can transfer millions of ill-gotten $$$ into it and then they'll transfer most of it later on to another account but I get to keep some of it for my own trouble or, in a variation of the above scheme, they need me to first send them a few thousand $$$ up front so they can then send me the several millions of dollars. The last one I received was a beg for someone to send high end medical equipment (to be paid for later, of course) over there as there was a huge need for it right now and a lot of money to be made in the market. Cisco training nowthis is a new one. Quoting olubunmi : Hey Folks... Nigeria is slowly grapping with the IT world and people are ready to learn here. i am looking for volunteers with whom i can work together to set up a a Cisco academy in Uyo , south South Nigeria.This may be starting any time within the next 3 months. I will give details to whoever is interested. Uyo is a peaceful state capital in south south Nigeria , with a University, a polytechnic, and a metropolitan hub for the south south NIgeria. Volunteer(s) will enjoy the hospitality of the town, help bring up locals and motivate unversity and secondary schools student towards a career in IT. I welcome anyone interested to email me ; [EMAIL PROTECTED] for further details. Kindly pass this message across to anyone you know might be interested. thank you olubunmi Isinkaye CCNP, Lagos Nigeria Cisco Certification Digest wrote: Cisco Certification Digest Thursday, March 20 2003 Volume 02 : Number 2494 In this issue of the Cisco Certification Mailing List Digest: RE: 6509 cam entries [7:65758] Re: RSM Equivalent for the Catalyst 6500 [7:65760] RE: IP header [7:65718] RE: CCNP Certification [7:65759] IPSec and nated ISDN router [7:65782] pix 501 limitations [7:65785] RE: Anybody heard of banff counters? [7:65765] Re: Cisco Instructor - CCNA Class [7:65742] RE: FrameRelay dlci + IP address [7:65713] DS3 bandwidth issues [7:65790] Re: IPSec and nated ISDN router [7:65782] Re: pix 501 limitations [7:65785] Re: IP header [7:65718] Re: Getting out of hand?? [7:65676] RE: PIX VPN home access question [7:65666] RE: Unable to delete flash [7:65529] RE: Rack Mount Kit for 4000 [7:65752] Re: IP header [7:65718] Re: DS3 bandwidth issues [7:65790] RE: AW: ISDN Callback Config [7:65649] Re: DS3 bandwidth issues [7:65790] span sessions [7:65531] RE: ISDN 803 Callbacks [7:65754] dial up problem [7:65801] Difference on L3 switching of Cat4500 and Cat6500? [7:65802] RSP7000 and RSP-4-COOKIE message [7:65803] Attack on Iraq [7:65805] RE: is 10baseT dead? [7:65263] PIX Questions [7:65806] RE: Cisco Instructor - CCNA Class [7:65742] RE: Finding device on network via cisco switch [7:65670] Re: DS3 bandwidth issues [7:65790] Large number of VLANS [7:65815] RE: ISDN 803 Callbacks [7:65754] Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65818] 2511 Reverse Telnet [7:65819] RE: ISDN 803 Callbacks [7:65754] RE: ISDN 803 Callbacks [7:65754] eBGP Multi-hop [7:65823] RE: Voice Level Adjustment [7:65701] RE: Convert from Custome Queue to CBWFQ [7:65700] RE: 2511 Reverse Telnet [7:65819] RE: Large number of VLANS [7:65815] Re: 2511 Reverse Telnet [7:65828] RE: IPSec and nated ISDN router [7:65782] OT: Satellite Modem [7:65830] RE: Policy based routing [7:65776] Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65832] RE: Large number of VLANS [7:65815] Why did Cisco do this? Off Topic [7:65834] Re: eBGP Multi-hop [7:65823] RE: eBGP Multi-hop [7:65823] Cisco 2000 problems [7:65837] RE: 2511 Reverse Telnet [7:65819] Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65839] Re: Open http: traffic on firewall... [7:65755] Re: Large number of VLANS [7:65815] RE: Convert from Custome Queue to CBWFQ [7:65700] Anyone configured nat under tunnel [7:65843] Re: eBGP Multi-hop [7:65823] -- Date: Wed, 19 Mar 2003 21:55:19 GMT From: Priscilla Oppenheimer Subject: RE: 6509 cam entries [7:65758] steve wrote: guys i have the following entry in my cam table that i cannot remove here is the config VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type] - -- - --- 17 00-02-a5-e8-97-35 X 9/40 00-02-a5 is a Compaq vendor code. So it's an Ethernet interface from Compaq, if that helps. The list of vendor codes is here: http://standards.ieee.org/regauth/oui/oui.txt I have no idea why it would get stuck though. Seems like a bug? Priscilla here i smy Show Ver WS-C6509 Software, Version NmpSW: 5.3(2)CSX Copyright (c) 1995-1999 by Cisco Systems NMP S/W compiled on Oct 11 1999, 17:45:02 System Bootstrap Version: 5.2(1)
RE: Cisco Visio Stencil [7:65281]
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steiven Poh-(Jaring MailBox) Sent: Thursday, March 13, 2003 3:02 AM To: [EMAIL PROTECTED] Subject: Cisco Visio Stencil [7:65281] Hi, I'm trying search the visio stencil on cisco website and can't find it. Any idea? :-) Rgds, Steiven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65447t=65281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: take me off this list, Please! [7:65428]
If they're running out either he can't be that bad or his patients just aren't that sick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Symon Thurlow Sent: Friday, March 14, 2003 2:55 PM To: [EMAIL PROTECTED] Subject: RE: take me off this list, Please! [7:65428] Why? Are you a bad doctor? -Original Message- From: Edgar A. Howard [mailto:[EMAIL PROTECTED] Sent: 14 March 2003 13:45 To: [EMAIL PROTECTED] Subject: take me off this list, Please! [7:65428] Someone please get me off this list. I have tried everything. I used the website. Nothing works! My patients is running out. -edgar = This email has been content filtered and subject to spam filtering. If you consider this email is unsolicited please forward the email to [EMAIL PROTECTED] and request that the sender's domain be blocked from sending any further emails. = = Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65475t=65428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The CCNP BSIN ( I Think Exam ) [7:63749]
It's the BSCI (Building Scalable Cisco Internetworks) exam - 640-901. I took it about three weeks ago. It was tough for me but then I don't get as much real-world hands on experience with routing protocols and such as I'd like. For info check here: http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exam s/640-901.html There is a new book out for the BSCI test http://www.ciscopress.com/catalog/product.asp?product_id={E9CBCDAF-77DF-468E -B2F6-C902C0B78D6F} but I used the old for the the BSCN test and the info from here at Cisco on IS-IS: http://www.ciscopress.com/content/images/1578702283/downloads/2283newchap2.p df?session_id={191E20FE-35FE-420B-94D2-D7BAA31347FC} and it worked out OK for me. I had 57 questions. Passing score was 700 out of 1000. I passed but I ain't bragging about my score. Strange as it might sound, most of my routing test was on routing protocols. It was very pretty evenly spread between OSPF, BGP and IS-IS. Know them. Really know IS-IS. Probably 20% of my test was on IS-IS. I was told to expect 3 or 4 questions max on it but I had a lot more on mine. Understand CLNP and CLNS. Had some questions on VLSM, redistributing and optimizing routes, RIP2, EIGRP too - basically everything in the BSCN book and from the pdf above. If you have access to a real lab or have one of your own (thank you, eBay) you will be way ahead of the game. If you do, get the Cisco Academy Semester 5 - Advanced Routing - info and do all the labs in there. If you can't actually do them then study them. Don't know anything about the router sims available. They may be a decent alternative to having access to routers. Someone else may be able to speak to that. Get familiar with the commands to accomplish tasks within the individual protocols. There's a lot of memorization in this test. It covers a lot of ground. And my test covered a lot of some of it and a little of all of the rest of it. Only surprise I had was how much IS-IS was on the test. Boson, Fravo and TestKing make some decent practice tests too. Any one of them would probably do as they're all pretty similar. Good luck. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steven Aiello Sent: Tuesday, February 25, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: The CCNP BSIN ( I Think Exam ) [7:63749] I have been readibng through the boards and from what I've seen the new CCNP Routing exam seems to be a bear. This is the next test I am studying for. Any one out there that have passed the test, that can give me a generally study out line? Also what books or test prep did you use. You guys ( and ladies ) are all great, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63769t=63749 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: bsci passed [7:62805]
I took a class recently at a local juco that was very good. They used labs from the Academy material aimed towards advanced router config. I have a lab at home with a couple of 2600's and a couple of 2500's that I've picked up off of eBay over the last couple of years and was able to do the labs over again at home. What I blew thru in the class due to time constraints I was able to dissect a little more completely and try different commands and such with at home. As far as reading material I used the BSCN text book and printed out the Cisco link on IS-IS that is available here (watch for text wrap) http://www.ciscopress.com/content/images/1578702283/downloads/2283newchap2.p df?session_id={191E20FE-35FE-420B-94D2-D7BAA31347FC} but I understand the actual BSCI text book is available now http://www.ciscopress.com/catalog/product.asp?product_id={E9CBCDAF-77DF-468E -B2F6-C902C0B78D6F} I used a couple of practice tests that were very good but very similar to each other in content. Either would have probably been enough. http://www.fravo.com/cisco/index.htm and http://216.197.111.79/testking/index.cfm?pageid=714productid=102 Both were outstanding (IMHO) conceptually. If you're looking for braindump, these-are-exactly-the-questions-you'll-see-on-the-real-test-type study guides then these aren't what you're looking for. I didn't see any *exact* questions from either of these on my test but all of the concepts I found on the test were covered in both of these. TestKing is a PDF and Fravo is a little app that you run. Fravo probably has more questions but not any more material is covered. They just ask the same type question 3 different ways. From my experience with the test know IS-IS. I was told to expect maybe 3 or 4 questions on IS-IS. I got more like a dozen or maybe even more. The rest was pretty evenly scattered thru all of the topics that the BSCI topics list at Cisco has in it. No one area was hit any harder than any other in mine. I did have fewer actual config the scenario questions than I expected. Know how OSPF, BGP work and how to set them up. Understand route sumarization and VLSM. Understand EIGRP and how it interacts with IGRP. Know IS-IS and CLNS. Know route redistribution. Be familiar with RIP v2. Basically, know everything in the BCSN book and IS-IS. I know I'm Forrest Gump-like compared to most I see post here regularly so I may not be the most accurate indicator of it's difficulty but that was my toughest cert test of the eight that I've taken to date. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Faulk Sent: Wednesday, February 12, 2003 8:53 AM To: [EMAIL PROTECTED] Subject: Re: bsci passed [7:62805] Hey guys, what were your study materials? John On Tue, Feb 11, 2003 at 03:47:01PM +, Mark Smith wrote: Congratulations, Alejandro. That was a tough test for me too. I passed mine yesterday morning. I'm not exactly bragging about the score but I passed. Got a lot more on IS-IS than I expected - about 20% or more of my test. Had only read about it. My home lab routers aren't beefy enough to set it up and play with it and I've never used it in the real world. Guess I read enough about it though. On to switching. Mark Quoting Alejandro Quemada : Hi it4s mi first post I have just passes bsci test this morning. it was a bit hard but passing score 700 [EMAIL PROTECTED] -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62893t=62805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: bsci passed [7:62805]
Congratulations, Alejandro. That was a tough test for me too. I passed mine yesterday morning. I'm not exactly bragging about the score but I passed. Got a lot more on IS-IS than I expected - about 20% or more of my test. Had only read about it. My home lab routers aren't beefy enough to set it up and play with it and I've never used it in the real world. Guess I read enough about it though. On to switching. Mark Quoting Alejandro Quemada : Hi it4s mi first post I have just passes bsci test this morning. it was a bit hard but passing score 700 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62806t=62805 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX firewall simultaneous connections [7:62575]
I have approximately 2 million hits a day on web pages behind a pair of PIX 515's in failover and send out a little more than a million subscription (not spam) email's every night and the only issue I have is that the available 1550 (Ethernet) blocks drops to zero at times during the 3 or 4 hours in the middle of the night that I'm shoving out all of that email. We even run some small animated Flash things on some pages however I don't serve any streaming media. I do have FTP services that serve from 1500-2000 users anywhere from 10 to 100MB each daily. Now the FTP users are pulling packages of graphics though, not 700MB ISO CD images. During the day, when the lion's share of the web activity occurs, I never notice any of the PIX's resources taxed to anywhere close to a point I consider worrisome. The boxes I have to keep an eye on are my 3640 routers. That's where I see the meters pegging, mostly in the mornings when people check their morning emails. I used to have QoS running on them for certain traffic I wanted to restrict bandwidth on but that absolutley choked the CPU's in the AM. Never seen a router CPU run at 100% use and stay there until then. Had to remove it. Like Charles said, a single user will open many connections one web page hit but each individual connection not open too long. The PIX just keeps on chuggin' right along. Now I run no encryption on that pair and have tunnels in from the outside coming in thru another PIX that processes no web traffic. These 2 boxes are simple firewalls. I would like to upgrade to at least 525's (not to mention a beefier router) or just a REALLY beefy router running firewall IOS but, alas, it's not in the budget this year so I chug right along with my 515's doing exactly what I need them to. If you're not running really big flash animations, streaming media or some other big bandwidth hog type of traffic, you don't have a bunch of secure tunnels built or your 2 million users don't all hit within a 2 hour time frame I really doubt you'll have any issues with a 515 or bigger box but I would personally recommend bigger than a 515 with the idea in mind of a liitle room for your business to grow and not max'ing out the box in 6 months or a year. Our traffic has only seen modest growth over the last 2 years or so. I believe we still have quite a bit more we can squeeze out of the PIX's before we have no choice but to upgrade. That's my experience anyway. Don't know how closely your requirements match mine though. Hope this helps. Mark Quoting Charles Riley : I believe that if you check the Cisco website or documentation, you will see that it defines a session as a single TCP or UDP connection. If somehow you had 2M users, yet their total number of sessions never exceeded 500K, then your firewall could handle 2M users. I am not addressing performance at all here. Realistically, though, your users are going to have any number of sessions established as they read their email, check the web, download files, and so on. It's possible that your 500K PIX firewall could only be able to handle about 5K or 50K of your users if they are the kind of users to keep hundreds or thousands of sessions going at once. HTH, Charles Kenan Ahmed Siddiqi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello groupies, I was reading the PIX book and it apparently said that the no. of connection supported by a PIX firewall (higher order) is 500,000. Does this mean that upto 500,000 sessions can be established or something else? If so, what do I do if I have a thoroughput of say 2 million users? Thanks in adv. Cheers, Kenan [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62587t=62575 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Richard A. Deal Books [7:62027]
I think his PIX book is very good. I've not found many errors in it but then maybe I've not looked at it in as much depth as you have. If I have a gripe about it it's for one thing. I use it as a desktop reference. Sometimes I'm looking up how to accomplish X and find out that before I can do that I need to accomplish A, B and/or C. The instructions will simply say That process was covered earlier and won't be repeated here. Now to accomplish X. Earlier? WhereEXACTLY? I've spent more time looking for earlier sometimes than I do accomplishing the task at hand. Earlier in this chapter under the blah heading or this was covered in the chapter on blah blah would be helpful. As far as the info in the book goes I've found stuff in there that I can't find at CCO (it may be there but I can't find it) or anywhere other than maybe from tech in a TAC call. Either that or I've had to look for it in a dozen different places and now it's all together in one book. It's the best book I've found on using a PIX. Beats the Cisco Press book on the PIX by a long shot. Don't know about any others he's written. IMHO. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sam Sneed Sent: Tuesday, January 28, 2003 9:57 AM To: [EMAIL PROTECTED] Subject: Re: Richard A. Deal Books [7:62027] His PIX firewall book is OK. It does have a lot of errors in it though. Hope his other books have proofreaders. Joseph R. Taylor wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Everyone, I'm interested in knowing how good Richard A. Deal's books are. Especially in reference to MCNS. Thank you in advance. Joseph R. Taylor MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62036t=62027 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
REQ: Opinion from experienced folks regarding the [7:60619]
I am thinking about enrolling in a CCNP non-credit track at a local community college. As this is non-credit, it's considerably higher priced than standard comm college classes - approx $5600 for the 4 CCNP track classes. It's Cisco cirriculum and they have a pretty extensive lab facility (but then so do I, at home). It's taught by an instructor that I respect very much. I had him 8 or 9 years ago when I was first starting my education for a career shift after 15 years in a crap job in a different part of the technology field. He's a great instructor that takes a sabbatical periodically to work as a network design contractor for a major telecomm company in my geographical area. He then comes back to teach at the college. He stays current with changing technology. So much for the particulars of the school, at least as I see them. My question is not about the quality of the class. That's strictly my call and I'm sure it will be top notch as far as a class like this goes. My question is more how far do classes like this go in the first place?. What's the general feeling about the basic intrinsic value of this type of quasi-boot camp style training. While this is not a true boot camp per se - it's taught over a period of roughly a college semester with a week or two breaks between the 4 modules - it's still fairly intensive training. How valid is training like this from some of the more well known training mills - Global Knowledge, etc? I guess wondering whether in the opinion of the folks that have been around for a while, generally are these classes a big waste of $$$? Am I just throwing away five grand and change? Are these types of classes generally teaching a test or do they teach actual usable knowledge or mabe both? I hear these advertisements for schools touting Get the equivalent of 2 years of real world experience in 6 weeks...blah blah. Call me crazy but I've always been of the belief that it takes you roughly two years working in a field to get 2 years experience in it. I took a couple of ju co classes and spent lots of personal time studying to pass my CCNA and MCSE. No boot camps or expensive training classes but then it took me a couple of years to get them both. The junior college classes helped but it still took a lot of digging on my own. I really don't want to be another year and half or two years finishing my CCNP too. With all that I seem to have to keep up with in my job it'll take me that long. I'd also like to spend more time working with Cisco security but finding the time learn it on my own, along with the hundred thousand other things I just have to stay current on, is the trick. For the last three years I've work as the network admin for a small dot com, am CCNA and MCSE (woo hoo), do all the router and switch config and monitoring, security and firewall work, I'm the Veritas guy, the Windows guy, one of four Linux/UNIX guys here along with the half a million other little administrative pains in my a#$ that fill my day. Before this current job I was an NT admin at a large midwestern bank. Most of what I know I've just dug out of books on my own - definitely the slow way to go for me as I have to try to keep current on about 2000 different things or so it seems. The world of technology that I'm exposed to at my current employer is pretty small and I will never see some of what I'm learning for the CCNP tests here. I have another personal agenda for this training in other prospects for employment. I'm not doing it for a raise at my current position as my current employer has never acknowledged any cert anyone here has. I'm doing this for me but I don't want to think I'm moving forward when in fact I'm just p---ing away a bunch of money for nothing. I'm paying for this training myself. The company I'm with currently has no training budget. Sorry about the length of this. This feels more like it should have been be a whining letter to Dear Abby (Make my decison for me, Abby) than one to the cisco study group asking for the experience of folks whose opinions I value. Bottom line is what is the general consensus towards the intensive CCNP, or for that matter, CSS1(CSSP) or MCSE or any other of these types of classes? Good? Bad? Why? If this is a poor choice, then what's a better way? Obviously I'm not asking about my specific school. I'm asking about the concept of this type of training in general. I know that for you guys and gals 5600 bucks is pocket change but for me it's almost a full week's. : ) I have no doubt that I can learn this stuff on my own but I already spend at least a couple of hours a day reading on all that I have to stay current with. Maybe I'm Forrest Gump but teaching myself protocols that I don't see used on equipment I rarely get to work with just ain't real easy for me. Do these schools really help or are they just bank account vacuums? Any observations are appreciated. Thanks. Message Posted at:
Re: Profession Cert or PhD!!! [7:60385]
Quoting Jimmy : If you will given a choice, would you choose to go for PhD in networking area or juz stay in your field and pursuing profession certification such as CCNP/CCDP etc. Assume that both is fully sponsored, can anyone tell me which one will paid off in a long run? Cheers! I'm not sure exactly what a doctorate would give you except the ability to write prescriptions. Personally I have no need for that. I'd stick with the CCNA...or better yet just an MCP and just forget the Cisco certsif it were me. (Silly questions demand even sillier reponses.) [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60432t=60385 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Good PIX book? [7:60039]
Cisco PIX Firewalls - Richard Deal ISBN: 0072225238 Osborne/McGraw Hill or Cisco PIX Firewalls - David Chapman ISBN: 1587050358 Cisco Press Deal hangs around this group some too. Not sure about Chapman. Both are good. The CiscoPress book is a little more geared towards Cisco firewall certification. Deal's book starts from basic Firewall 101 and continues on thru some pretty advanced configuration of the PIX. Lots of good troubleshooting/show command info in there too. I have 'em both on my desk at work but use Deal's a lot more as a day to day reference. There's probably other good ones aout there too. I know about these two. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sam Sneed Sent: Tuesday, December 31, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: Good PIX book? [7:60039] Can anyone recommend a good PIX book for a PIX beginner. i ve got good understanding of TCP/IP and firewalls/pack filters but no PIX experience. Thanks P.S. HAPPY NEW YEARS from NYC! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60041t=60039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco Work 2000 Manual user guide [7:58959]
I was just curious. I've almost bought that one a couple of different times in the past (at any given moment there are always two or three of them listed) as it doesn't specifically state Sales Essentials as some of the ones obviously geared towards sales folks do but I still wonder if it's very detailed. I think the info on Cisco's link that you also posted is just what the doctor ordered. Thanks. Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Leonardo FUK Sent: Monday, December 16, 2002 1:57 PM To: [EMAIL PROTECTED] Subject: Re: Cisco Work 2000 Manual user guide [7:58959] I think that you're right. This is (probably) one of the many sales-oriented tools. It might have something technical, but not at the level you are looking for. But it's cheap, isn't it? I'll look for something else then. -- Leonardo Furtado Network Engineering and Security Architecture Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are geared more to sales folks and, from what I gather, not too technical. Is this one for folks that acutally install/configure/use the product or a 500 feet high overview that highlights the strong points from a selling prespective? Thanks. Quoting Leonardo FUK : You may try these links: Documentation: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm Self-paced CBT http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225 Leonardo Han Chuan Alex Ang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, Anybody have ideas on book or site that reveal good information on how to install, configure and use Cisco Work 2000, thanks [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59317t=58959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Work 2000 Manual user guide [7:58959]
How is that CBT, Leonardo? Most of the Cisco CBT's I see on eBay are geared more to sales folks and, from what I gather, not too technical. Is this one for folks that acutally install/configure/use the product or a 500 feet high overview that highlights the strong points from a selling prespective? Thanks. Quoting Leonardo FUK : You may try these links: Documentation: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/index.htm Self-paced CBT http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem 79712034category225 Leonardo Han Chuan Alex Ang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... hi, Anybody have ideas on book or site that reveal good information on how to install, configure and use Cisco Work 2000, thanks [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59264t=58959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Mac network [7:58945]
If you're talking about a $100 switch (like a NetGear or LinkSys) can you even set any of the port parameters on that switch? No cheapy NetGear I've seen allows you to do that. If you hook up a Win2K/Linux/etc to this network do you have these same problems? Quoting John Smith : I have worked on Cisco, Cabletron and Nortel switches and I had to come with different solutions with. I think the switch ports are set to Auto Neg. ON. Try port setting to 100 Half for G4s and 10 half for G3s and see what happens. Sayeed Dwayne Saunders wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all Mac users I have a small problem with a network that I was asked to look at there is 6 end user machines and 1 server all connected via a switch the problem is that when connected to the switch network transfers to and from the server are very slow i.e. 100meg file take approx 18 minutes Now I have swapped the cheap $100 switch out and replaced it with a another one from the supplier still the same problem I then replaced the switch with a hub and now everything flies along The Mac's are running 9.2 os and from what I can see without doing a network capture there is speed and duplex conflict these settings cant be changed on this os. So any help with this would be greatly appreciated. Regards D'Wayne Saunders Data Network Administrator Phone: +61 8 8950 7742 Mobile: +61 412 832 322 Fax: +61 8 8952 1112 www.lasseters.com.au World's First Government Licensed and Regulated Online Casino... *** This email message (and attachments) may contain information that is confidential to Lasseters Online. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Lasseters Online are neither given nor endorsed by it. *** [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59090t=58945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mac network [7:58945]
If I recall correctly, G3 beige mini-towers and older hardware all came with 10MB NICs. Without checking Apple's online specs site, I don't know what generation laptops started using 10/100 cards - somewhere in the G3 generation I'd guess. What PC hardware is running on this network? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dwayne Saunders Sent: Wednesday, December 11, 2002 10:32 AM To: [EMAIL PROTECTED] Subject: Mac network [7:58945] Hi all Mac users I have a small problem with a network that I was asked to look at there is 6 end user machines and 1 server all connected via a switch the problem is that when connected to the switch network transfers to and from the server are very slow i.e. 100meg file take approx 18 minutes Now I have swapped the cheap $100 switch out and replaced it with a another one from the supplier still the same problem I then replaced the switch with a hub and now everything flies along The Mac's are running 9.2 os and from what I can see without doing a network capture there is speed and duplex conflict these settings cant be changed on this os. So any help with this would be greatly appreciated. Regards D'Wayne Saunders Data Network Administrator Phone: +61 8 8950 7742 Mobile: +61 412 832 322 Fax: +61 8 8952 1112 www.lasseters.com.au World's First Government Licensed and Regulated Online Casino... *** This email message (and attachments) may contain information that is confidential to Lasseters Online. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Lasseters Online are neither given nor endorsed by it. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58998t=58945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 640-901 Passed !!!!!!!!!! [7:59012]
Quoting The Long and Winding Road : Btma1 wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, I just passed it today with a score of 813.YEAH !!. My first towards CCNP status. The exam was straight forward, but some question are tricky and wordy. The simulation is based, (for my exam) on what you are good at configuring. I realized this after the exam. Before the exam there was a survey asking you if you are strong in configuration with routing protocol. I happen to tick that I was strong with configuring OSPF. My suggestion is to know all configuration for all IP routing protocols. And select the routing protocol that you are confident with this survey. That is, ticking the 'Expert or Intermediate' box for confidence in configuration of routing protocol/s that you are familiar with. example OSPF, EIGRP, BGP, and IS-IS. CL: assuming this is true, I recommend everyone check the strong on RIP v1 box ;- LMAO! CL: BTW, CONGRATULATIONS Congrats, Binh!! Anyway, I hope those sitting for the 640-901 exam will find this helpful. As for me the next will be the Remote 640-605 exam.Good Luck !!! Binh [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59014t=59012 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Graphical Bandwidth Utilization [7:58819]
MRTG is what I use. Runs in Linux or Windows. (Maybe UNIX too. Didn't try.) http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ A troublesome for me to get it working in Linux. Had problems with the gd library but I backed up a couple versions older than the latest and it works fine now. No troubles getting it working in Microsoft-land. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Matthews Sent: Monday, December 09, 2002 2:49 PM To: [EMAIL PROTECTED] Subject: Graphical Bandwidth Utilization [7:58819] Does anyone have any sugestions for how I can monitor the port on my router that is connected to my Internet T1 in a way that I can generate a graphical representation of the bandwidth utilization through out a normal business day?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58826t=58819 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MRTG related [7:58497]
Kevin's right. The perl process stopped running (evidently at a high traffic time on the firewall) on the Linux box I've got MRTG running on over a weekend. I got a steady high traffic flat line over a weekend during which time use is usually low. Scratched my head on that one for a little while until I decided to stop and restart the daemon, did a ps to find the process ID to kill it and discovered it wasn't even running. It appeared to continue to populate with the last good number it got from the firewall. As soon as I restarted it all was well in mrtg-land again. Quoting Kevin Stone : Check that MRTG is still connecting to the router. If MRTG loses connectivity it will continue to use the last number it had. If this was during a peak it would look like the utilization had jumped up. It could also simply be increased usage. -Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of puro prasad Sent: Tuesday, December 03, 2002 5:50 PM To: [EMAIL PROTECTED] Subject: MRTG related [7:58497] I am running mrtg to monitor one of my ethernet ports on the router. Since a few days, the utilization shown has raised 4fold though no major changes have been carried out on the intranet. Anybody aware of any such problem. regs., prasad. Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58524t=58497 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Learnkey or Keystone learning [7:58303]
Have you taken anything from them, NetEng? The concept is VERY cool but I've never heard of them (not that I know everything about everything but I do try to keep up on affordable training options available). Just makes me wonder what the training is like. I see several schools that I'd like to attend but I live/work in Kansas City, not exactly one of the primo stops on Global Knowledge's or any of the other traveling road shows classroom tours. I go to Chicago or Dallas or ??? to take one of their classes I have the costs of the school, the transportation out there and meals/lodging while I'm there. Don't know about most businesses these days but training budgets where I work are just about non-existent. I'll probably end up pay for the frickin' class myself here if I take a couple of them. Knowledgenet's costs are quite reasonable for what they offer, there's no travel involved and yet it's live training. Sounds like the best of all worlds for me but what's their training like? Thanks. Quoting NetEng : Take a look at knowledgenet.com. They have some pretty good training. Kazan, Naim wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am interested in purchasing CBT's for my Cisco security certifications. I was just curious of your opinions on learnkey product for the PIX, VPN , etc... by Michael Storm and Keystone in general. -Original Message- From: Mark Smith [mailto:[EMAIL PROTECTED]] Sent: Friday, November 29, 2002 2:47 PM To: [EMAIL PROTECTED] Subject: Re: CSS1/CCSP [7:58241] I was teasing, Richard. I ordered yours and a new one by a Callisma(?) and Umer Khan called Cisco Security Specialist's Guide to PIX Firewall from Bookpool.com yesterday after the post here mentioning it. When are you going to write one for CiscoPress anyway? I'm surprised they haven't approached you about it. Never did understand why Ceeesco used to have Firewall IOS covered on the PIX test anyway. Glad to see they've changed it. While I may go for CCSP the reason I bought yours is because of the areas you cover in it. I work with PIX's and have no training on them. It's a small part of my daily chores and I don't have the time to devote to learning about them that I wish I did. Too many other things to do and keep up with. Not much available on the PDM. Cisco's got squat on their site about it other than installation. Wonder what all I can do thru the PDM that I just don't know about. Thanks for writing the book. Mark Quoting Richard Deal : Mark, Actually, Mark, I'm one step ahead of you :-). My PIX book came out at the end of October from McGraw-Hill/Osborne. I wrote it as a non-certification book, but it covers everything you'd see on the new PIX exam. You can check out a free chapter on Osborne's web site: http://shop.osborne.com/cgi-bin/osborne/0072225238.html (watch the wrap!). I also have some extra stuff on my web site that I couldn't fit in the book because of page constraints. Just vist my home page below. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So when are you going to write one, Rich? We're waiting. :) Quoting Richard Deal : John, The CSS1 exams are valid until the end of January, upon which you must take the new exams. CiscoPress doesn't have any books out yet on the new tests. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. John Cianfarani wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can we still write CSS1 or has it been replaced with the CCSP? Thanks John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 28, 2002 8:30 PM To: [EMAIL PROTECTED] Subject: RE: CSS1/CCSP [7:58241] I havent take the new CSI exam, but for CSS1 i suggest you do the following : MCNS - PIX - VPN - IDS, and if you already pass all of them, i dont think
Re: CSS1/CCSP [7:58241]
So when are you going to write one, Rich? We're waiting. :) Quoting Richard Deal : John, The CSS1 exams are valid until the end of January, upon which you must take the new exams. CiscoPress doesn't have any books out yet on the new tests. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. John Cianfarani wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can we still write CSS1 or has it been replaced with the CCSP? Thanks John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 28, 2002 8:30 PM To: [EMAIL PROTECTED] Subject: RE: CSS1/CCSP [7:58241] I havent take the new CSI exam, but for CSS1 i suggest you do the following : MCNS - PIX - VPN - IDS, and if you already pass all of them, i dont think you would have problems with CSI. Ardi [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58292t=58241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CSS1/CCSP [7:58241]
I was teasing, Richard. I ordered yours and a new one by a Callisma(?) and Umer Khan called Cisco Security Specialist's Guide to PIX Firewall from Bookpool.com yesterday after the post here mentioning it. When are you going to write one for CiscoPress anyway? I'm surprised they haven't approached you about it. Never did understand why Ceeesco used to have Firewall IOS covered on the PIX test anyway. Glad to see they've changed it. While I may go for CCSP the reason I bought yours is because of the areas you cover in it. I work with PIX's and have no training on them. It's a small part of my daily chores and I don't have the time to devote to learning about them that I wish I did. Too many other things to do and keep up with. Not much available on the PDM. Cisco's got squat on their site about it other than installation. Wonder what all I can do thru the PDM that I just don't know about. Thanks for writing the book. Mark Quoting Richard Deal : Mark, Actually, Mark, I'm one step ahead of you :-). My PIX book came out at the end of October from McGraw-Hill/Osborne. I wrote it as a non-certification book, but it covers everything you'd see on the new PIX exam. You can check out a free chapter on Osborne's web site: http://shop.osborne.com/cgi-bin/osborne/0072225238.html (watch the wrap!). I also have some extra stuff on my web site that I couldn't fit in the book because of page constraints. Just vist my home page below. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Mark Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So when are you going to write one, Rich? We're waiting. :) Quoting Richard Deal : John, The CSS1 exams are valid until the end of January, upon which you must take the new exams. CiscoPress doesn't have any books out yet on the new tests. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. John Cianfarani wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can we still write CSS1 or has it been replaced with the CCSP? Thanks John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 28, 2002 8:30 PM To: [EMAIL PROTECTED] Subject: RE: CSS1/CCSP [7:58241] I havent take the new CSI exam, but for CSS1 i suggest you do the following : MCNS - PIX - VPN - IDS, and if you already pass all of them, i dont think you would have problems with CSI. Ardi [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58299t=58241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Forrest Gump-like arp(?) question [7:56680]
I need to replace a router in a cabinet at the facility where my hosted servers and equipment is. My equipment is talking to the hosting facility's network via a port on a 6509 switch. I replaced my router and then nothing from my network could connect to the outside world. I waited about 2 minutes (during which time my entire site's down and my bosses get VERY nervous) and I never was able to connect from inside and my tester on the outside was never able to get in to me. I finally put router #1 back in and all was well again. I've scoured the configuration and #2's is identical with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the reason for this is the 6509 port's ARP cache is looking for the MAC address of router #1 and it ain't there anymore. Would this ass-u-me-ption be correct or is it possibly something else I'm not thinking/aware of? If it is an ARP issue, is there a way that I can remotely force the 6509 port to reset/clear/refresh it's ARP cache? I'm at a Sprint facility and I'd sooner get a live body (that's not a first level phone answerer anyway) to talk to me when I'm calling Mars than trying to get one at Sprint. Any ideas/thoughts/chastisements on missing the obvious here? As much as I'd like to work with Cisco gear full time, it's only a very small part of my current job and, consequently, due to my lack of familiarity with what you guys do all day every day, it's very likely that I'm missing something that all in the world except me know about. Thanks for any help or ideas. Mark Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56680t=56680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Forrest Gump-like arp(?) question [7:56680]
Thanks. I'll try that. I say the routers are identical. They are in config but not in IOS version. I need to implement some traffic policing and shaping using some commands that aren't available in the IOS version currently on #1. #2 has the latest IOS but w/o any of the QOS set up yet. My eventual goal is to have the two routers at the same IOS with shaping and policing setup in HSRP. I want to add #2 in while I take #1 offline and bring it up to the same IOS version. I guess that once #1 is back in the mix and I have HSRP setup then this will all be moot. Out of my own curiosity, if it turns out that it is the problem is there a way to force a refresh of the 6509 switch port other than tracking down someone at Sprint to manually clear it? Quoting Router Man : Change the mac-address of the second router to the mac-address of the first router using the mac-address comand. This will answer your question about the arp-cache. router(config-if)#mac-address .. Mark Smith wrote in message news:200211011409.OAA10912;groupstudy.com... I need to replace a router in a cabinet at the facility where my hosted servers and equipment is. My equipment is talking to the hosting facility's network via a port on a 6509 switch. I replaced my router and then nothing from my network could connect to the outside world. I waited about 2 minutes (during which time my entire site's down and my bosses get VERY nervous) and I never was able to connect from inside and my tester on the outside was never able to get in to me. I finally put router #1 back in and all was well again. I've scoured the configuration and #2's is identical with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the reason for this is the 6509 port's ARP cache is looking for the MAC address of router #1 and it ain't there anymore. Would this ass-u-me-ption be correct or is it possibly something else I'm not thinking/aware of? If it is an ARP issue, is there a way that I can remotely force the 6509 port to reset/clear/refresh it's ARP cache? I'm at a Sprint facility and I'd sooner get a live body (that's not a first level phone answerer anyway) to talk to me when I'm calling Mars than trying to get one at Sprint. Any ideas/thoughts/chastisements on missing the obvious here? As much as I'd like to work with Cisco gear full time, it's only a very small part of my current job and, consequently, due to my lack of familiarity with what you guys do all day every day, it's very likely that I'm missing something that all in the world except me know about. Thanks for any help or ideas. Mark [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56687t=56680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Forrest Gump-like arp(?) question [7:56680]
Unfortunately I don't have access to the 6509 or it would be a done deal. My stuff's at a Sprint co-lo facility and getting thru to a live tech across the country at Sprint is next to impossible. The 6509 is theirs and is what I connect to on their network to get out to the world. I was just looking for a way to force their equipment to clear or refresh it's arp cache. Thanks. Quoting Priscilla Oppenheimer : Can't you just do a clear arp on the 6509? That's a commonly-used IOS command. I would assume it works on the 6509. Or should I say ass-u-me it works. :-) Priscilla Mark Smith wrote: I need to replace a router in a cabinet at the facility where my hosted servers and equipment is. My equipment is talking to the hosting facility's network via a port on a 6509 switch. I replaced my router and then nothing from my network could connect to the outside world. I waited about 2 minutes (during which time my entire site's down and my bosses get VERY nervous) and I never was able to connect from inside and my tester on the outside was never able to get in to me. I finally put router #1 back in and all was well again. I've scoured the configuration and #2's is identical with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the reason for this is the 6509 port's ARP cache is looking for the MAC address of router #1 and it ain't there anymore. Would this ass-u-me-ption be correct or is it possibly something else I'm not thinking/aware of? If it is an ARP issue, is there a way that I can remotely force the 6509 port to reset/clear/refresh it's ARP cache? I'm at a Sprint facility and I'd sooner get a live body (that's not a first level phone answerer anyway) to talk to me when I'm calling Mars than trying to get one at Sprint. Any ideas/thoughts/chastisements on missing the obvious here? As much as I'd like to work with Cisco gear full time, it's only a very small part of my current job and, consequently, due to my lack of familiarity with what you guys do all day every day, it's very likely that I'm missing something that all in the world except me know about. Thanks for any help or ideas. Mark [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56709t=56680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Forrest Gump-like arp(?) question [7:56680]
Unfortunately I'm about 70 miles from the equipment right now. I'm headed that way tomorrow AM and will try it then. Thanks. Quoting routerman : Did changing the Mac address work? Mark Smith wrote in message news:200211011409.OAA10912;groupstudy.com... I need to replace a router in a cabinet at the facility where my hosted servers and equipment is. My equipment is talking to the hosting facility's network via a port on a 6509 switch. I replaced my router and then nothing from my network could connect to the outside world. I waited about 2 minutes (during which time my entire site's down and my bosses get VERY nervous) and I never was able to connect from inside and my tester on the outside was never able to get in to me. I finally put router #1 back in and all was well again. I've scoured the configuration and #2's is identical with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the reason for this is the 6509 port's ARP cache is looking for the MAC address of router #1 and it ain't there anymore. Would this ass-u-me-ption be correct or is it possibly something else I'm not thinking/aware of? If it is an ARP issue, is there a way that I can remotely force the 6509 port to reset/clear/refresh it's ARP cache? I'm at a Sprint facility and I'd sooner get a live body (that's not a first level phone answerer anyway) to talk to me when I'm calling Mars than trying to get one at Sprint. Any ideas/thoughts/chastisements on missing the obvious here? As much as I'd like to work with Cisco gear full time, it's only a very small part of my current job and, consequently, due to my lack of familiarity with what you guys do all day every day, it's very likely that I'm missing something that all in the world except me know about. Thanks for any help or ideas. Mark [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56714t=56680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Forrest Gump-like arp(?) question [7:56680]
Boy do I feel like a dumb*!$# about now.. In an effort to reduce downtime I booted #2 and let it get completely thru the boot process BEFORE switching the wiring around to take #1 down and bring #2 online, AFTER it had already done the ARP broadcast you mention below. I won't get a chance to try it until tomorrow but why do I get the strong feeling that it's gonna work fine when I do? For my own curiosity I'm gonna try what routerman suggested too. I've not tried to manully set a MAC address on anything before. I always either used the burned in address or let the processes running decide if they want to use virtual addresses. I guess that's why you're PRISCILLA and I'm forrest. I guess it's true what my mama always said Life is like a box of chocolates. Thanks. fg Quoting Priscilla Oppenheimer : A cisco router broadcasts a gratuitous ARP response announcing to the world its IP address when it boots. See this example: Ethernet Header Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast Source: 00:00:0C:3F:00:D4 Protocol Type:0x0806 IP ARP ARP - Address Resolution Protocol Hardware: 1 Ethernet (10Mb) Protocol: 0x0800 IP Hardware Address Length:6 Protocol Address Length:4 Operation:2 ARP Response Sender Hardware Address:00:00:0C:3F:00:D4 Sender Internet Address:172.16.10.1 Target Hardware Address:FF:FF:FF:FF:FF:FF Ethernet Broadcast Target Internet Address:172.16.10.1 Is your router not doing that for some reason? You could do some sniffing to see whether it does it. The gratuitous ARP should put the right ARP data into the 6509's ARP cache. So, I'm wondering if the ARP cache is the real problem. When you had the new router installed, what did show int ethernet display? Was it up/up? Can you send us some of your config for some more clues?? ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Mark Smith wrote: Unfortunately I don't have access to the 6509 or it would be a done deal. My stuff's at a Sprint co-lo facility and getting thru to a live tech across the country at Sprint is next to impossible. The 6509 is theirs and is what I connect to on their network to get out to the world. I was just looking for a way to force their equipment to clear or refresh it's arp cache. Thanks. Quoting Priscilla Oppenheimer : Can't you just do a clear arp on the 6509? That's a commonly-used IOS command. I would assume it works on the 6509. Or should I say ass-u-me it works. :-) Priscilla Mark Smith wrote: I need to replace a router in a cabinet at the facility where my hosted servers and equipment is. My equipment is talking to the hosting facility's network via a port on a 6509 switch. I replaced my router and then nothing from my network could connect to the outside world. I waited about 2 minutes (during which time my entire site's down and my bosses get VERY nervous) and I never was able to connect from inside and my tester on the outside was never able to get in to me. I finally put router #1 back in and all was well again. I've scoured the configuration and #2's is identical with #1 so I don't believe that is the problem. I'm ass-u-me-ing that the reason for this is the 6509 port's ARP cache is looking for the MAC address of router #1 and it ain't there anymore. Would this ass-u-me-ption be correct or is it possibly something else I'm not thinking/aware of? If it is an ARP issue, is there a way that I can remotely force the 6509 port to reset/clear/refresh it's ARP cache? I'm at a Sprint facility and I'd sooner get a live body (that's not a first level phone answerer anyway) to talk to me when I'm calling Mars than trying to get one at Sprint. Any ideas/thoughts/chastisements on missing the obvious here? As much as I'd like to work with Cisco gear full time, it's only a very small part of my current job and, consequently, due to my lack of familiarity with what you guys do all day every day, it's very likely that I'm missing something that all in the world except me know about. Thanks for any help or ideas. Mark [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56717t=56680 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP dumps????????????? [7:55156]
To paraphrase an old Saturday Night Live routine: Robertyou ignorant slut Did you happen to notice Erwin's email address? Erwin SG = Singapore. Erwin's comments *were* pretty stupid. Almost as stupid as yours. Take your US bashing somewhere else. Quoting Robert Edmonds : Nice racist attitude there. Nothing like good ole American bigotry posted all over the global Internet to win world favor. Keep it up!!! Erwin wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Go and find it in your own country ! Vinod Raju wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could someone please tell me where to avail latest CCNP dumps especially for BSCI (routing) and BSCSN (switching)? Please reply fast Thanx in advance, Raj [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55176t=55156 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN-SIMULATION [7:51598]
I've not tried this one but this is the cheapest simulator I've seen. http://www.vconsole.net/simulator_isdn.html Any one used this one? There are several others but all others I've seen are more than $1000. Maybe they have other functionality that this one doesn't but I can't imagine much else but a simple 2BRI ISDN connection that I'd need. Here's another one: http://www.cheapisdn.com/ (I usually see this one sell for about $1K on eBay) And a couple on eBay currently: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2046342178 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2046745550 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2046406202 Not exactly cheap and I'm sure that they're not what you were looking for but they'll do what you are looking for. With any of these you can use the S/T ports that you have available on your existing hardware. Quoting crow : Hi Group, need some advise what would be the best way to simulate a isdn connecten. (also the cheapest plz) my current lab include: 2x2501, 1x2503(1 BRIS/T),1x4000,1x4000m(8 briS/T) maybe some of you are having some experience and want to help me. Thx in advance Andy [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51603t=51598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Notes on salaries [7:51052]
Quoting Robert D. Cluett : I like this statement Times have changed, he said. Six years ago the technology was complex. Certification was important because it told an employer and customers that the certified professional could find his way around complicated networks. But now networks are easier to install and maintain. Now they've dumbed it down to the point where a 12-year-old can install a Cisco router, Mazurek said. Spoken like a true member of upper management. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51085t=51052 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Anniversary [7:45937]
Quoting Andrew Smith : On 06-Jun-2002, Howard C. Berkowitz wrote: At 10:33 AM -0400 6/6/02, Kenneth R. Snell wrote: Exactly one year as a made man. Time to start studying for the recert. So, I'm back! Ken #7544 I'm not sure I like the examplewhat if the Mafia required you to recertify in making your bones? :-) Might be useful for Noo Yawk CCIEs Be sure to study the newly implemented equine fragmentation protocol when translating from STABLE to BED. Aaa.fuhgit uhbow dit --- ** Andrew W. Smith ** [EMAIL PROTECTED] ** Senior Network Engineer ** ** http://www.neosoft.com/neosoft/staff/andrew ** 1-888-NEOSOFT ** ** NeoSoft, Inc. An Internet America Company 1-800-BE-A-GEEK ** ** Opportunities multiply as they are seized - Sun Tzu ** --- [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45961t=45937 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: yes i tried the groupstudy site and when all i [7:31036]
I'm in Hotel California. I can check out but I can never leave. :D Quoting Tom Lisa : Paul, Hey, here's an idea. Membership is free, removal by list owner requires a fee. Maybe then they will pay attention. Well, at least they will pay. :) Considering how many can't unsubscribe, you should cover the cost of several new servers in no time. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco Regional Networking Academy Paul Borghese wrote: [EMAIL PROTECTED] wrote: When i said i tried everything , i tried everything, the unsubscribe command at the sites and all other avenues and got back undeliverable mail I am not sure what was the problem as I was able to unsubscribe you by using the Listserver box on www.groupstudy.com. Following the instructions included in the link at the bottom of every e-mail would have also worked. So I am open to suggestions. I think it is pretty easy to get off the list, but am always open to suggestions on how to make it even easier. Paul Borghese [EMAIL PROTECTED] [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31118t=31036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: yes i tried the groupstudy site and when all i [7:31071]
Try emailing [EMAIL PROTECTED] and ask them to remove you. Quoting [EMAIL PROTECTED] : When i said i tried everything , i tried everything, the unsubscribe command at the sites and all other avenues and got back undeliverable mail thank you, joseph [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31071t=31071 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: yes i tried the groupstudy site and when all i [7:31036]
If I were guessing I would guess that the problem could be @aol.com. Possibly on several levels. Quoting Paul Borghese : [EMAIL PROTECTED] wrote: When i said i tried everything , i tried everything, the unsubscribe command at the sites and all other avenues and got back undeliverable mail I am not sure what was the problem as I was able to unsubscribe you by using the Listserver box on www.groupstudy.com. Following the instructions included in the link at the bottom of every e-mail would have also worked. So I am open to suggestions. I think it is pretty easy to get off the list, but am always open to suggestions on how to make it even easier. Paul Borghese [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=31097t=31036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OSPF across PIX [7:24608]
Try these for the access-group commands: access-group 101 in interface inside access-group 102 in interface outside -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Ramsey Sent: Tuesday, October 30, 2001 9:22 AM To: [EMAIL PROTECTED] Subject: Re: OSPF across PIX [7:24608] ahhh.. I may have to investigate this... This is interesting. I didn't realize pix had this abillity! -Patrick Engelhard M. Labiro 10/30/01 12:26AM Pat, Since OSPF uses IP protocol 89, permit this protocol between the two OSPF routers with access-list applied at outside and inside PIX interfaces, something like this: access-list 101 permit 89 host 1.1.1.1 host 2.2.2.2 access-list 102 permit 89 host 2.2.2.2 host 1.1.1.1 access-group 101 interface inside access-group 102 interface outside At the OSPF routers, put neighbour command, so they can speak each other directly without multicasting the hello packets. Hope you get the idea. - Original Message - From: pat To: Sent: Tuesday, October 30, 2001 1:01 PM Subject: OSPF across PIX [7:24608] Does anybody has any ideas on how to run OSPF across firewall. What ports to be open how to make router esablish nighbour relations across firewall. Any thought on this will be greatly appriciated. Thanks, patterson. __ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=24664t=24608 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 'It's not the US they want to destroy. It's our arrogance' [7:20005]
I might say the same thing to you. Our American hearts go out to you. You'll pull through Gareth. You always do. :) Mark Smith PS: Thanks for the kind words. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gareth Hinton Sent: Thursday, September 13, 2001 8:32 PM To: [EMAIL PROTECTED] Subject: Re: 'It's not the US they want to destroy. It's our arrogance' [7:19889] I have no answers, Which is especially unfortunate as I have a CIT exam in 9 hours. Our British hearts go out to the people of the US during these terrible times. You'll pull through, you always do. Curtis Phillips wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am curious if our non-American friend would attempt to defend the British government and their history of foriegn policy? - Original Message - From: A non-American To: Sent: Thursday, September 13, 2001 1:20 PM Subject: RE: 'It's not the US they want to destroy. It's our arrogance' [7:19805] Gutless ? What cause would you train months for with a guarantee of death or life imprisonment ? The facts as I see them are - A. the victims were blameless and deserved nothing of what they received. My heart goes out especially to the rescue crews, imagine dying trying to help! B. the organisation and commitment was amazing, in a nuclear world retaliation must be very precise and fully calculated rather than knee-jerk. Do not underestimate these people, it would be very dumb indeed to assume that they are less intelligent than yourselves. C. many reading this will not like this but the actions of the US government for decades has been in the interest of the US and much blood has been spilt by them and 3rd parties funded by them. Is the hatred you feel for your attackers of your people less valid than theirs ? What attack against these people would you find unacceptable ? The gloves are off - no ? Somebody else out there feels this against your country. The US must try and find these people to make them answer for this but must also look inwards at the same time!! priority is to stop it happening again no ? Look at the tit for tat mess Israel is in... I'm English and for a long time American money has paid for bullets and semtex used in my country - children are dead as are many policemen not to mention the civilians popped off because they have the wrong religion. The level of ignorance in the US is truly amazing, everybody outside the US is disgusted by this act but not many are asking why, we've got a pretty good idea. Word of advice - we get CNN too and it's biased as hell, listen to the news from somewhere ANYWHERE else once in a while. A non-American -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Fenech, William J Sent: 13 September 2001 01:55 To: [EMAIL PROTECTED] Subject: RE: 'It's not the US they want to destroy. It's our arrogance' [7:19699] Don't waste your time with idiots like this (aka Reeta Sinha). The people who pulled off this gutless act, and the ones who support them should be exterminated, pure and simple. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20005t=20005 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Deepest Sympathy [7:19532]
My sister in law was hit by falling debris from the second building as she was leaving the first building but she is alive. She is so much luckier than what I fear may end up being many thousands of others are. My heart, prayers and tears go to all those survived and the families and friends of those that didn't. Quoting Wayne Lawson : On behalf of IPexpert, Inc. our deepest sympathy, thoughts and prayers go out to all of the hearts affected by today's tragic act. May God bless the victims of today's tragedy and comfort their families friends. With deepest sympathy, Management Technical Staff [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19537t=19532 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Failover cable [7:18001]
Does anyone have the part number for the failover cable for a 515 PIX. Mine went MIA during a company move. I can't find on Cisco's or any vendor's site where I can order just the cable by itself. A part number would be really nice. Next best thing would be the pin out for the cable so I could (maybe) modify a standard cable. Couldn't find that either. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=18001t=18001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN Basics help needed--beginner [7:12406]
Explain VPN's to me - what you are asking is not a 25 words or less response. They've written entire books answering the questions that you're asking. One of the best books that I've read on the subject is a Cisco Press book called Managing Cisco Network Security. It covers basics about VPN's and tunnels quite well and is very readable for beginners to this subject (which I'm not far from myself). Some of the cryptography books that I've looked at are written by and for PHD's. This one is written for folks that have to learn and implement Cisco security/firewalls/VPN technology and may not have much experience at it. It's here at http://www-selfpacedorders.cisco.com/smPage?k=680260492t=psrlevel=client_html/22/v2/detailsku_id=1588parent_id=103 Another Cisco training tool that may be helpful is http://www-selfpacedorders.cisco.com/smPage?k=680260492t=psrlevel=client_html/22/v2/detailsku_id=parent_id=103,111 Cisco has another book out now (I don't recall the title right now) that I saw the other day nut frankly it just looks like a smaller version of the MCNS book that's been rearranged a little. Not bad info - just not much new info but my view of it was limited to the couple of minutes that I leafed through it. There may be more in it than I saw. Quoting Arun : Hi i am new to this VPN world i need to know some basics about it .how do i start lets say i have mainoffice i want to connect it ot my clients ...take may be 2 from different lcoations . Location1 mainoffice --| Location 2 now i know that both location 1 and 2 have their own connectivity to the internet and also mainoffice if we have to go for cheap solution. If i have a internet connection from main office say 3600 series router and may be other location it coould be same .(do we require this) Thats it ..all i know about VPN My question are for the locations 1 and 2 ,what will be we using to connect to mainoffice ..VPN clients i think are these clients to be from cisco for it to work with it can anybody tell in brief about how it all works then i think i should go about other things. I have read cicso have products for VPN ...what they basically do ...security i think is main thing ..or they do somethig else besides that. if ihave a Pix won't it solve the purpose if i let only certain ip's (which ip's i don't know) to have access. i am really confused i tried reading about it but i cann't find the basic things ..any help will be appreciated. Regardss arun Sharma [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12414t=12406 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2008 Olympics Goes to Beijing [7:12286]
And then deny any of it ever happened Quoting Dennis H : Great... now they can beat, torture, and execute some athletes... Bosco wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... 2008 Olympics Goes to Beijing !@!@Beijing has won the host of the 2008 Summer Olympic Games -- 3Comp.Broadband - $@-S1M,01zS3]o,J 3Comp.Broadband - Your own Broadband Newsgroup news://news.3home.net/3comp.broadband 3talk.ITPeople - IT$Ho,J%@,I 3talk.ITPeople - IT People's World news://news.3home.net/3talk.ITpeople $@-S$Q%D1P.{)M+D$Q%D1P.{o,J+H%u60$$a!C news://news.3home.net/3talk.catholic $T+N9q0T( news://news.3home.net/3talk.telecom 3home DIY/overclocking/problem*)$w8gX(V,0hardware*) 3home hardware*)Cover Team(-{$'$@ news://news.3home.net/3Comp.hardware %?! news://news.3home.net/3Comp.tweak $G$b9q8#3n5wEi6R=f news://news.3home.net/3Comp.forsale [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=12306t=12286 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Weird VPN issue [7:11055]
I am using several PIX units to tunnel between locations for where I work. The Pix to Pix tunnels works fine. I also have users tunneling in from home/dialup/remotely however they chose to connect. These connections work almost fine. They all share the same issue. They cannot see one NT4 server on the internal network. They can't map drives to it and they can't even ping the IP address. Unfortunately there are user files on this box. All other internal addresses are completely accessible through their external connection except this one. I called Cisco TAC and they just shrugged their shoulders on this one. This box is a domain controller, internal DHCP and WINS server and has some users flat files stored on it (no apps running on it) and I have a DFS share pointing to a directory it. Don't know if that matters any. Any ideas as to why I can access the entire 172.25.1.0 network except for 172.25.1.21? Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11055t=11055 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DELIVERY FAILURE: User r wilewski (r wilewski@ibmpl) not [7:11158]
Maybe he was driving IBM crazy too and that's why he's not there anymore. Quoting Sam Sneed : Yeah, he's driving me crazy too!!! Circusnuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yes- can we get rid of this guy !!! - Original Message - From: Allen May To: Sent: Thursday, July 05, 2001 12:34 PM Subject: Fw: DELIVERY FAILURE: User r wilewski (r wilewski@ibmpl) not [7:11091] Does anyone else get this with every single sent message? Can we get it removed it from the list? I've been getting this for over a week now. Allen - Original Message - From: To: Allen May Sent: Thursday, July 05, 2001 11:27 AM Subject: DELIVERY FAILURE: User r wilewski (r wilewski@ibmpl) not listed in public Name Address Book Your message Subject: Re: IPSec question [7:10965] was not delivered to: [EMAIL PROTECTED] because: User r wilewski (r wilewski@ibmpl) not listed in public Name Address Book [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=11158t=11158 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Recommendations on PIX upgrade [7:10380]
This may be a stupid question but that's never stopped me from asking before. At one site I have 2 UR 515's running in failover config. They are at 5.2(1) software. I'd like to upgrade them but can only afford an absolute minimum of down time (measured in seconds, maybe). From what I've read about the PIX units, for failover to work, I believe each unit must be configured identically - same hardware, OS version, configuration - or failover doesn't work. What my plan currently is to start by taking the standby PIX (PIX2) down and do a 6.0.1 upgrade. I guess the question that I have is, and here comes the stupid part, if I reconnect the two with PIX2 at 6.0.1 and PIX1 still at 5.2(1) will anything bad happen (my hair fall out, I contract an incurable STD, smoke come from either/both of the boxes)? Assuming that nothing horrible happens, when I take the PIX1 box down to upgrade it will PIX2 (now on a different OS version) detect that the hot PIX has dropped offline and come up as in failover? If it won't on it's own can I do a failover active or a similar command to force PIX2 to become active? Will the children play well together again after I do a 6.0.1 upgrade on PIX1? Or will I have to bring PIX2 down, upgrade it (while PIX1 is still up) and then bring PIX1 down (leaving PIX2 down), upgrade it and then bring both back up together once they are on the same OS version level? I realize that with a laptop that has TFTP server software connected to PIX1 and has the pix601.bin image on it the upgrade process doesn't take long. But if I choose the last method of taking both boxes down that, by the time that cables are switched around as required, box(es) are rebooted, bring the 2nd box up in monitor mode, copy the image, reboot, reconnect failover cabling (as needed), the process would probably measured in minutes of total down time before both would be back online. That might as well be days as far as my bosses are concerned. Just looking for alternatives. Thanks for any advice/experience/thoughts. Sorry if this doesn't belong in studygroup.com. I just know that there's a lot of experience and common sense here. (END stupid questions) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=10380t=10380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Recommendations on PIX upgrade [7:10380]
Thanks for the ideas, Allen. I'll probably just give that a try. I just am still not sure if, once I bring PIX1 back online after doing an upgrade on it and connect it to PIX2, and now they're at different versions, if the xlate table will sync back up on PIX1. If not and I make PIX1 hot and take PIX2 down for an upgrade to it, then it will just take a little while for that table to rebuild on PIX1 and folks will get timeouts during that rebuilding time. I'll give it a try though. Thanks. Quoting Allen May : I think you're overdoing the solution when you have an almost zero downtime solution ni front of you. Just fail the first unit let the 2nd take over. Then with the first one offline, upgrade it let the failover..well...failover ;) When done just make sure the config is correct on the first one and do whatever it takes to get the first one back online. I've never tried just shutting the failover box off to see if it would trigger back to the first box with a different OS but even if that fails just reboot the first one and it should come back up happy. Now your network is back the way it was with only 2 very small windows of downtime. Upgrade 2nd PIX and hook up failover. If you're concerned about the primary taking over again when you're trying to upgrade, don't. Just boot it up hitting ESC so it doesn't load the config so you can manually give it an IP, subnet, gateway, and tftp server address. Without the config loaded it won't be part of the failover. Allen - Original Message - From: Mark Smith To: Sent: Friday, June 29, 2001 1:53 AM Subject: Recommendations on PIX upgrade [7:10380] This may be a stupid question but that's never stopped me from asking before. At one site I have 2 UR 515's running in failover config. They are at 5.2(1) software. I'd like to upgrade them but can only afford an absolute minimum of down time (measured in seconds, maybe). From what I've read about the PIX units, for failover to work, I believe each unit must be configured identically - same hardware, OS version, configuration - or failover doesn't work. What my plan currently is to start by taking the standby PIX (PIX2) down and do a 6.0.1 upgrade. I guess the question that I have is, and here comes the stupid part, if I reconnect the two with PIX2 at 6.0.1 and PIX1 still at 5.2(1) will anything bad happen (my hair fall out, I contract an incurable STD, smoke come from either/both of the boxes)? Assuming that nothing horrible happens, when I take the PIX1 box down to upgrade it will PIX2 (now on a different OS version) detect that the hot PIX has dropped offline and come up as in failover? If it won't on it's own can I do a failover active or a similar command to force PIX2 to become active? Will the children play well together again after I do a 6.0.1 upgrade on PIX1? Or will I have to bring PIX2 down, upgrade it (while PIX1 is still up) and then bring PIX1 down (leaving PIX2 down), upgrade it and then bring both back up together once they are on the same OS version level? I realize that with a laptop that has TFTP server software connected to PIX1 and has the pix601.bin image on it the upgrade process doesn't take long. But if I choose the last method of taking both boxes down that, by the time that cables are switched around as required, box(es) are rebooted, bring the 2nd box up in monitor mode, copy the image, reboot, reconnect failover cabling (as needed), the process would probably measured in minutes of total down time before both would be back online. That might as well be days as far as my bosses are concerned. Just looking for alternatives. Thanks for any advice/experience/thoughts. Sorry if this doesn't belong in studygroup.com. I just know that there's a lot of experience and common sense here. (END stupid questions) [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=10417t=10380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP FINISHED AT LAST!!! [7:9461]
Congrats Michael. Quoting Michael L. Williams : On a wild hair, I changed my CIT from this Sunday to today (called Prometric this morning)... Scored a 908!!! Woohoo So I guess I need to update my signature =) Thanks to all in the group who like to talk and argue about things most people could care less about! Now it's on to CID... I hear that's a bear of an exam. We'll see =) Mike W. CCNP, CCDA, CVOICE [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=9472t=9461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]