RE: Network Monitoring [7:63532]

[Rob Bains]

You may also want to look at netsaint or MRTG. 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sonic
Sent: February 21, 2003 3:29 PM
To: [EMAIL PROTECTED]
Subject: Re: Network Monitoring [7:63532]

Whats up Gold by Ipswitch migh do it for you?
http://www.ipswitch.com/Products/WhatsUp/index.html

Brian

Kevin Banifaz  wrote in message
news:[EMAIL PROTECTED]
 Does anyone know of any free or really cheap network monitoring tools,
I
 work for a real cheap company and I can't get them to shell out for HP
OV.
 I appreciate a response.

 Thanks in advance

 Kaveh





 _
 The new MSN 8: advanced junk mail protection and 2 months FREE*
 http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63537t=63532
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: cisco router as DHCP server [7:58049]

[Rob Payne]

Yes it can, but must be IOS 12.0(1)T or later

 DHCP:
 ip dhcp pool cisco (specifies cisco as the string used for
the address pool)
  network 10.1.1.0 255.255.255.0(range of addresses for pool)
  default-router 10.1.1.254 (defines a default gateway to be leased
out)
  lease 0 0 15  (0 days, 0 hours, 15 minute lease)
  dns-server x.x.x.x
  domain-name cisco.com

(GLOBAL)
ip dhcp excluded-address 10.1.1.1   (LAN interface addresses, etc)


Rob Payne, CCIE #8325
Cisco Systems - AES (NSA)
Cellular:479-366-0629
E-mail:  [EMAIL PROTECTED]
Pager:   1-888-342-7923  OR
 [EMAIL PROTECTED]

Success is a Journey... Not a Destination

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
puro prasad
Sent: Monday, November 25, 2002 1:07 PM
To: [EMAIL PROTECTED]
Subject: cisco router as DHCP server [7:58049]


Hi all,
can a cisco router act as a DHCP server by itself?

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58055t=58049
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Block MSN Messenger [7:57595]

[Mears, Rob]

Yes and I have done it all via the PIX
Where you run into problems is when they use port 80.

Rob

Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+
LAN Engineer and Technical Mercenary
Valor Telecom
469.420.2656


-Original Message-
From: vikramjskeer [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 19, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: Block MSN Messenger [7:57595]

Hi All,


Very rightly said that these messengers use so many servers and so many
ports that it's kind of impossible to block them all. But you can very
easily do it, right on the OS level. I know about the Win2K that you can
set
up some system policies with which you can directly block these exes
themselves.


Hope it helps:


Regards,


Vikram

Lidiya White wrote:



Try to block the login servers:
http://acronymsonline.com/im_ips.htm

-- Lidiya White



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Josh Green
Sent: Monday, November 18, 2002 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: Block MSN Messenger [7:57595]


It is possible, however Messenger uses so many different ports on so
many
different servers that it's not worth your time.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 8:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Block MSN Messenger [7:57595]

no. don't waste your time.


Ahed Naimi wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
gt; Dear All;
gt;
gt; Is there any way to block MSN Messenger by using the access-list
statements
gt; on an IOS Cisco router.
gt;
gt; Thanks All.
Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in
Change the way you talk. Indiatimes presents Valufon, Your PC to Phone
service with clear voice at rates far less than the normal ISD rates. Go
to
http://www.valufon.indiatimes.com. Choose your plan. BUY NOW.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57717t=57595
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: what program can decrypte secret password? [7:55680]

[McConnell Rob]

Kenny   The cisco passwords encrypted using Service Password Encryption 
(type 7) use an encrytion scheme known as Vigenier. Its been around since
the 1600 (the date not the router), basically its a replacement algorithm
and is easily cracked.  The cisco secret is an MD5 digest of your password
and is uncrackable. However, if you have a copy of the encrypted password
you can use a brute force tool to determine the password.  Look for a tool
called Tomas , and add to the dictionary the most likely passwords that you
may have used eg cisco

regards

Rob


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=55763t=55680
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: dhcp client cisco 2500 [7:52922]

[Rob Wright]

I don't know about autoinstall, but version 12.2.x will support DHCP... I'm
using it to grab my IP from my Cable Provider.


Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52926t=52922
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Review of network design, any takers ? [7:52776]

[Rob Wright]

I'd also be willing.

Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52794t=52776
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ICQ and blocking the thing-PIX [7:52285]

[Mears, Rob]

So true but ICQ is using port 80, which kills me

-Original Message-
From: Creighton Bill-BCREIGH1 [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 29, 2002 12:07 PM
To: [EMAIL PROTECTED]
Subject: RE: ICQ and blocking the thing-PIX [7:52285]

Make sure that you carefully figure out the correct side of the
connection.
ICQ server runs on port 4000, and the client chooses a random
high-numbered
port. That means you will see UDP packets FROM (inbound/source) port
4000
going to the random port. In other words, don't go looking in a port
database trying to figure what that random, high-numbered port means.
The
significant port is the source.

HTH

Bill Creighton CCNP
Senior System Engineer
Motorola
iDEN CNRC Packet Data


-Original Message-
From: Mears, Rob [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 29, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: ICQ and blocking the thing-PIX [7:52285]

Hi Cisco gods,

I have successfully blocked all chat services at the PIX firewall, I
think. As I walk around and find people using MSN or Messenger I find
that public proxy they are using and kill it too. BUT, I am having a
hell of a time with ICQ. I do have all the ports UDP and TCP blocked so
it does not work UNLESS they use port 80. This is where I am stuck, I
cant block port 80 as you know so how do I kill this monster?   Has any
one had luck with this and has anyone found a way to stop the public
proxy usage?   I really feel as if I am fighting a losing battle, cuss
for every block I am countered with a way around it.  

My inside ACL in the pix is quite impressive and all just for blocking
this crap, if anyone would like it for theirs I will provide as it is
proven and works, with exception to ICQ.  


HELP WANTED

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52606t=52285
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ICQ and blocking the thing-PIX [7:52285]

[Mears, Rob]

Yep all steps you stated have been covered, but Employees will be
employees.
What can I say?





-Original Message-
From: Elijah Savage III [mailto:[EMAIL PROTECTED]] 
Sent: Friday, August 30, 2002 3:49 PM
To: [EMAIL PROTECTED]
Subject: RE: ICQ and blocking the thing-PIX [7:52285]

ICQ now has a web based version also, just go the web put in your ID and
your on. Now being devils advocate I am aware of the trojans and viruses
that get spread on ICQ, but if it is not interferring with work progress
then why such the hassle. It seems as if your burning more cycles trying
to block it when it almost seems to me that this is a loosing battle.
The only recourse I think you have is to go to HR with your security
plan have them put this in your computer ussage policy for work and then
brief everyone of the employees why this is a no no. I have sniffed the
web version with sniffer pro and it looks to me it strictly uses port
80.

But just by blocking it and I do not know if you are notifying anyone or
if this is in your security poilicy it just seems like you're a loose
renegade on the network to implement your own security policy which will
tick people off. I think if you take my approach above and people
understand why your are doing it then it is less likely to turn
whirlwinds into a hurricane of upset users especially if it was allowed
in the past.

NO BASHING please :) you may have took these steps already then if so
the only thing to do is report them to HR especially if it is causing
problems for you on the network and putting business assets at risk.

-Original Message-
From: Shawn Heisey [mailto:[EMAIL PROTECTED]] 
Sent: Friday, August 30, 2002 4:21 PM
To: [EMAIL PROTECTED]
Subject: Re: ICQ and blocking the thing-PIX [7:52285]


I may be off my rocker, but I think it's possible that you could set up
an IDS system that blocks access to any IP on the outside that sends
packets to your network that look like ICQ.  At the very least it could
record the addresses for future inclusion into ACLs.

This won't block the people who set up SSH tunnelling as described in
other messages, but you can make it a violation of security policy to
use that kind of back door.

Thanks,
Shawn

Mears, Rob wrote:
 
 Hi Cisco gods,
 
 I have successfully blocked all chat services at the PIX firewall, I 
 think. As I walk around and find people using MSN or Messenger I find 
 that public proxy they are using and kill it too. BUT, I am having a 
 hell of a time with ICQ. I do have all the ports UDP and TCP blocked 
 so it does not work UNLESS they use port 80. This is where I am stuck,
I
 cant block port 80 as you know so how do I kill this monster?   Has
any
 one had luck with this and has anyone found a way to stop the public
 proxy usage?   I really feel as if I am fighting a losing battle, cuss
 for every block I am countered with a way around it.
 
 My inside ACL in the pix is quite impressive and all just for blocking

 this crap, if anyone would like it for theirs I will provide as it is 
 proven and works, with exception to ICQ.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52607t=52285
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ICQ and blocking the thing-PIX [7:52285]

[Mears, Rob]

Hi Cisco gods,

I have successfully blocked all chat services at the PIX firewall, I
think. As I walk around and find people using MSN or Messenger I find
that public proxy they are using and kill it too. BUT, I am having a
hell of a time with ICQ. I do have all the ports UDP and TCP blocked so
it does not work UNLESS they use port 80. This is where I am stuck, I
cant block port 80 as you know so how do I kill this monster?   Has any
one had luck with this and has anyone found a way to stop the public
proxy usage?   I really feel as if I am fighting a losing battle, cuss
for every block I am countered with a way around it.  

My inside ACL in the pix is quite impressive and all just for blocking
this crap, if anyone would like it for theirs I will provide as it is
proven and works, with exception to ICQ.  


HELP WANTED

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52285t=52285
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SolutionLabs [7:51753]

[Wright Rob]

Doesn anyone have experience with the labs from SolutionLabs.com ?

Thanks

Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51753t=51753
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

SolutionLabs [7:51754]

[Wright Rob]

Doesn anyone have experience with the labs from SolutionLabs.com ?

Thanks

Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51754t=51754
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Netscreen and Cisco PIX [7:51294]

[Mears, Rob]

Hello,
 
Anyone have a working config example from a Ntescreen that is doing VPN to a
Pix ?
 
Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51294t=51294
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Looking for the best storage strategy [7:48708]

[Rob Bains]

Sounds like you need to look at a centralized data management facility
consisting of some type of tape library (they range anywhere from 20 to
several hundred tapes and 20+ drives with the ability to cascade them
together). It all depends on what the size, demographics, and the
backup/recovery requirements are of your systems. If you are considering
a dedicated, centralized backup facility, you'll definitely need a
dedicated network although I've seen many people sharing the network
with their corporate network(which is not a recommended practice). If
your budget allows and your requirements are such that you can justify a
higher end solution, SAN is more recommended solution.

For backup, Veritas has all kinds of solutions i.e DataCenter,
BackupExec depending on your needs and scope. 

You may want to checkout www.backupcentral.com to get some more ideas on
this.

HTH

  Rob

SCSA, SCNA, CCNA


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Steven A. Ridder
Sent: Saturday, July 13, 2002 7:38 AM
To: [EMAIL PROTECTED]
Subject: Re: Looking for the best storage strategy [7:48708]

Legatio and a SAN.  I probably spelled it wrong, but that's the best
package.


Firesox  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Folks, I searching for the best way to do the backup for servers.
Currently
 we have local backup tape devices running Backup Exec.  I need to find
the
 best way to take this local backup to some kind of remote device.  I
 understand there are many ways such as SAN, Fiber Channel, etc.. but
would
 like to best way to do the automatic backup of servers remotely.
 Any thoughts would be greatly appreciated.
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 7/1/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 7/1/2002




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48740t=48708
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX525\Web Sense and Chat programs [7:46013]

[Mears, Rob]

Very well

Thanks
Rob

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 2:25 PM
To: Mears, Rob; [EMAIL PROTECTED]
Subject: RE: PIX525\Web Sense and Chat programs [7:46013]

For aol just block access to the login servers.

Login.oscar.aol.com ( it used to be this )
For Yahoo, it much more difficult, and time consuming. You will also
inadvertanly block access to some portions of the yahoo website.
I used a sniffer and my PC to see what servers that YIM logged into. I
would
block the one I connected to, and then restart the sniffer and the
software.
It took about 8 hours, but I managed to block YIM. Of course that was
after
they told me it couldn't be done :) Yahoo made a bad mistake telling me
that.
ICQ uses TCP 6667 If I remember correctly. Since I have only allowed
certain
traffic through the FW, It was already blocked.

It takes time to get it figured out, but these programs CAN be blocked.
If
nothing else, just deny access to all of yahoo, but inserting a bad
yahoo.com in your domain server!

Thanks

Larry 

-Original Message-
From: Mears, Rob [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 9:31 AM
To: [EMAIL PROTECTED]
Subject: PIX525\Web Sense and Chat programs [7:46013]


Hello Cisco people

We are using Web Sense to block most of the Sites that we feel necessary
but
have had problems with programs like AOL, MSN, ICQ chat programs. So I
am
going to stop this at the PIX and was wonder who out there had blocked
Chat
programs in the enterprise, and methods used. I fully understand the
steps
needed to block what is needed on the PIX but was wanting to hear horror
storied or problems you might have encountered. I would also like to
know
what sites (address\protocols) you had to block to stop these programs
because some are http based. (AIM, MSN,ect). For those of you who have
applied rules to the inside interface of the pix, did you notice any
performance issues or any other problem related to having all outbound
traffic filtered?



Thank you


Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical
Mercenary Valor Telecom.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46194t=46013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Question about the 350 series AP [7:45971]

[Mears, Rob]

Mine has both

-Original Message-
From: Henry D. [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 1:18 PM
To: [EMAIL PROTECTED]
Subject: Re: Question about the 350 series AP [7:45971]


Mine included everything.

Roberts, Larry  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 OK,

 Can someone confirm/deny that the 350 will only accept in-line power? 
 Does it come with the in-line power injector, or is this a separate 
 item? I have read everything I can and all points say it only has 
 in-line power, but none say whether this is included ( I can't image 
 it wouldn't be )


 Thanks

 Larry




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46204t=45971
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX525\Web Sense and Chat programs [7:46013]

[Mears, Rob]

Cisco People

This is how u block Messenger access on a PIX firewall and it works
Some might ask why not just block all and permit the other, and this is
the way I would like to do it one day, But to encounter the least amount
of down time I chose to apply in this fashion.



To block chat programs, simply use access-list on PIX. 
Some of the common chat programs use following ports 

**common chat ports** 
tcp 6667 (irc) 6660- 6670 (the default being 6667). 
tcp 6665-6669 (common IRC) 
tcp 5190 (aol) 
tcp 5190, dyn =1024 (aol ICQ) 
tcp/udp 5190-5193 (aol) 
tcp 1863 (msn) 
tcp/udp 4020 (ichat) 
tcp 5000-5001 and udp 5000-5010 (Yahoo voice chat) 
tcp 5050 (Yahoo messages) 
tcp 5100 (Yahoo Webcams) 

Below you can get the config for the pix

access-list acl_inside deny tcp any any eq aol
access-list acl_inside deny tcp any any eq 1024
access-list acl_inside deny tcp any any eq 1863
access-list acl_inside deny tcp any any eq 4020
access-list acl_inside deny tcp any any eq 5050
access-list acl_inside deny tcp any any eq 5100
access-list acl_inside deny udp any any eq 4020
access-list acl_inside deny tcp any any range 6665 6669
access-list acl_inside deny udp any any range 5190 5193
access-list acl_inside deny tcp any any range 6660 6670
access-list acl_inside deny tcp any any range 5000 5001
access-list acl_inside permit tcp any any


Hope this helps someone
Thanks
Rob

-Original Message-
From: Mears, Rob 
Sent: Monday, June 10, 2002 8:11 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX525\Web Sense and Chat programs [7:46013]


Very well

Thanks
Rob

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 2:25 PM
To: Mears, Rob; [EMAIL PROTECTED]
Subject: RE: PIX525\Web Sense and Chat programs [7:46013]

For aol just block access to the login servers.

Login.oscar.aol.com ( it used to be this )
For Yahoo, it much more difficult, and time consuming. You will also
inadvertanly block access to some portions of the yahoo website. I used
a sniffer and my PC to see what servers that YIM logged into. I would
block the one I connected to, and then restart the sniffer and the
software. It took about 8 hours, but I managed to block YIM. Of course
that was after they told me it couldn't be done :) Yahoo made a bad
mistake telling me that. ICQ uses TCP 6667 If I remember correctly.
Since I have only allowed certain traffic through the FW, It was already
blocked.

It takes time to get it figured out, but these programs CAN be blocked.
If nothing else, just deny access to all of yahoo, but inserting a bad
yahoo.com in your domain server!

Thanks

Larry 

-Original Message-
From: Mears, Rob [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 9:31 AM
To: [EMAIL PROTECTED]
Subject: PIX525\Web Sense and Chat programs [7:46013]


Hello Cisco people

We are using Web Sense to block most of the Sites that we feel necessary
but have had problems with programs like AOL, MSN, ICQ chat programs. So
I am going to stop this at the PIX and was wonder who out there had
blocked Chat programs in the enterprise, and methods used. I fully
understand the steps needed to block what is needed on the PIX but was
wanting to hear horror storied or problems you might have encountered. I
would also like to know what sites (address\protocols) you had to block
to stop these programs because some are http based. (AIM, MSN,ect). For
those of you who have applied rules to the inside interface of the pix,
did you notice any performance issues or any other problem related to
having all outbound traffic filtered?



Thank you


Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary Valor Telecom.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46207t=46013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX525\Web Sense and Chat programs [7:46013]

[Mears, Rob]

Hello Cisco people

We are using Web Sense to block most of the Sites that we feel necessary
but have had problems with programs like AOL, MSN, ICQ chat programs. So
I am going to stop this at the PIX and was wonder who out there had
blocked Chat programs in the enterprise, and methods used.
I fully understand the steps needed to block what is needed on the PIX
but was wanting to hear horror storied or problems you might have
encountered. I would also like to know what sites (address\protocols)
you had to block to stop these programs because some are http based.
(AIM, MSN,ect).
For those of you who have applied rules to the inside interface of the
pix, did you notice any performance issues or any other problem related
to having all outbound traffic filtered?



Thank you


Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary
Valor Telecom.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46013t=46013
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX - Why NO glaobal (outside) command [7:45676]

[Mears, Rob]

The statement 
NAT and GLOBAL is used for inside to outside communication.

STATIC is used for outside to inside communication.
No longer holds true but it is a good rule to keep you straight.  Check
out ios PIX 6.2, they have removed the rules as we know it.

You can now do a satatic (outside,inside)or a   nat 1 (outside)
x.x.x.x

Cool stuff

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary
Valor Telecom.com


-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] 
Sent: Monday, June 03, 2002 12:43 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX - Why NO glaobal (outside) command [7:45676]


NAT and GLOBAL is used for inside to outside communication.

STATIC is used for outside to inside communication.

Since the device(s) we're talking about seems to be a server/service of
some kind located on your inside network, you use the NAT 0 to let the
server communicate outbound with the same (unNATed) IP address, and you
use STATIC with the same IP for global and local so outside clients can
access the services running on the server.

Hth,

Ole

~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~
 http://www.RouterChief.com
~
 Need a Job?
 http://www.OleDrews.com/job
~




-Original Message-
From: Karagozian Sarkis [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 11:02 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX - Why NO glaobal (outside) command [7:45676]


Thanks Ole,

I just noticed the nat 0 

Here is how this old PIX is configured:

nat (inside) 0 216.119.xx.0 255.255.255.0 0 0 
static (inside,outside) 216.119.xx.0 216.119.xx.0 netmask 255.255.255.0
0
0   -- why same IP for both??
static (websvers,oustide) 216.119.xx.240 216.119.xx.240 netmask
255.255.255.240 0 0  --- also same IP for both ??

Can u explain. more...
Thanks
Sarkis




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45700t=45676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Please confirm (conf#5c214c1a2179c93c3a80627ad4edc7b1) [7:45500]

[Rob Bains]

Anyone knows what these messages are about? I've seeing them quite
frequently over the last little while.

Thanks.

== RB ==

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Richard L. Pickard
Sent: Thursday, May 30, 2002 9:20 PM
To: [EMAIL PROTECTED]
Subject: RE: Please confirm (conf#5c214c1a2179c93c3a80627ad4edc7b1)
[7:45493]

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 11:01 AM
To: [EMAIL PROTECTED]
Subject: Please confirm (conf#5c214c1a2179c93c3a80627ad4edc7b1)

Hi,

You have tried to post to GroupStudy.com's Professional mailing list.
Because
the server does not recognize you as a confirmed poster, you will be
required
to authenticate that you are using a valid e-mail address and are not a
spammer. By confirming this e-mail you certify that you are not sending
Unsolicited Bulk Email (UBE).

PLEASE DO NOT SEND YOUR ORIGINAL MESSAGE AGAIN!  BY CONFIRMING THIS
EMAIL
YOUR ORIGINAL MESSAGE (WHICH IS NOW QUEUED IN THE SERVER) WILL BE
POSTED.


By confirming this e-mail you also certify the following:

1. The message does NOT break Cisco's Non-Disclosure requirements.

2. The message is NOT designed to advertise a commercial product.

3. You understand all postings become property of GroupStudy.com

4. You have searched the archives prior to posting.

5. The message is NOT inflammatory.

6. The message is NOT a test message.

To confirm, simply reply to this message.  No editing is necessary.
Once
confirmed, you will be able to post without additional confirmations.


Welcome to GroupStudy.com!


--ORIGINAL MESSAGE-

From [EMAIL PROTECTED]  Tue May 21 13:00:41 2002
Received: (from news@localhost)
by groupstudy.com (8.9.3/8.9.3) id NAA10753
GroupStudy Mailer; Tue, 21 May 2002 13:00:41 -0400
To: [EMAIL PROTECTED]
Path: not-for-mail
From: nettable_walker 
Newsgroups: groupstudy.cisco
Subject: council cable  --- Cisco to Nortel/Bay
Date: Tue, 21 May 2002 12:01:22 -0500
Organization: GroupStudy.com Discussion Groups
Lines: 19
Message-ID: 
Reply-To: nettable_walker 
NNTP-Posting-Host: 12-248-131-235.client.attbi.com
X-Trace: groupstudy.com 1022000441 10752 12.248.131.235 (21 May 2002
17:00:41 GMT)
X-Complaints-To: [EMAIL PROTECTED]
NNTP-Posting-Date: 21 May 2002 17:00:41 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.

5/21/200210:45am  Tuesday

Professionals,  I have a Cisco terminal server controlling 15 Cisco
routers/switches/PIXs
I would like to add support for 4 Nortel routers.
The Nortel council cable is DB9 female to BD 9 female strait thru.
My plan is to plug plastic terminal adapters [ DB 9 to RJ 45 ] into the
Nortel devices.

Can anyone give me an idea for the pin out on this ?

Thanks,

Richard

//
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.363 / Virus Database: 201 - Release Date: 5/21/2002




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45500t=45500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: telnet terminal [7:45397]

[Rob Bains]

Try PuTTY and/or TeraTerm. They are both free and they both are very
easu to use.

HTH.

  Rob

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mike Mandulak
Sent: Wednesday, May 29, 2002 5:06 PM
To: [EMAIL PROTECTED]
Subject: Re: telnet terminal [7:45397]

Here's a link for some shareware clients,
http://cws.internet.com/telnet.html

I think the only free one there is the Hyperterm Private Edition
upgrade, It
adds amongst other things TCP/IP (Winsock) support.

- Original Message -
From: . . 
To: 
Sent: Wednesday, May 29, 2002 5:54 PM
Subject: telnet terminal [7:45397]


 what is a popular (and free) telnet terminal for all of you using?

 _
 Chat with friends online, try MSN Messenger: http://messenger.msn.com
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.363 / Virus Database: 201 - Release Date: 5/21/2002




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=45408t=45397
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Number [7:44294]

[Rob Ehlers]

i believe the first # issued was 1025...


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44297t=44294
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ARP problems, anyone? [7:44108]

[Rob Ehlers]

When PC2 attempts to send a response, it checks its routing table first. No
default gateway, no route to host. Done. It won't check the arp table,
because it the process stops at layer 3 (IP) when it can't find a route to
PC1.

Instead of adding a static arp entry, you could add just a static ip route
entry, and still avoid having a default gateway on there.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44122t=44108
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Upgrade IOS on 2504, Please assist [7:44135]

[Rob Ehlers]

Do you want to do it via x-modem for some reason? If not, I'd recommend
pulling the image from a tftp server over the network instead. here is a link:

http://www.cisco.com/warp/public/130/sw_upgrade_proc_flash.shtml


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44136t=44135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Multihoming Policy [7:43962]

[Rob Ehlers]

You'll probably need to use as prepends to control traffic in both
directions from the ISP side...

To control user's OUTBOUND traffic patterns:

On the BGP connections to these users, for any of the less preferred routes
(from AS2 and AS3), you want to setup a route-map to match those less
preferred AS's and then do an as prepend to increase the ASPATH length, and
thus make them less favorable from the user's perspective. This is cause the
user's OUTBOUND traffic to prefer links through any AS that doesn't have the
ASPATH increased. You could also use MEDs to accomplish the task, but you
need to make sure that the user has his equipment configured to accept them.
The as prepends can't really be ignored by the user's routers.

To control user's INBOUND traffic patterns:
---
On the BGP connections to less prefered AS's (AS2,AS3), you need to have a
route-map on your outbound route announcements. This route-map needs to
match any routes for your users and set an as prepend on these routes before
announcing them. You might have to do more than one prepend to get the
results you want, depending on how your provider connections are setup. But
again, this step will increase the ASPATH length on user routes announced to
the less prefered AS's.

Hope this helps.

Rob


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43976t=43962
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 1924 Switch: Takes long time to ping device af [7:43903]

[Rob Ehlers]

PAgP (Etherchannel) negotiation can also take up about 15 seconds. Turn it
off with:

hostname(config)# port-channel mode off


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43941t=43903
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: R/S recert [7:43890]

[Rob Ehlers]

I took the R/S IP Cert about a year ago. It was fairly straightforward.
Cisco has the requirements on their website. If you feel you need to review,
read through Routing TCP/IP Vol I by Jeff Doyle. You can also read the BGP
and multicast sections in Routing TCP/IP Vol II. That should give you a
pretty good review of everything.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43942t=43890
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Reg: OSPF [7:43726]

[Rob Ehlers]

We ran OSPF on a realtively small network (15 sites, about 2-5 network
devices per site). All 2500's with 4MB of RAM. Not even close to taxing the
routers. This was at an ISP with about a /21 worth of class Cs spread out in
a not-so-intelligent manner between the sites.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43945t=43726
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Multihoming Policy [7:43962]

[Rob Ehlers]

on the user's router you'll want to have them apply a route-map to routes
from AS1 that sets the local pref to 200 (or something higher than the
default of 100). Those routes will then be used over any from the other AS's
for outbound traffic from that user.

If the user wants to control inbound traffic, have them use AS Prepends to
make the ASPATH length longer on routers announced out less prefered paths.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43963t=43962
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Give up...Cannot ping from one spoke to anothe [7:43795]

[Rob Ehlers]

Sounds like bootcamp lab #1 to me... heh.

Try policy-based routing on the frame interfaces of the spokes.

You want it to change the next hop to point back to the hub router's IP...


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43808t=43795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Classful Prefix-list [7:39113]

[Rob Webber]

I believe this will do what you are looking for. I did a little testing and
it seemed to work well:

ip prefix-list classful seq 5 permit 0.0.0.0/1 ge 8 le 8
ip prefix-list classful seq 10 permit 128.0.0.0/2 ge 16 le 16
ip prefix-list classful seq 15 permit 192.0.0.0/3 ge 24 le 24

Hope that helps, Rob.
CCIE 6922

William Lijewski  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Can someone tell me how to create a Prefix-list to only alow classful
routes
 for BGP.  I know you can do the following with an extended access-list:

 access-list 100 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0
 access-list 100 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0
 access-list 100 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0

 Is there way to do it?  Any good reading material on Prefix-lists?

 Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39187t=39113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Classful Prefix-list [7:39113]

[Rob Webber]

To better understand why this works:

In the very first octet, the following applies:

class A addresses start with the first bit = 0

class B addresses start with the first two bits = 10

class C addresses start with the first three bits = 110

So the 0.0.0.0/1 means look for a network address of 0.0.0.0, but only pay
attention to the very first bit (and make sure that it is a zero). So
0.0.0.0/1 identifies all class A networks - from 0.0.0.0 to 127.255.255.255.
The ge 8 le 8 says only accept routes with a mask of 255.0.0.0. The
combination of these two identifies all classful class A networks (0.0.0.0/8
to 127.0.0.0/8).

Same with the 128.0.0.0/2 - that means make sure the first two bits are 10,
but then ignore everything else. So this includes all class B addresses -
from 128.0.0.0 to 191.255.255.255.

Rob.

Rob Webber  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I believe this will do what you are looking for. I did a little testing
and
 it seemed to work well:

 ip prefix-list classful seq 5 permit 0.0.0.0/1 ge 8 le 8
 ip prefix-list classful seq 10 permit 128.0.0.0/2 ge 16 le 16
 ip prefix-list classful seq 15 permit 192.0.0.0/3 ge 24 le 24

 Hope that helps, Rob.
 CCIE 6922

 William Lijewski  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Can someone tell me how to create a Prefix-list to only alow classful
 routes
  for BGP.  I know you can do the following with an extended access-list:
 
  access-list 100 permit ip 0.0.0.0 127.0.0.0 host 255.0.0.0
  access-list 100 permit ip 128.0.0.0 63.255.0.0 host 255.255.0.0
  access-list 100 permit ip 192.0.0.0 31.255.255.0 host 255.255.255.0
 
  Is there way to do it?  Any good reading material on Prefix-lists?
 
  Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39204t=39113
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Appreciate Your Expertise On This Strange ARP Problem [7:38828]

[Rob Webber]

Alec,

This is quite an interesting scenario you ran into. I think I can explain
what happened.

As you mentioned Cisco enables proxy-arp by default. Usually this is a good
thing - in this case it was the cause of the problems.

Before the change when a 10.67.7.* DHCP client wanted to connect to a
10.67.1.* server, the client would issue an ARP request for the 10.67.1.*
address. This ARP request would reach the actual server as well as the A
router. The A router would see that the request was for an address that it
believed was on a completely different subnet (10.67.1.0). Since proxy ARP
was enabled (by default), the router would answer the ARP request using its
own mac address as the destination mac address. At this point there would be
a race between the server responding (correctly) to the ARP request and the
A router responding to the ARP request.

When the server's ARP response won that race, everything worked fine. When
the A router won the ARP response race, it would receive the packets
destined for the server from the client. The A router would then attempt to
route those packets to the correct destination. Its default route said to
route them to router B, which it would do. Router B would then know to
forward those packets right back out the same interface to the server. In
this scenario traffic was taking a strange path, but still working (its
likely router B would actually also send an ICMP packet which may have taken
router A out of the loop).

When the default route for router A was removed, the same race still
occurred. Except now when router A won the race it had no route to correctly
send the packet. Thus the packets would never make it to router B and/or the
server and communication was lost.

You correctly fixed the problem, though it would have been interesting to
see if disabling proxy arp on router A also would have fixed the problem. My
guess is it would have...

Rob.
 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi there

 This is my first time to post a question.

 Here is a real scenario which happened a few days ago. Though the problem
 has been resolved, i still cannot understand what the cause is.

 Customer A has a partner connection to B's network. due to lack of
 capability on B's Router/Firewall, one of A's router is plugged directly
 onto B's internal LAN(sounds silly, but it is true).

 B's LAN use 10.67.0.0/16 address, of which 10.67.1.x is for servers,
 10.67.2.x for routers/switches, 10.67.7.x and 10.67.8.x for DHCP clients.
 B's router has 10.67.2.1 addr.

 A's router on B's LAN gets assigned an ip addr 10.67.2.2,but a wrong /24
 mask was given by B. since A's users need to talk to B's server, a static
 route(ip route 10.67.1.0 255.255.255.0 10.67.2.1) was added.

 A default route is also configured(ip route 0.0.0.0 0.0.0.0 10.67.2.1) on
 the A's router.

 when this default route was taken off(no obvious reason to point a default
 route to B's default router), all B's dhcp clients cannot talk to their
own
 servers(10.67.1.x) any more even they are on the same subnet.

 B's network support was called in, and they found that the A's router is
 incorrectly answering ARP requests(by default ip proxy-arp is enabled on
the
 LAN interface). and somehow the arp respone reaches the client before the
 server's, so the client cannot talk to the servers.

 the problem later was resolved by rectifying the subnet mask on A's
router.
 but i still cannot figure out what went wrong when the default route on
A's
 router was removed.

 I'll be much appreciated if anyone can shed some lights on this.

 regards

 Alec Shi


 Senior Support Engineer
 Axon Computertime
 Auckland
 NZ



 --
 The information contained in this e-mail message is intended only for the
 use of the person or entity to whom it is addressed and may contain
 information that is CONFIDENTIAL and may be exempt from disclosure under
 applicable laws.

 If you read this message and are not the addressee you are notified that
 use, dissemination, distribution, or reproduction of this message is
 prohibited. If you have received this message in error, please notify us
 immediately and delete the original message. You should scan this message
 and any attached files for viruses.

 Axon Computertime accepts no liability for any loss caused either directly
 or indirectly by a virus arising from the use of this message or any
 attached file.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38828t=38828
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco switches (with MSFC) arp timer question [7:38635]

[Rob Webber]

For step 3, it depends whether the link between core 1 and core 2 is a
routed link or a trunk (ISL or 802.1Q) link. If its a routed link (such as
VLAN 3, with all VLANs running OSPF), core 1 will route the packet to core 2
and core 2 will route the packet to client 2.

For step 4, client 2 will not ARP for client 1. Since client 1 and client 2
are on different VLANs, client 2 will ARP for its default gateway - core 2.
When core 2 receives the packet it will send it via core 1. Again, depending
on whether this is a routed or trunked link will dictate exactly how this
packet is sent from core 2 to core 1.

Anytime a router (MSFC) needs to forward a packet to a client, if it does
not have an ARP entry, it will ARP for the client.

If a switch ages a MAC address out from its CAM table, it will flood (to all
ports on the VLAN) the very first frame that has a destination of the
unknown MAC address. Due to the flooding, the frame will reach the correct
destination. Once that station replies with the very first packet, the CAM
table will be updated and no more flooding will occur.

Hope that helps - Rob.
CCIE 6922

z z  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi

 One interesting scenario here. Two core switches (with
 MSFC) running HSRP. Core 1 is the master for vlan 1,
 and core 2 is the master for vlan 2. Understand MSFC
 arp timer is 4 hours, but switch CAM timer is 300
 seconds. So there will be one problem:


 1. Client 1 (vlan 1) wants to talk to client 2
 (vlan2). It will send one frame to client 2 using Core
 1s mac address as the destination mac, because Core 1
 is its gw.
 2. Core 1 will check its routing table and forward the
 packet to client 2. Meantime, it will change the
 frames source mac address to its own mac and the des
 mac to client 2s mac address.
 3. Core 2 will just simply switch the frame to client
 2, because core 1 has done the routing. To core 2, its
 arp table and aft table wont contains client 1s mac
 address so far, since core 1 has translated the
 frames source mac address.
 4. When client 2 wants to reply, it will send the
 replying packets to core 2. Core 2 will arp for client
 1s mac address. When client 1 reply this arp request,
 core 2 will add its mac address to both its arp table
 and aft table.
 5. this is working fine so far.
 6. after 300 seconds, core 2s aft table time out.
 However its arp table is still valid, so it wont do
 any more arp request. When client 2 wants to talk to
 client 1, core 2 will do the routing correctly, but
 then flood the frames to all the switch ports.

 Is my theory correct?


 __
 Do You Yahoo!?
 Yahoo! Sports - live college hoops coverage
 http://sports.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38701t=38635
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Is this possible? [7:38098]

[Rob Webber]

As far as getting the PIX to prompt for authentication, it can be done,
however it needs to be done by a browser (since the browser has the ability
to pop up a username/password box, but Citrix doesn't have this
capability). You can simply have them go to a static web page that you
create which will ask for authentication. Once authenticated, they can (and
only then) get to Citrix on 1494:

In this example 10.20.10.51 would be your Citrix server and 10.20.10.4 would
be your web server. Obviously they could be the same box...

aaa authentication http inbound 10.20.10.4 255.255.255.255 0.0.0.0 0.0.0.0
tacacs+

aaa authorization tcp/1494 inbound 10.20.10.51 255.255.255.255 0.0.0.0
0.0.0.0

aaa authorization udp/1604 inbound 10.20.10.51 255.255.255.255 0.0.0.0
0.0.0.0

The TACACS+ or Radius server would then have a rule that states when address
x.x.x.x authenticates via HTTP, it is allowed to connect to server y.y.y.y
via 1494 and/or 1604.

Rob.

Johnson, Richard (NY Int)  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi All,

 Is it possible to do the following.I have a Citrix server on my
 internal network which has an outside address via NAT. On the PIX port
1494,
 ICA client, is open and is obviously allowed to come in. The user is then
 prompted for a user name and password. Upon entering this information,
they
 are then prompted for the pin and secure ID by our RSA server. My question
 is this, as opposed to having the Citrix server prompt them for their RSA
 info I would love for them to prompted by the firewall. Any ideas if it
can?


 Thanks,


 Rich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38427t=38098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: blocking spanning tre ports [7:37663]

[Rob Webber]

If I understand your topology correctly, switches 3 and 4 share an Ethernet
segment. If I remember Spanning Tree correctly, one of these two will be the
designated bridge for that segment. That bridge will be forwarding packets
toward the root. All other bridges on that segment (in this case, the other
switch) will block their link if it creates a loop.

I believe the designated bridge is the one on that segment with the lowest
priority. If the priority is the same, the one with the lowest bridge ID
(mac address) becomes the designated bridge.

Changing the path cost on the link between 3 and 4 shouldn't have much
affect on the switch that is the designated bridge - it will be forwarding
anyway. Changing the path cost on the other switch should affect which of
its links are forwarding and which are blocked.

My guess is you don't have to actually change the path cost on both switches
on floor 1 and floor 4. I think if you change the path cost on one of those
two switches (the designated bridge) it actually won't have any affect (and
thus you really don't need to...). You can also try setting which bridge is
the designated one by making its priority lower than the other one - but
DON'T make its priority lower than the root!

Rob.
CCIE 6922

steve skinner  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 guys,

 another question ..

 in on of my sites i have clusters of 3548 switches ..
 At each end of the cluster i have a link to the distribution layer...
 i have multiple uplink to each switch (6 in cluster)..
 and in the middle we have set the spanning-tree cost on one interface of
the
 uplinks to much higher than default ...(that way switch 1 -3 use
 distribution link 1 and switch 4-6 use distribution link 6 )..what i am
 finding odd is that on switches 3 and 4 (the middle of my cluster) i have
to
 increase the cost on both switches`uplinks sometimes
 and others just 1 switch, other times.(to force it into blocking)...

 floor 1 i had to do both
 floor 2 just switch 3
 floor 4 both
 floor 5 just switch 3
 floor 6 just switch 3

 what i dont understand is why...???

 i should have to set the uplink ports from 3 to 4 to
 both having high costs ...

 why does it sometimes work with just one...

 any idea`s..

 _
 Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37879t=37663
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP using AS_PATH attribute [7:37749]

[Rob Webber]

I haven't seen the lab, either, but how did you perform the filtering of
AS65000? When I read your post I was thinking of the neighbor
remove-private-as command. That should allow R3's loopback network to
propagate, just that R1 won't see the 65000 AS. Feel free to post your
configs and anything else relevant, I'll take a look.

Rob.
CCIE 6922

Mike Sweeney  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I've been studying BGP using several books and papers. One of which is the
 Cisco Academy Semester 5 lab companion. So far it's been pretty good but
Lab
 8-3 drives me nuts.

 3 routers.. 3 AS

 R1R2R3
 AS100AS300  AS65000

 The idea is to have everyone share routes(did that) and then to filter off
 the AS65000 number as the update is sent ot R1(did that)

 The kicker was I was *supposed* be able to ping R3 from R1 after this.. no
 way.. wasnt going to happen. The only network statements were the
loopbacks
 for each router.. I was able to ping r3 AFTER I added the network
statement
 to R2 that id'ed the interface IP between R2 and R1. That was not in the
lab..

 If someone who has this lab take a look and explain why the ping should or
 should not work?

 Thanks

 MikeS
 PS- I really am learning to dislike BGP right now ;)

 ---lab configs used


 hostname R1
 !
 !
 memory-size iomem 10
 ip subnet-zero
 !
 interface Loopback0
  ip address 201.1.1.1 255.255.255.0
  ip directed-broadcast
 !
 interface FastEthernet0/0
  no ip address
  no ip directed-broadcast
 !
 interface Serial0/0
  ip address 192.168.1.5 255.255.255.252
  no ip directed-broadcast
  no ip mroute-cache
  no fair-queue
 !
 router bgp 100
  no synchronization
  network 201.1.1.0
  neighbor 192.168.1.6 remote-as 300
  neighbor 202.2.2.2 remote-as 300
 !
 no ip classless
 no ip http server
 !
 !
 !
 line con 0
  transport input none
 line aux 0
 line vty 0 4
  login
 !
 no scheduler allocate
 end

 R1#


 hostname R2
 !
 !
 ip subnet-zero
 !
 !
 !
 interface Loopback0
  ip address 202.2.2.2 255.255.255.0
  no ip directed-broadcast
 !
 interface Ethernet0
  no ip address
  no ip directed-broadcast
  shutdown
  media-type 10BaseT
 !
 interface Serial0
  ip address 172.24.1.17 255.255.255.252
  no ip directed-broadcast
  no ip mroute-cache
  clockrate 56000
 !
 interface Serial3
  ip address 192.168.1.6 255.255.255.252
  no ip directed-broadcast
  clockrate 100
 !
 router bgp 300
  no synchronization
  network 202.2.2.0
  neighbor 172.24.1.18 remote-as 65000
  neighbor 192.168.1.5 remote-as 100
  neighbor 192.168.1.5 remove-private-AS
 !
 !if I add network 192.168.1.0, I can ping R3 from R1. Without it..no go
 no ip classless
 !
 !
 line con 0
  transport input none
 line aux 0
 line vty 0 4
  login
 !
 end

 R2#


 hostname R3
 !
 !
 no ip subnet-zero
 !
 !
 process-max-time 200
 !
 interface Loopback0
  ip address 203.3.3.3 255.255.255.0
  ip directed-broadcast
 !
 interface Ethernet0
  no ip address
  no ip directed-broadcast
  shutdown
 !
 interface Serial0
  ip address 172.24.1.18 255.255.255.252
  no ip directed-broadcast
 !
 router bgp 65000
  no synchronization
  network 203.3.3.0
  neighbor 172.24.1.17 remote-as 300
 !
 no ip classless
 !
 !
 line con 0
  transport input none
 line aux 0
 line vty 0 4
 !
 end

 R3#




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37881t=37749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS in the Enterprise [7:36670]

[Rob Webber]

I see your point on security, but I don't completely agree. Your current
Frame Relay network is only as secure as your carrier. If someone at your
carrier maps a PVC between you and company X, real traffic can flow
(assuming your router picks it up and places on the physical interface,
which it likely would). Granted, the only way someone could probably use
this to hack into your network was if they had a route to you (which they
could add) and if you had a route back to them (unlikely unless you are
running a routing protocol and they pick up on it).

It seems to me you could make MPLS fairly secure by using a routing protocol
with authentication and a simple access list.

To answer John's original question, I have only seen MPLS deployed in one
organization - they are using Equant as their carrier. They are happy with
it, but its hardly widespread.

I'm curious why they said they could not give John any-any connectivity if
he kept his addressing?? That's basically exactly what MPLS was meant to
do...perhaps its an implementation issue...? It also curious why they even
suggested changing the addressing. On a network as big as John's (100 site)
its a ridiculous idea, and as Joseph mentioned they are going to add a
unique VRF, so it doesn't matter if the carrier has 100 customers that all
use 192.168.1.0...

Rob.

Joseph Brunner  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 i was pitched this very thing recently by wcom and qwest.. basically it is
 only as secure as your carriers.. if some f*cks up and imports something
 into your VRF, either a default, another vpn, or whatever you security
 is finished.. plug banks are supposed to encrypt over IPSEC, so why bother
 running MPLS (come one how much diff-serv can do you on frac T-1's anyway)
 if you are just going to IPSEC the packets between pix's or vpn
 concentrators
 anyway.. MPLS right now for 100 sites, just can't be trusted. I used to
work
 for ISP's, everyone there was a perp.. trust my vpn security to some loser
 ISP.
 No thanks

 read this

 http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/mxinf_ds.htm



 Joseph Brunner
 ASN 21572
 MortgageIT MITLending
 New York, NY 10038
 (212) 651 - 7695 Voice
 (212) 651 - 7795 Fax



 -Original Message-
 From: John Neiberger [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 27, 2002 12:24 PM
 To: [EMAIL PROTECTED]
 Subject: MPLS in the Enterprise [7:36670]


 Okay, I'm about to show how clueless I am when it comes to MPLS

 I've been getting calls from multiple providers lately all trying to
 suggest that I migrate our 100-site frame relay network to their MPLS
 network, suggesting that we'll have any-to-any connectivity and the
 ability to prioritize traffic classes within the MPLS network.

 Are any of you doing something like this?  I'm going to read up on it
 but I'm having trouble visualizing it.  Does this basically turn our
 network into a giant multipoint network?  Do our branch routers need to
 be aware of MPLS or do providers make this transparent somehow?  How
 does this affect routing?

 It seems that if we have any-to-any connectivity then the branch
 routers don't even need to run a routing protocol; every router would
 have one exit point to get to any destination.  But, how would the MPLS
 cloud know where to route packets?  The more I think about it it seems
 like our branch routers would have to participate in MPLS to provide the
 necessary destination info for the MPLS cloud.

 See how clueless I am?  Ugh...  Time to do some studying on this.
 Since we already do a little video conferencing over IP and are working
 on getting VoIP working, it might be beneficial to get away from the
 frame relay network.  But since I don't understand this new technology,
 I don't know if it's  a viable solution for us or not.

 Off to CCO I go!

 Thanks,
 John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36694t=36670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Where is Bruce Caslow ECP1 Class? [7:36501]

[Rob Webber]

Now called RS-NMC-1 (Routing and Switching Net Master Class)

Rob.

Will K.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Does anyone know where information about this class can be found? Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36513t=36501
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Where is Bruce Caslow ECP1 Class? [7:36501]

[Rob Webber]

Oops - apparently the link did not come through for some reason. It is:

www.netmasterclass.net/nmc/

Rob.

Will K.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Does anyone know where information about this class can be found? Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36515t=36501
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TWO ISP AND ONE FAILURE [7:36371]

[Rob Webber]

For the outbound connectivity, use the HSRP track feature. That watches an
interface (the WAN link to your ISP). If that interface goes down, the HSRP
priority of that router gets reduced, making the other router (with the good
ISP link) the HSRP primary. HSRP will make it so no changes are required at
your server.

As mentioned if you have Internet facing servers (mail server, web server),
you really need BGP. However many ISPs will now accept advertisements as
small as /24. So if you have a class C of registered addresses (or if you
can get that) you can advertise it to both ISPs via BGP (even if it was
assigned to you by one of the ISPs).

Rob.
CCIE 6922

Chris Charlebois  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Depends alot on what kind of connection you want.  If you are just talking
 about outbound access from your site, that isn't a problem.  Setup the two
 routers on the same subnet and use HSRP.  Best practive would be to set up
 two HSRP address; each router will be primarary for one address and backup
 for the other.  That way you can direct traffic over a specific connection
 when it's all up, but traffic will failover to one connection if the other
 goes down.

 If, on the other hand, you want to maintain public services during an
outage
 (ie, web pages, FTP sites, incoming e-mail), that is a gorilla of a
 completly different color.  If you're site is big enough, you could
justify
 a /19 public address, which can be routed via BGP.  That would solve alot
of
 you're problems, but it's unlikely that you'd be asking the question if
you
 had a /19.  Some protocols will allow you to specifiy a backup via DNS
(I'm
 thinking SMTP), but that only helps with mail.  Otherwise, you're options
 are co-locateing the equipment you always want available, or switching
both
 your WAN connections to the same ISP.  THere is no really easy solution.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36378t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber optic interface question [7:36366]

[Rob Webber]

I am not completely sure, but I do not believe these two cards will
interoperate. The PA-POS is a packet-over-Sonet module. Thus that box will
look to frame the layer 2 frames as POS frames - and it will use the entire
OC-3 for the one POS connection. The PA-A3 is an ATM module. It is looking
to fill it with ATM 53-byte ATM cells, and it is expecting to divide the
OC-3 bandwidth between whatever SVCs or PVCs have been created.

Just my thoughts - Rob.

Alejandro Acosta  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello,
   I am about to purchase a Fiber Optic Interface; because this kind of
 cards are pretty expensive I prefer to ask you in order do not buy the
wrong
 interface.
   Can I connect this two cards: PA-POS-OC3SMI and PA-A3-OC3SMI?. We are
 going to use single mode fiber and it is Mid Range.

 Thanks in advanced.

 Alejandro Acosta




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36412t=36366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TWO ISP AND ONE FAILURE [7:36371]

[Rob Webber]

I agree that this configuration - with HSRP and tracking - could work well
for connections that are initiaed outbound. You would not necessarily need
BGP. R1 could do an outbound NAT to whatever IP address space had been
assigned by ISP 1. R2 could do an outbound NAT to whatever IP address space
had been assigned by ISP 2. The return traffic would use the correct ISP
based on that address space - without any BGP.

However if you do need inbound connections - and chances are you do, BGP is
the most realistic way to do it.

BGP on 2500's is fine. If you are only taking the default route its probably
easier on the box than running OSPF.

Rob.

John Neiberger  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm not sure I understand your point.  Assume the following topology:

 [R1] [R2]
||
||
\--/
   |
   [HOST]

 The two border routers are R1 and R2 and each have a connection to an
 ISP.  HSRP is configured to track the WAN link.  The default gateway on
 the host is the HSRP standby ip address.  If either WAN link goes down,
 the relevant router--because it is tracking the WAN link--will notify
 the other router that it is no longer eligible and the other router will
 take over.

 Why are you saying that the perceived uptime to the host would not
 increase using this method?  As I see it, unless both links go down, the
 downtime would be quite minimal.

 Thanks,
 John

  Hire, Ejay  2/25/02 11:24:23 AM 
 Come on guys, Think about it for a minute.  Do you really think the
 router
 is failing, or is his downtime caused by the wan link?  HSRP won't
 significantly increase your uptime if the wan link is failing and he
 has to
 manually change his server's IP/default gateway to switch to the other
 link.

 A diferent way to think of it...  If you had a car with no brakes and
 a
 broken tail-light, which would you fix first?

 -Ejay


 -Original Message-
 From: Ladrach, Daniel E. [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 25, 2002 11:48 AM
 To: [EMAIL PROTECTED]
 Subject: RE: TWO ISP AND ONE FAILURE [7:36371]


 Run HSRP between the two cisco routers and then point your default
 gateway
 to the VIP address.

 Daniel Ladrach
 CCNA, CCNP
 WorldCom


 -Original Message-
 From: Yassel Omar Izquierdo Souchay [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 25, 2002 10:11 AM
 To: [EMAIL PROTECTED]
 Subject: TWO ISP AND ONE FAILURE [7:36371]


 Hello i have a frecuent porblem with one of my isp, i have two cisco
 routers
 and each one to different isp. Frequentily i have to change the gateway
 of
 one of my servers, because one isp is failure.
 I want to know if with one of BGP, OSPF, RIP, NAT or other protocol i
 could
 do the change automatically to the other active isp.
 It happening me right now. And when i have to do that i have to reset
 one of
 my servers.. :S. Is a costs operatrion its a mail server.
 So if somebody knows how to resolve between routers with different isp
 each
 one, how to route accross the other good gateway.

 Thnx in advance
 Yassl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36430t=36371
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX information [7:35294]

[Mears, Rob]

Any changes you make to the Pri PIX will be written to the SEC, no need to
day anything.  Good Idea to move the sec and do a Wr M


Rob

-Original Message-
From: Evans, TJ [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, February 13, 2002 12:53 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX information [7:35294]

I believe it sync's them auto-magically, or perhaps on a timed basis.
Regardless ... I always do a wr standby ... just to be sure.


Thanks!
TJ

 -Original Message-
From:   Hartnell, George [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, February 13, 2002 12:46 PM
To: [EMAIL PROTECTED]
Subject:RE: PIX information [7:35294]

AND, am I to understand correctly, as the manual is quite vague, that an
upgrade of the primary failover unit also updates the secondary?  Or, must
the hapless administrator do each individually?

Best, G.

 -Original Message-
 From: Jose Celestino [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, February 13, 2002 7:12 AM
 To: [EMAIL PROTECTED]
 Subject: Re: PIX information [7:35294]
 
 
 PIX-FW1# copy ?
 usage: copy tftp[:[[//location][/pathname]]] flash
 
 For instance:
 
 copy tftp://192.168.2.2/configs/pix.cfg flash
 
 
 Thus spake BASSOLE Rock, on Wed, Feb 13, 2002 at 09:06:59AM -0500:
  Hello group,
  
  
  What command can I use to copy a configuraton form a tftp 
 server to a PIX
  Firewall? I have look on the cisco web site for the command 
 but couldn't
  find. Can somebody help.
  
  Thank you.
  
  Rock
 -- 
 Jose Celestino 
 -
 Little prigs and three-quarter madmen may have the conceit 
 that the laws of
 nature are constantly broken for their sakes.
 -- Friedrich Nietzsche

*
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter. 

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=36117t=35294
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IDS 4210 help [7:35940]

[Rob Webber]

You will need to connect to the console of the IDS.  Log in as netrangr
(note: NO e in netrangr). Default Passord: attack  Then enter:
#sysconfig-sensor

You will see a menu:

1 - IP Address

2 - IP Netmask

3 - IP Host Name

4 - Default Route

5 - Network Access Control

6 - Communications Infrastructure

7 - Date/Time and Timezone

8 - Passwords

9 - Secure Communications

x - Exit

At a minimum you will need to configure 1, 2, 4, 5 and 6 (for #5 enter the
network that the CSPM server resides on. If its 192.168.15.0/24, enter
192.168.15.) For #6, write down the info you assign the IDS. You will need
this for the CSPM. You will need org. number (such as 1), Node # (such as
1) and org name (like your domain name).

HTH, Rob.

CCIE 6922

Shane Stockman  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am currently setting up a IDS sensor 4210 and would like to know how to
 set up the command interface and the monitoring interface as I would like
to
 manage it from my CSPM server.

 I need to get the command interface to talk to the switch but I don't know
 where to set an ip address for it so that my CSPM software cna find it.

 Thanks in advance.

 _
 Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=35956t=35940
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CIT Test [7:34856]

[Mears, Rob]

This test was not the hardest, maybe the 2nd hardest.  You better study
though. 


Use the Transcenders, they come close to crossing the line as far as the NDA
goes.






-Original Message-
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]] 
Sent: Friday, February 08, 2002 1:30 PM
To: [EMAIL PROTECTED]
Subject: RE: CIT Test [7:34856]

It sounds to me like everyone agree to it being either the easiest or
hardest - so it probably won't help answering Joshua's answer very well.

And Joshua, I can strongly recommend Priscilla's flash cards - they helped
me pass the test; Thanks again for that Priscilla.

Good luck on your exam, and have a great weekend,

Ole

~~~
 Ole Drews Jensen
 Systems Network Manager
 CCNP, MCSE, MCP+I
 RWR Enterprises, Inc.
 [EMAIL PROTECTED]
~~~ 
 http://www.RouterChief.com
~~~
 NEED A JOB ???
 http://www.oledrews.com/job
~~~

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 12:53 PM
To: [EMAIL PROTECTED]
Subject: Re: CIT Test [7:34856]


CIT was by the far the easiest for me. I took the Foundation exam before 
that  and it was much more challenging.

Do you know about my CIT flash cards, just for fun? The URL is:

http://www.priscilla.com/cit/toc.html

Good luck. I think you will pass.

Priscilla

At 11:46 AM 2/8/02, Joshua Barnes wrote:
I know that folks have asked about this test, but I am taking it Thursday,
I would like to know of the people who thought that it was the hardest
test,
did you also feel it was equally hard to study for?

I am studying through the book and BOSON, and quite honestly I think that
this part comes natural to me.  I certainly don't want to underestimate the
test. ( I don't think I will) but I would like some feedback on this.  Let
me know if you guys remember how you felt.

[GroupStudy.com removed an attachment of type application/ms-tnef which had
a name of winmail.dat]


Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=35298t=34856
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Exam 640-900 and the CID exam [7:34752]

[Mears, Rob]

You go!  Feel the FORCE

Rob Mears III, CCNP, MCSE, MCP+I, NNCDS, NNCSS, CNE, A+
Valor Telecom
LAN\WAN Engineer
Technical Mercenary

-Original Message-
From: Ranma [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, February 07, 2002 7:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Exam 640-900 and the CID exam [7:34752]

640-900 should be a easy task


Mears, Rob  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello all

 I just finished the 640-900 exam yesterday for the CCIP cert, and it is a
 bitch!. If any one has any qiestion, I will take them off line, just email
 me.

 I am getting ready to take my CID exam, any advice?

 Thanks
 Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34841t=34752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Exam 640-900 and the CID exam [7:34752]

[Mears, Rob]

Hello all

I just finished the 640-900 exam yesterday for the CCIP cert, and it is a
bitch!. If any one has any qiestion, I will take them off line, just email
me.

I am getting ready to take my CID exam, any advice?

Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34752t=34752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Exam 640-900 and the CID exam [7:34753]

[Mears, Rob]

Hello all

I just finished the 640-900 exam yesterday for the CCIP cert, and it is a
bitch!. If any one has any question, I will take them off line, just email
me.

I am getting ready to take my CID exam, any advice?

Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34753t=34753
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Average afterwork time Tech learning commitmen [7:34634]

[Mears, Rob]

Here is one for you.

I get up @ 0430, thats in the AM and study until i go to work, study @ lunch
and then study @ night.  I need a life

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 3:37 PM
To: [EMAIL PROTECTED]
Subject: RE: Average afterwork time Tech learning commitmen [7:34634]


 For me, my optimal study time was during my lunch break at
 work.  I'd scarf a sandwich and spend 45 minutes completely
 distraction free sitting in my car in the parking lot.  That
 45 minutes 5 days a week is more effective than 2 hours a
 day trying to work on the lab with the kid, wife,
 honey-do's, tv and dog all vying for my attention.  Note, do
 not become so engrossed in what you are reading that you sit
 in the car with the windows rolled up and cook yourself like
 a thanksgiving turkey.

I think you're potentially describing an infinite loop, which, 
admittedly, might be a good troubleshooting scenario. If the 
sandwich you are scarfing is leftover Thanksgiving turkey, but the 
weather conditions exist to roast you like a turkey...

Maybe it isn't a loop. It might be an infinite recursion or just the 
formation of a black hole.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34780t=34634
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Exam 640-900 and the CID exam [7:34752]

[Mears, Rob]

I used the stuff for the Routing exam and then the RFC for IS IS. Good luck
finding info on Cisco site. The two test are the same except for the ISIS,
compare on Cisco web page.



Advice?  Study your Ars off!

They take no prisoners

Thanks
Rob Mears III,  CCNP, MCSE, CNE, NNCDS, NNCSS, NNCPS, MCP+I, A+
Technical Mercenary

-Original Message-
From: Tim Medley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 07, 2002 10:33 AM
To: 'Mears, Rob'
Subject: RE: Exam 640-900 and the CID exam [7:34752]


I'm getting ready to take the 640-900 exam. What did you use to
study/prepare with. What kind of advice do you have for taking the test.

tim

Tim Medley - CCNP+Voice, CCDP
Sr. Network Architect
VoIP Group
iReadyWorld
 
p 704.943.3615
f 704.525.9119

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Mears, Rob
Sent: Thursday, February 07, 2002 10:31 AM
To: [EMAIL PROTECTED]
Subject: Exam 640-900 and the CID exam [7:34752]

Hello all

I just finished the 640-900 exam yesterday for the CCIP cert, and it is
a
bitch!. If any one has any qiestion, I will take them off line, just
email
me.

I am getting ready to take my CID exam, any advice?

Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34781t=34752
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Reverse telnet [7:32206]

[Rob Webber]

Try configuring speed 9600 under the line aux 0. I do not believe you can
use a straight cable, I thiink it has to be rolled.

Also, are you sure port 2065 is the right port number? It sounds high, but
that may be correct...

Rob.

Joaquim Lopes  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi, i'm trying to configure a switch without ip remotely.

 I have the router AUX port connected to the switch Console port via
 Roll-cable
 When i try to connect i've got :

 RouterXPTO#1.1.1.1 2065
 Trying 1.1.1.1, 2065 ... Open


 But i can't type anything (newbie problems )

 --
 Router configuration
 interface Loopback0
  ip address 1.1.1.1 255.255.255.0
  no ip directed-broadcast
 line aux 0
  no exec
  no activation-character
  terminal-type VT100
  transport preferred none
  transport input all


 One last thing, can i use a straigth cable to do the connectio ?
 Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=32236t=32206
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Security Exams Textbooks Required [7:27321]

[Rob]

Has anyone used the Managing Cisco Network Security by: Lusignan, Steudler,
and Allison?

ROb
 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Theodore,

 In what order did you take the exams? PIX, MCNS, VPN and IDS?

 Thanks,


 Hugo Caye

 O__  
 c/ /'_ ---
 (*) \(*) --
 
 ccna ccda
 mcne3 cne5
 mcse (w2k, nt4)

 -Original Message-
 From: Theodore stout [mailto:[EMAIL PROTECTED]]
 Sent: quarta-feira, 28 de novembro de 2001 00:30
 To: [EMAIL PROTECTED]
 Subject: Re: Security Exams Textbooks Required [7:27321]


 I totally agree with Fahim.  You have got to have the MCNS books to
 pass.
 IT is like 40 of the PIX ADV and VPN tests.

 Get a PIX though.  You won't pass some parts of the PIX ADV with just
 the
 book I think.  You don't want to be a paper CSS1.

 Do IDS last.  Read Northcutt, study the material and know how to
 install in,
 as the homepage states.  I found this test to be the hardest.  You
 need a
 rather high score to pass.

 Theo
 CCSE, CSS1, CCNP, MCSE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30516t=27321
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Study aids [7:30517]

[Rob]

Hi folks,

Anyone have any experience with the Cisco CCNP Training Kit?  Any info
or comments will be very welcome and appreciated.

Thanks,
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=30517t=30517
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF or EIGRP [7:28966]

[Mears, Rob]

Hi All,

To your question; we are, as all should be, a pure IP and Cisco shop (:.
As to why we originally went Eigrp, who knows it was before my time but I
would guess Cisco had some influence on it, but now we are growing and plan,
no not plan but have bought the routers\switches for 400 locations and will
be deploying @ the beginning of the year.

I know EIGRP will scale well and will handle our growth for the time being.
As my research points, we will be good with EIGRP for a long time and the
differences I found between the two are really nominal. But since the
network we are rolling out is in parallel to the present, we do not have to
worry about the migration part, so we have the opportunity to do it right
and impress people long after I am gone.  

So correct me where I am wrong and please show me the light OSPF or EIGRP.


Thanks
Rob

-Original Message-
From: Gregg Malcolm [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, December 12, 2001 3:40 PM
To: [EMAIL PROTECTED]
Subject: Re: OSPF or EIGRP [7:28966]

Rob,

Few questions. What routed protocols you plan to run?  Just IP or
IP/IPX/AT,etc.?  Any other vendor equipment other than cisco?  Firewalls
running OSPF for failover?  Why did you initially choose EIGRP?  Does the
network design lend itself well to a backbone area?  Redundant links
(including DDR) ?

I think if you can answer some of these questions, it will help the group
give you a better response.

Gregg


Mears, Rob  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi all,

 We are in the middle of building out a new ATM network for the Core and on
 the outside we are going to be running about 80 3640 or 2600.  We are in a
 big debate about the routing protocol, we are currently EIGRP.

 I have collected lots of info off Cisco's Web site about the two but
wanted
 to hear it from the Engineers in the trenches.
 What's your take on it? If it were you what would you run (EIGRP, OSPF)
and
 why?



 Thanks
 Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=29105t=28966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OSPF or EIGRP [7:28966]

[Mears, Rob]

Hi all,

We are in the middle of building out a new ATM network for the Core and on
the outside we are going to be running about 80 3640 or 2600.  We are in a
big debate about the routing protocol, we are currently EIGRP.   

I have collected lots of info off Cisco's Web site about the two but wanted
to hear it from the Engineers in the trenches.   
What's your take on it? If it were you what would you run (EIGRP, OSPF) and
why?



Thanks
Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28966t=28966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Comments in Running Config [7:25759]

[Rob Hopkins]

[ The following text is in the iso-8859-1 character set. ]
[ Your display is set for the US-ASCII character set.  ]
[ Some characters may be displayed incorrectly. ]

access lists are good, but you could also use interface description fields
as well as snmp
chassis-id , location, contact etc..

Thanks,


Rob Hopkins

CCIE #7428, MCSE, MCNE

[EMAIL PROTECTED]



- Original Message -
From: Rodgers Moore 
To: McCallum, Robert 
Cc: Cisco@Groupstudy. Com (E-mail) ; 'Ccielab'
(E-mail) 
Sent: Friday, November 09, 2001 10:05 AM
Subject: Re: Comments in Running Config


 Robert,

 A config TFTP'd into a router's flash will retain it's comments.  I use
named access lists to document info all the time. For example:

 ip access-list serialnumber
   remark 44408389291

 Rodgers Moore, CCIE# 8153

 McCallum, Robert wrote:

  Hi,
 
  Simple question but I can't find the answer.  How do you add comments
into your config.  I have tried putting the command in then putting comments
in after it with the ! statement but it doesn't work.  I am sure you can do
this but for the life of me can't find out how.  I am sure I must have done
  this on the ICRC course or something that easy.  And here I am
attempting the lab when I can't even do this.
 
  As in homer speak Doh!
 
  Robert McCallum
  only 6 days left

This messsage was sent using the trial version of the 
1st Class Mail Server software.

The 1st Class Mail Server 3.0 has lots of cool new features.
Best of all, it's still free! To download the latest version,
go to http://www.1cis.com/download/1cismail.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25759t=25759
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 2000 professional hyperterminal [7:24171]

[Rob Robinson]

W2K hyperterminal did have problems displaying anything that scrolled into
the buffer...it would get mangled.  All that's required to fix is SP2.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
jimmy halbert
Sent: Thursday, October 25, 2001 5:56 PM
To: [EMAIL PROTECTED]
Subject: 2000 professional  hyperterminal [7:24171]


Is there anything special that is required to get hyperterminal to work with
  2000 professional




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24301t=24171
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2000 professional hyperterminal [7:24171]

[Rob Bains]

Simple answer: NOPE!!

- Original Message -
From: jimmy halbert 
To: 
Sent: Thursday, October 25, 2001 3:56 PM
Subject: 2000 professional  hyperterminal [7:24171]


 Is there anything special that is required to get hyperterminal to work
with
   2000 professional

 _
 Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24202t=24171
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 2000 professional [7:24175]

[Rob Bains]

Do you have the com port enabled on your notebook?  Also make sure there's
no conflict on the port with another device such as modem using it.  Other
than that, it's supposed to be it.

Good luck!

- Original Message -
From: Gayathri 
To: 
Sent: Thursday, October 25, 2001 7:39 PM
Subject: Re: 2000 professional [7:24175]


 yes, i also have the same problem with win2k server and hyperterminal, i
 just keep getting the error message , cant open the com port

 jimmy halbert  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  I am trying to get hyperminal to work wih 2000 Professionalno such
  luck
 
  _
  Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=24205t=24175
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT: Linux RPM equiv to Tera Term Pro? [7:21944]

[Rob Bains]

I tend to differ on this.  I use TT Pro with SSH 2 all the time.  That's how
I work on
all our UNIX (Solaris  RH ) boxes.  BTW, it works like a charm.

Just my $0.02 worth..

==  Rob (SCSA, SCNA, CCNA)

Brian Whalen wrote:

 tterm pro even with the addon for ssh i think only supports ssh1, not
 ssh2.  This is proly unacceptable to a lot of folks.

 Brian Sonic Whalen
 Success = Preparation + Opportunity

 On Wed, 3 Oct 2001, Craig Columbus wrote:

  By far, my favorite windows based terminal emulator is Tera Term Pro. 
I'm
  toying with Linux on a laptop and am looking for a RedHat/Mandrake
  compatible terminal emulator that offers equivalent functionality to
  teraterm.  Any suggestions?
 
  TIA,
  Craig

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=22300t=21944
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 'It's not the US they want to destroy. It's our arrogance' [7:19896]

[Rob Bains]

No to agree or disagree with any sides of the arguments here, I commend  our
good friend
Priscilla for this very insightful response.  I couldn't agree with you
more.  As we all
know, stress and anger will always drive humans to irresponsible statements
and
irrational decisions.  Again, hopefully people can follow your blueprint
here to cope
with this tragedy and be the pillars of support for those in great need at
this time
rather than making premature judgments and  justify actions that they
otherwise wouldn't
dare in a better state of mind.

Just my $0.02 worth.  No need to start another flame war, please!

=  Rob

Priscilla Oppenheimer wrote:

 The original poster was trying to help us see the point of view of the
 terrorists. He didn't say that he agreed with them. Understanding their
 viewpoint will help us prepare for further evil deeds from them and help us
 defeat them. Know thy enemy. This is logical. What the poster didn't
 understand is that we are grieving and not ready for logic.

 According to Dr. Elisabeth Kubler-Ross, there are five stages of grief.

 1. Denial
 2. Anger
 3. Bargaining
 4. Depression
 5. Acceptance

 Many people are still in the anger stage. This is not a good time to be
 sending e-mails. They come out all wrong. Let's avoid the topic until
 everyone calms down.

 Peace,

 Priscilla

 At 06:57 AM 9/13/01, [EMAIL PROTECTED] wrote:
 How lovely.
 
 Reeta, eloquent drivel disguised as intellectualism is still drivel. I'm
 saddened that you feel the need to rationalize and excuse murder on such a
 scale and by such means. I also find it puts you in the same category as
 those who would commit such atrocities. Interestingly enough, do you think
 you would be able to voice a similar tirade in other parts of the world?
 You speak of us and them, where is it you hail from Reeta? Perhaps you can
 advise us here in America how you handle such us versus them issues?
 Hmmm? Oh wait, based on your essay I think I see how you would handle such
 a quandary.
 
 Your ridiculous manifesto is nothing but a thinly veiled approval form for
 the human sewage that committed this act. Your attempt to rationalize it
 sickens me. It's always ever so much easier to cloak things like this in
 terms that make it all seem like an academic exercise. Terrorism is indeed
 about people, as you so stated, and when you have people in this world who
 will stop at nothing to destroy others, or to advance their own fanatical
 beliefs, there are going to be tragic consequences.
 
 I had no intention of responding to this long winded analysis of yours,
 it is flawed both logically and factually. As such I will cut short my
 reply. I would certainly hate to seem arrogant.
 
 
 
 
 
 
 
 
 mehrzee@vsnl
  .netTo:
 [EMAIL PROTECTED]
 

 Priscilla Oppenheimer
 http://www.priscilla.com

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19896t=19896
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: :-((( [7:19468]

[Rob Bains]

Well;

I'm sure all the words have already been said, but I tried to refuse to
believe my ears
when I first woke up to news on the radio this morning.  Unfortunately, that
feeling of
disbelief was very short-lived since it was all over the media. Although I
don't
personally know anyone from that area, but I feel that innocent lives have
have been
lost, and many others have been affected by that loss for years to come.  My
thoughts
and feelings are with those who survived, and the ones who lost their loved
ones. Trust
me, the emotions were felt all day here in Vancouver, BC (Canada).  Office
buildings
were shutdown mid-day.

In closing, I just want to say that no matter what the religion, one belongs
to, these
are real human beings taken away from fathers, mothers, brothers, sisters,
sons, and
daughters.  That is the issue, period!!

Question:  When will the human race learn to resolve their differences in
more peaceful
way???

Hope all is well with those in the middle of this crisis.

  Rob

[EMAIL PROTECTED] wrote:

 Thank You Rene, and also Rita.
 I am in shock. There are many people on this list who worked in those
 buildings, and many more with friends and family there.
 I just heard from my first friend who was there and made it home.
 I'm sitting here watching my email and waiting for my phone to ring.
 Besides my friends and associates who are there, I can't help to think of
 the thousands and thousands of faces I've past in those hallways,
 escalators, offices, etc.

 -Erik Mintz

 Rene Schmid writes:

  best wishes from austria
 
  last week i have configured a serial connection between wtc new york and
 wtc
  vienna and today i'm very sad about this terrorist attack
 
  hope  that most of the people are OK
 
  Rene

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19516t=19468
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: FW: Off topic: check in for WTC, Pentagon survivors [7:19517]

[Rob Bains]

Well;

I'm sure all the words have already been said, but I tried to refuse to
believe my ears
when I first woke up to news on the
radio this morning.  Unfortunately, that feeling of disbelief was very
short-lived since
it was all over the media. Although I
don't personally know anyone from that area, but I feel that innocent lives
have have
been lost, and many others have been
affected by that loss for years to come.  My thoughts and feelings are with
those who
survived, and the ones who lost
their loved ones. Trust me, the emotions were felt all day here in
Vancouver, BC
(Canada).  Office buildings were
shutdown mid-day.

In closing, I just want to say that no matter what the religion, one belongs
to, these
are real human beings taken away from
fathers, mothers, brothers, sisters, sons, and daughters.  That is the
issue. Period!!

Question:  When will the human race learn to resolve their differences in
more peaceful
ways???

Hope all is well with those in the middle of this crisis.

  Rob

Chuck Larrieu wrote:

 forwarding from another source:


  A web site has been set up where survivors of today's terrorist
  activities can post word a brief word that they are okay:

  http://www.shunn.net/okay/

 If you care to publicize this, it may save some people some heartache.

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19517t=19517
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Which IOS's support DSL? [7:18034]

[Mears, Rob]

Use Cisco web site for info like this.  Feel the Force.

c2600-is56i-mz.121-5.YB2  This works


Rob
Thank you,
Rob Mears III, CCNA, MSCE, CNE, NNCDS, NNCSS, A+
Technical Mercenary
Valor Telecom


-Original Message-
From: Matthew Wilkinson [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 03, 2001 10:08 PM
To: [EMAIL PROTECTED]
Subject: Re: Which IOS's support DSL? [7:18034]


I have a 2600 witha  DSL WIC and none of the newer IOS's I have install
recognise the card.  This is simply pluggd directly into the phone system,
it is used in a home.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=18424t=18034
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: I have a customer who... food for thought - static routes [7:18189]

[Rob Fielding]

As far as address conservation goes, they're better off addressing the wan
links between the 7206 and the 827's as /30, and letting the 827's provide
dhcp address to the home users.  The home networks can all be the same
network (and 1000 duplicate addresses, who cares).  As far as the rest of
the network is concerned, there's only one address for each home network,
the unique nat outside address of the 827.  Using IP unnumbered on the wan
links is only going to eat up more addresses because they will have to
advertise the networks on the home side of the 827's.  They can burn up 1000
/30s or 1000 /28s.

The 827s can be build with a cookie cutter config.  The only thing that
needs to be different on each one is the wan ip address.  Nobody needs to
keep track of what addresses are in use at what house, no static address
database is needed (for these 1000 links anyway - I don't know what the rest
of their network looks like), and the home pc's could be built cooke cutter,
too.  They could save a ton of money on man hours if layer 8 wasn't in the
way.

-Rob Fielding  CCIE #7996




- Original Message -
From: Chuck Larrieu 
To: 
Sent: Saturday, September 01, 2001 6:43 AM
Subject: RE: I have a customer who... food for thought - static routes
[7:18180]


 you know something? That's an interesting idea! May I think out loud here?


core_network7200--827--home_
 user
   routed NATinside_network
 subinterfaces  global outside who cares
 what's inside?

 need an ip on the 7200 side and the 827 side - takes up two hosts of the
/28
 the customer is specifying...

 well, let's see... there is still the matter of the home user inside
 addressing. Care needs be taken because even though there is private
 addressing in place, there is still the possibility of overlap with other
 parts of the network. hhhmmm...

 on the 7200 side, all subnets are on directly connected interfaces. run
the
 routing protocol of choice, and summarize the subnets into the core.
 eventually there will be several hundred /28's. at 16x28 per /24, that
means
 a lot of /24's eventually. if the customer played their cards right, they
 could advertise what? a single /20 or so? maybe even a /19?

 for address conservation, the customer is insisting on ip unnumbered on
the
 links. I'm pondering the relative merits - does NAT'ing create more or
less
 work? Does it require more or fewer things to keep track of? on the other
 hand, it does answer a number of the customer expressed concerns and
 policies.

 You know, Rob, it would be a hell of a lot easier dealing with you than
with
 the particular group
 I am dealing with. At least you have some creativity and some
understanding
 of the alternatives. I'll bet the two of us could come up with a solution
 that would knock their socks off. So far I've had to listen to the bogus
 route flapping argument ( every time a DSL user turns off his equipment,
 we'll see route flaps in our core ) the bogus default route advertisement
 argument
 ( these guys will connect a router at home and start advertising a
default
 that will screw up the entire company ) ok, so we put them in their own
 domain and redistribute with strict filtering. or we use On Demand
Routing.
 well we don't want CDP running on these routers because it's insecure
OK.
 I give up. well we don't understand why you have to do it this way
anyway.
 when we were with X company all we did was use a static default yes but X
 company was an ISP and you were using a VPN with the associated overhead.
 our solution is equivalent to a frame relay network, and can be treated
 accordingly. and the final definitive argument, against which there is no
 counter - our policy does not allow routing to remote access users

 As I said someplace else, the real issue here lies somewhere above layer
7.
 Hey, Howard, at what layer are ignorance and lack of clue? ;-

 Chuck

 -Original Message-
 From: Rob Fielding [mailto:[EMAIL PROTECTED]]
 Sent: Friday, August 31, 2001 6:06 PM
 To: Chuck Larrieu; [EMAIL PROTECTED]
 Subject: Re: I have a customer who... food for thought - static routes
 [7:18108]


 Actually, when I mentioned bridging, I was only talking about the 827s.
 They should still have to route through the 7206 to reach each other.
But,
 bridging is just a bad idea anyway.  Instead, you could NAT the home side
of
 the 827 to the address of the 827s wan interface.  Each link between the
 7206 and the 827s is a separate routed link, but the 7206 doesn't need to
 know about the networks behind the 827s.  It only needs to know about the
 links that are directly connected.  No bridging and no statics needed, and
 if the wan links are addressed properly, then they can all be summarized
to
 the rest of the corporate network.  Since security is a concern, then I
 would suggest an access list on the 827s to only allow established
 connections inbound.

 -Rob Fielding  CCIE #7996

Re: I have a customer who... food for thought - static routes [7:18108]

[Rob Fielding]

I just quickly glanced at the 827 docs on cisco.com, so please correct me if
I'm wrong about them.  According to the docs, you can configure the 827's
for bridging or NAT.  You could avoid static routes on this edge of the
customer's network entirely (except for defaults on the 827's).  The 7206
would see all of the home networks as being directly connected.  NAT
overload would probably be my first choice because the 827 could assign
addresses to the home pc's with DHCP, so the users wouldn't have to
configure anything, and any number of home pc's would just share the 827's
wan interface address.  No need for statics at all.
Does the customer have any issues about this type of config?

-Rob Fielding  CCIE #7996



- Original Message -
From: Chuck Larrieu 
To: 
Sent: Thursday, August 30, 2001 10:38 PM
Subject: RE: I have a customer who... food for thought - static routes
[7:18038]


 There have been several good replies to my post. In addition to Tony's
 insight below, Leigh Anne and Jim both had excellent observations that
 covered issues my customer raised.

 The customer expressed concerns were with engineers who for any number of
 reasons, whether careless, inconsiderate, malicious, or as part of their
 jobs, might bring down various segments. this is something that apparently
 happens with some regularity in the customer production network.

 there were concerns with route flapping at the core. we are in California,
 after all, and we still live under the threat of rolling blackouts. plus
 many folks out here are doing their part by shutting things down at night,
 or when not in use. The flapping issue is bogus, as one could always
 advertise only the summaries into the core, but again, the customer
engineer
 would not hear of it.

 the customer deliberately turns off CDP. I did not discuss this with him,
 but I suspect there is a bit of concern with revealing information that
CDP
 transmits.

 my point in bringing up this situation was in part to stimulate thought
 about using various forms of routing as one means of enforcing policy.
 Static routing is not necessarily a bad thing. On the other hand, there
are
 other ways to deal with the stated concerns other than massive static
 routing.

 enjoyed the comments. thanks, everyone.

 Chuck

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Tony Medeiros
 Sent: Thursday, August 30, 2001 12:23 AM
 To: [EMAIL PROTECTED]
 Subject: Re: I have a customer who... food for thought - static routes
 [7:17826]


 I'll bite:
 PROS:

 1) If DSL user decides to change his network for some reason and it
overlaps
 another on somewhere, dynamic routing will hose the core. (could prevent
 with route filtering but that would be an even bigger hassle).

 2)  7206 might fold with that many routing protocol neigbors (depends on
 routing protocol)

 3)  Job security for the guy managing the network :)

 4) ODR needs CDP and that many neighbors could fold the core too maybe ??
 Don't know about that.

 5) Less overhead in general.

 6) Security,  Don't want some guy to announce a boatload of bogus
networks.

 7) Unless the routing protocol of choice can only send a default route,
 Those little DSL routers would get killed with a big table.  OSPF is would
 do it but would each little router would need to be in it's own area or
the
 LS database would kill the little guys .  RIP seems like a good choice,
but
 again,  there would be need for a lot of filtering to keep the table
small.
 You could have a default static on all the little guys and filter ALL
 updates coming out of the core.  But there is the security thing again.

 8) Stability,  The static way will be the most stable for sure,

 CONS:
 1)  Managment nightmare.

 I think I see their point already Chuck. I don't quite see why CDP
wouldn't
 be allowed though.
 Am I close ?
 Tony M.

 - Original Message -
 From: Chuck Larrieu
 To:
 Sent: Wednesday, August 29, 2001 11:28 PM
 Subject: I have a customer who... food for thought - static routes
[7:17819]


  I have a customer who... don't you love it when a post begins with those
  words?
 
  In my case, I am hoping this can serve as food for thought, a
springboard
  for discussion. So here goes
 
  My customer is a high tech firm whose name you would all recognize, if I
  were to exhibit ill manners by revealing it.
 
  My project ( well, I'm just the junior assistant engineer ) is to
develop
  and proof configurations for a private remote access network. DSL at the
  home, ATM at the central site. Not a VPN. This circuit does not touch
the
  internet.
 
  In any case, the client is expecting 500-1000 home users on this
network.
 
  Here's the kicker. the client refuses to allow routing protocols on
either
  the home user routers ( Cisco 827's ) or the central site router ( Cisco
  7206 ) That means how many static routes at the host site? :-0
 
  Food for thought - what are some of the reasons the customer

Re: I have a customer who... food for thought - static routes [7:18152]

[Rob Fielding]

Actually, when I mentioned bridging, I was only talking about the 827s.
They should still have to route through the 7206 to reach each other.  But,
bridging is just a bad idea anyway.  Instead, you could NAT the home side of
the 827 to the address of the 827s wan interface.  Each link between the
7206 and the 827s is a separate routed link, but the 7206 doesn't need to
know about the networks behind the 827s.  It only needs to know about the
links that are directly connected.  No bridging and no statics needed, and
if the wan links are addressed properly, then they can all be summarized to
the rest of the corporate network.  Since security is a concern, then I
would suggest an access list on the 827s to only allow established
connections inbound.

-Rob Fielding  CCIE #7996



- Original Message -
From: Chuck Larrieu 
To: Rob Fielding ; 
Sent: Friday, August 31, 2001 5:07 PM
Subject: RE: I have a customer who... food for thought - static routes
[7:18108]


 yes - sheer numbers of devices in the shared bridging domain. we are
talking
 500 to a thousand home users, many of whom are technically savvy folks who
 may have reasons good or bad to connect multiple devices to the home part
of
 the remote access network. not to mention the fact that bridging would
mean
 direct and unrestricted access from each of these home guys to eachother.
I
 can just see the little rascals Code Redding eachother! ;-

 Chuck

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Rob Fielding
 Sent: Friday, August 31, 2001 9:58 AM
 To: [EMAIL PROTECTED]
 Subject: Re: I have a customer who... food for thought - static routes
 [7:18108]


 I just quickly glanced at the 827 docs on cisco.com, so please correct me
if
 I'm wrong about them.  According to the docs, you can configure the 827's
 for bridging or NAT.  You could avoid static routes on this edge of the
 customer's network entirely (except for defaults on the 827's).  The 7206
 would see all of the home networks as being directly connected.  NAT
 overload would probably be my first choice because the 827 could assign
 addresses to the home pc's with DHCP, so the users wouldn't have to
 configure anything, and any number of home pc's would just share the 827's
 wan interface address.  No need for statics at all.
 Does the customer have any issues about this type of config?

 -Rob Fielding  CCIE #7996



 - Original Message -
 From: Chuck Larrieu
 To:
 Sent: Thursday, August 30, 2001 10:38 PM
 Subject: RE: I have a customer who... food for thought - static routes
 [7:18038]


  There have been several good replies to my post. In addition to Tony's
  insight below, Leigh Anne and Jim both had excellent observations that
  covered issues my customer raised.
 
  The customer expressed concerns were with engineers who for any number
of
  reasons, whether careless, inconsiderate, malicious, or as part of their
  jobs, might bring down various segments. this is something that
apparently
  happens with some regularity in the customer production network.
 
  there were concerns with route flapping at the core. we are in
California,
  after all, and we still live under the threat of rolling blackouts. plus
  many folks out here are doing their part by shutting things down at
night,
  or when not in use. The flapping issue is bogus, as one could always
  advertise only the summaries into the core, but again, the customer
 engineer
  would not hear of it.
 
  the customer deliberately turns off CDP. I did not discuss this with
him,
  but I suspect there is a bit of concern with revealing information that
 CDP
  transmits.
 
  my point in bringing up this situation was in part to stimulate thought
  about using various forms of routing as one means of enforcing policy.
  Static routing is not necessarily a bad thing. On the other hand, there
 are
  other ways to deal with the stated concerns other than massive static
  routing.
 
  enjoyed the comments. thanks, everyone.
 
  Chuck
 
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  Tony Medeiros
  Sent: Thursday, August 30, 2001 12:23 AM
  To: [EMAIL PROTECTED]
  Subject: Re: I have a customer who... food for thought - static routes
  [7:17826]
 
 
  I'll bite:
  PROS:
 
  1) If DSL user decides to change his network for some reason and it
 overlaps
  another on somewhere, dynamic routing will hose the core. (could prevent
  with route filtering but that would be an even bigger hassle).
 
  2)  7206 might fold with that many routing protocol neigbors (depends on
  routing protocol)
 
  3)  Job security for the guy managing the network :)
 
  4) ODR needs CDP and that many neighbors could fold the core too maybe
??
  Don't know about that.
 
  5) Less overhead in general.
 
  6) Security,  Don't want some guy to announce a boatload of bogus
 networks.
 
  7) Unless the routing protocol of choice can only send a default route,
  Those little

RE: BMC Patrol [7:17794]

[Mears, Rob]

It not BMC patrol that is the question but Patrol DashBoard and
 Patrol Visualis, any word???


Thanks
Thank you,
Rob Mears III, CCNA, MSCE, CNE, NNCDS, NNCSS, A+
Technical Mercenary
Valor Telecom


-Original Message-
From: Patrick Donlon [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 2:55 AM
To: [EMAIL PROTECTED]
Subject: Re: BMC Patrol [7:17794]


BMC patrol was used at the last company I worked at, an ISP based in the
Netherlands, it wasn't a project I was working on, as it was used to monitor
the applications and not the network but if you want to email me offline
then send you the company's details so you can get some info or dirt on it

cheers Pat


350mhz  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi Cisco Geeks,


 We are evaluating a new product from BMC called Patrol DashBoard and
 Patrol Visualis. I am told by the Sales Geeks that this product is
 fairly new; therefore it's been rough getting feed back. So I turn to
 you.  What is the word? Who has used it, what are the Pro and Cons? Is
 this company worth dealing with? They are cutting us a good deal and the
 CIO is about to go for it unless I can dig up some dirt.


 Thank
 Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17934t=17794
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: hello all....terminal emulation software... [7:17968]

[Rob Bains]

I believe TeraTerm Pro will also give you the same thing.  You can also us
ssh by
installing TTSSH extension for it, and it's all free.

Baker, Jason wrote:

 try secure CRT

  -Original Message-
  From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
  Sent: Friday, 31 August 2001 8:33 am
  To:   [EMAIL PROTECTED]
  Subject:  hello allterminal emulation software... [7:17968]
 
  I am trying to locate a freeware terminal emulation software that will
  allow
  me to select com ports 5 and 6...hyperterm doesn't support anything
beyond
 
  com4.  I've installed a serial card that utilizes com5 and com6 only.  I
  will
  be using these two ports to console into my routers.  Anyhelp in finding
a
 
  terminal software that does this is greatly appreciated.

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=18005t=17968
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ospf [7:18002]

[Rob Fielding]

Do Not Age.  Those are routes that don't age out.  They were probably
learned across an ISDN backup link, or a virtual link.  If the router has an
isdn interface, check for the 'ip ospf demand-circuit' command.  Otherwise,
look for a virtual link configured on a router.  There's good info about
this on cisco.com, and on the doc cd.

-Rob Fielding  CCIE #7996


- Original Message -
From: Dwayne Saunders 
To: 
Sent: Thursday, August 30, 2001 6:41 PM
Subject: ospf [7:18002]


 Hi all,
 is any one able to direct me in the right direction or be able to
 explain what the (DNA) is in the sh ip ospf database

 Router Link States (Area 0)

 Link ID ADV Router  Age Seq#   Checksum Link count
 172.16.11.100   172.16.11.100   19700x8008 0x776B   5
 172.26.1.49 172.26.1.49 5 (DNA) 0x8158 0xD943   1
 192.168.101.101 192.168.101.101 1895  (DNA) 0x815E 0xDCE3   1

 Summary Net Link States (Area 0)

 Link ID ADV Router  Age Seq#   Checksum
 172.26.1.17 172.26.1.49 678   (DNA) 0x8155 0x23F1
 172.26.1.33 172.26.1.49 678   (DNA) 0x8155 0x8282
 172.26.1.49 172.26.1.49 678   (DNA) 0x8155 0xE113
 192.168.1.16172.16.11.100   19710x8006 0x9708
 192.168.1.16172.26.1.49 1 (DNA) 0x815C 0x1B5F
 192.168.1.16192.168.101.101 1895  (DNA) 0x800A 0x97FB
 192.168.1.48172.16.11.100   19710x8007 0x542A
 192.168.1.48172.26.1.49 1 (DNA) 0x8003 0x8530
 192.168.1.48192.168.101.101 1895  (DNA) 0x8005 0x6A0D
 192.168.1.64172.16.11.100   19710x8005 0xC1AD
 192.168.1.64172.26.1.49 678   (DNA) 0x8155 0x3D15
 192.168.1.64192.168.101.101 1895  (DNA) 0x8008 0xCD95
 192.168.101.101 192.168.101.101 1895  (DNA) 0x8007 0x527B

 any help will be appreciated

 D'Wayne Saunders
 Network Admin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=18015t=18002
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VPN from 2600 routers to PIX 525 Question [7:17700]

[Mears, Rob]

I am looking for someone who is running VPN's between 2621 routers and PIX
525 on IOS 6.0 to campare notes with.
How are they working for You?


Thanks

Thank you,
Rob Mears III, CCNA, MSCE, CNE, NNCDS, NNCSS, A+
Technical Mercenary
Valor Telecom




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17700t=17700
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Offtopic: Sun Solaris Admin [7:17684]

[Rob Bains]

Try solcert on yahoo.  There are a couple of sun related lists on Yahoo, but
solcert is
a good starting point.

  Rob

Admin wrote:

 hi all,

 do you know of a similar discussion group dedicated to Unix/Sun Solaris
Admin
 certification ?

 have to get solaris admin cert to retain my job.

 thanks

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17783t=17684
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCIE Lab Prep Guides [7:17584]

[Rob Fielding]

I used the CCBootcamp labs.  Certificationzone has a couple of good labs.
Their frame-relay lab is pretty good.  I haven't seen any of their new
stuff.  The CCBootcamp labs are big scenarios, most of which will take all
day to do.  I used them for studying and practice at first, and for speed
drills later.  Get on the Groupstudy CCIE Lab list, buy the bootcamp labs,
and get some routers to practice on.  Go to the ECP1 class if you can.  Good
luck to you.

-Rob Fielding  CCIE #7996


- Original Message -
From: 
To: 
Sent: Tuesday, August 28, 2001 11:19 PM
Subject: CCIE Lab Prep Guides [7:17584]


 Does anyone have any feedback on the CCIE lab prep workbooks from
CCBootcamp
 (Network Learning, Inc.) vs. CertificationZone ? Just curious as to how
 valuable these may be. So far, I have been utilizing the generic books
 (Caslow, Satterlee, Halabi, Doyle...) for scenarios and practice.



 Thanks,

 Duncan

 Duncan Wallace
 Sr. Network Engineer
 800.COM Inc.
 1516 NW Thurman St
 Portland, OR  97209-2517

 Direct: 503.944.3671
 Cell: 503.969.8248
 Fax: 503.943.9371
 Web: http://800.com
 Email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17717t=17584
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Great Mortgage Rates [7:17354]

[Rob Bains]

Is this list no moderated How do people get away with this type of
non-sense??

Rob

[EMAIL PROTECTED] wrote:

 fs756d
 Whether a new home loan is what you seek or to refinance
 your current home loan at a lower interest rate, we can help!

 Mortgage rates haven't been this low in the last 12 months,
 take action now!

 Refinance your home with us and include all of those pesky
 credit card bills or use the extra cash for that pool you've
 always wanted...

 Where others say NO, we say YES!!!
 Even if you have been turned down elsewhere, we can help!

 Easy terms!  Our mortgage referral service combines the
 highest quality loans with the most economical rates and
 the easiest qualifications!

 Take just 2 minutes to complete the following form.
 There is no obligation, all information is kept strictly
 confidential, and you must be at least 18 years of age.
 Service is available within the United States only.
 This service is fast and free.

 Free information request form:
 PLEASE VISIT
 http://www.freewebdirect.net/mortgagezone

 
 Since you have received this message you have either responded
 to one of our offers in the past or your address has been
 registered with us.  If you wish to be removed please reply to:
 mailto:[EMAIL PROTECTED]@yahoo.com?subject=remove
 

 fsda0uio

 ***

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17356t=17354
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: banner motd [7:17204]

[Rob Robinson]

Have you tried a code upgrade?  We had a situation where a 4906 Switch
displayed the same behavior...only displayed the partial banner.  It's code
version only allowed a certain number of characters in the banner.  Upgrade
to latest IOS fixed it.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Lupi, Guy
Sent: Saturday, August 25, 2001 3:20 PM
To: [EMAIL PROTECTED]
Subject: RE: banner motd [7:17204]


Should have done that in the first email, here it is.  Like I said, works on
all my other routers, just not on the ones running Version 12.0(3)T3.
Thanks.

banner motd x

* !  WARNING  !*
*  *
* This is a private system.  Unauthorized access is prohibited by law. *
*  *
*   Violators may be prosecuted.  If you are not authorized*
*  *
*to access this system, please disconnect now. *
*  *


x




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17267t=17204
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: DNS, DHCP, UNIX, FTP help [7:15164]

[Rob Bains]

For best materials on any of these topics or any other UNIX related topics,
I would
suggest checking out Oreilly's (www.ora.com).  They are absolutely
outstanding!! And I
don't work for them or get paid to say any of this.

RSB (SCSA, SCNA, CCNA)

Brian wrote:

 hmm, a broad question.

 for unix stuff, i'd go with this.
 http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0130206016vm=c

 It will give you a lot of dirt on the other items also, as anyone into unix
 should get how that stuff works.

 Brian

 - Original Message -
 From: mike rose
 To:
 Sent: Tuesday, August 07, 2001 2:47 PM
 Subject: DNS, DHCP, UNIX, FTP help [7:15164]

  Any one know any good books for the folliowing topics
 
  DHCP, DNS, UNIX and FTP
 
  Any input will be greatly appreciated.
 
  Thanks
 
  Mike

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of rbains.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15204t=15164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]

[Rob Montgomery]

Offline please.


- Original Message -
From: Greg Macaulay 
To: 
Sent: Monday, July 30, 2001 5:13 PM
Subject: FW: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]


 -Original Message-
 From: Greg Macaulay [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 4:55 PM
 To: [EMAIL PROTECTED]
 Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]


 56 -- and I can prove it -- 8 grandchildren -- can't recall their
b-dates --
 and I have white hair!!!

 Gosh, I really didn't think that many folks on the list had so much time
on
 their hands to contribute to this nonsense (and fun!).

 Greg Macaulay
 Oldest CCNP/CCDP on Earth (recount in progress)
 Lifetime Member of AARP
 Retired Attorney/Law Professor

 -Original Message-
 From: William Gragido [mailto:[EMAIL PROTECTED]]
 Sent: Monday, July 30, 2001 4:10 PM
 To: 'Greg Macaulay'; [EMAIL PROTECTED]
 Subject: RE: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]


 I can't resist, how old are you?

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Greg Macaulay
 Sent: Monday, July 30, 2001 9:33 AM
 To: [EMAIL PROTECTED]
 Subject: Age Challenge for Oldest CCNP/DP on Earth!! [7:14167]


 I need proof -- date of birth, place of birth, whether you are left-or
 right-handed or ambidextrous, etc.  Without that -- I still claim the
title.
 In fact, I am taking on the Republicans spin in Florida on this.  My age
has
 been broadcast over this list for months and no one successfully came
 forth and refuted my claim to the title.  Thus, there has been an age
count,
 and an age recount and even a recount on the age recount -- and there has
 not been anyone who can prove BRD (lawyers shorthand for Beyond a
Reasonable
 Doubt!) that I am not the duly self-appointed and self-anointed oldest
 (albeit I concede not the wisest) CCNP/CCDP on this earth!!

 If necessary, I will call upon Ms. Katherine Harris (from Florida) to
 mediate this issue!!!

 See, we old folks have nothing on our plates so we can engage in this
 nonsensical, time-wasting behavior (at least while I'm having my first
 cuppa' tea this a.m.  Then its on to work!!!

 Greg Macaulay
 Oldest CCNP/CCDP on Earth (pending recount!)
 Lifetime Member of AARP
 Retired Attorney/Law Professor

   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
   Sent: Saturday, July 28, 2001 8:57 PM
   To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
   Subject: Re: For those studying VoIP/CVoice! [7:14061]


   Greg,

   Good post on a reference URL for VoIP.  I will be taking  Cisco IP Voice
   class next week and will refer to some of these links.

   TNX

   Note: However, you'll have to revise your signature as I think for the
 moment
   I am
   most likely the Oldest and Bald CCIE wannabe  ;-) at age 59 3/4

   Ray
   Oldest CCNP/CCDP on Earth



   
   FYI

   I discovered this page on CCO by accident.  Hope it helps those who are
   preparing for CVoice

   http://www.cisco.com/warp/public/788/voip/voip.shtml


   Greg Macaulay
   Oldest CCNP/CCDP on Earth
   Lifetime Member of AARP
   Retired Attorney/Law Professor
   




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=14269t=14167
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Mears, Rob]

Greeting to all,

This problem proved to be a real bitch, and I thank you for all the advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages even
after TAC sent me new memory and a new router. The 3rd TAC engineer was the
charm, because he asked me if this was a TELCO version of the 3660. That was
a real good question cuss I had no idea, as I have never worked on one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.  Man
what a day. The other way to see if the router is an Enterprise version or
Telco is to run the SN numbers. I can think off all the times i do this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal (thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more then
once, so I have nothing but good to say for them. Yes I have gotten some
DORKS before, but I have the option to tell them to get lost and give me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would appreciate it if you kept this under
your hat.

Regards

Charlie


 --- Mears, Rob  wrote:  Any one ever had
a problem loading IOS on a 3660 right out of the
 box? I
 have one with 64meg flash and 256 ram and the damn thing will not
 come out
 of RMMON. I have set the confreg to boot correctly still RMMON. I
 have
 flashed it with two different IOS (12112.2), swapped out Flash,
 MEM, even
 sent the chassis back to Cisco and the new one had the same
 problem. TAC has
 no clue, they have been sending me part and giving me to different
 Engineer
 with no luck.
 
 What gives?
 
 Rob
[EMAIL PROTECTED] 


Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=12135t=12135
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router-----Finished [7:12135]

[Mears, Rob]

that is! that's the one. Damn Telco stuff. You know it was said if they were
to burn (Telco Routers), it would not put off toxic fumes (no plastic an
telco requirment) . I looked around the CO and wondered about the billions
little blue and white analog wires we have form ceiling to floor and
wondered what's the point. Smoke from the router won't kill me, but the
plastic from the wires will.  Man


rob

-Original Message-
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:26 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Uhh, they do!
c3660-telcoent-mz.121-5.T9.bin

-Original Message-
From: Bob Johnson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


Telco requirements are quite strict
There are Bellcore standards that are used at all central offices.
It has nothing to do with the goverment but will Bell ensurring that any
third party equipment will:
1) Fit in telco racks
2) No physically interfer with other equipment in telco racks
3) Not add to the fire load
4) Not cause any undue electrical problems (NEBS grounding, etc)

It's all really for infrastructure protection
Too bad they didn't have a Telco version of the IOS.

Bob

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:29 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router-Finished [7:12135]


This brings up a point:  why is there a telco version in the first
place?  What are these telco requirements and why are they there?  I've
been hearing little snippets about this but I don't know the details. 
From what I've read so far, it sounds like some government agency had
too much time on its hands and felt like being even more intrusive than
usual.  

Who cares if there is a plastic cover or not?  Who cares if the rack is
19 or 24 wide?  Who cares if the equipment is more than 12 deep?  

Someone please explain this to me, and please tell me there are good
reasons for these requirements.  Otherwise, it will just annoy me and
ruin my day.  ;-)  Besides, I have a feeling I'll be running into
situations where equipment that I provision has to meet these
requirements so I might as well know what they are, right?

Thanks,
John (who is just starting his 2nd cup of coffee...be gentle.)

 Mears, Rob  7/12/01 8:55:12 AM 
Greeting to all,

This problem proved to be a real bitch, and I thank you for all the
advice. 

Here is the fix, and I am almost ashamed to say, but I want to pass
this on
so none of you all fall into the same trap as I did.

As I said, in one post before, I kept getting the same error messages
even
after TAC sent me new memory and a new router. The 3rd TAC engineer was
the
charm, because he asked me if this was a TELCO version of the 3660.
That was
a real good question cuss I had no idea, as I have never worked on
one.
Well, that was the problem, it takes a TELCO FEATURE SET IOS. One
telltail
clue is that their is not a plastic front on the Telco version.
I saw this right off the bat, but thought Cisco had just redesigned it.
 Man
what a day. The other way to see if the router is an Enterprise version
or
Telco is to run the SN numbers. I can think off all the times i do
this
before I install an IOS. Maybe i should.

Good news is I got it fixed and got a new Router out of the deal
(thanks you
TAC). And as TAC goes, they have pulled my Butt out of the sling more
then
once, so I have nothing but good to say for them. Yes I have gotten
some
DORKS before, but I have the option to tell them to get lost and give
me a
new Engineer. We pay a lot for this service.

Hope this has been as educational for you all as it has been for me.

Look below at link for the difference in the two.
http://www.cisco.com/warp/public/cc/pd/rt/3600/prodlit/36kmp_ds.htm 


-Original Message-
From: Charlie Hartwell [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 11, 2001 9:15 AM
To: Mears, Rob
Subject: Re: 3660 router [7:11917]


Hi Rob,
 I didn't want to send this out to the whole group but I sympathise
with your problem - I used to work on TAC and I see this sort of
thing happening more and more. Unfortunately TAC have a new policy of
employing people without much real technical experience (even
pre-CCNA level people) and they put them on the bread and butter
TAC teams to break them in. It will be one of those teams dealing
with your problem - probably euro-config. I know a lot of those
guys and, although they all work hard, they don't have the experience
to deal with a case that gets over complicated.

 If you have had an RMA already and you are still no nearer to
solving the problem then the next step is to have the case escalated.
I expect this case has been going on for a few days already and has
probably passed the P3 SLA so the TAC can escalate to a more
technical team to get you a speedy fix.

 I hope this helps and I would

3660 router [7:11917]

[Mears, Rob]

Any one ever had a problem loading IOS on a 3660 right out of the box? I
have one with 64meg flash and 256 ram and the damn thing will not come out
of RMMON. I have set the confreg to boot correctly still RMMON. I have
flashed it with two different IOS (12112.2), swapped out Flash, MEM, even
sent the chassis back to Cisco and the new one had the same problem. TAC has
no clue, they have been sending me part and giving me to different Engineer
with no luck.

What gives?

Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=11917t=11917
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router [7:11917]

[Mears, Rob]

You can flash it via Xmodem


-Original Message-
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 8:59 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router [7:11917]


open up hyperterm, connect to console, log the session, flick the power
switch, and let it drop into ROMMON.

then you need to post the text file IN LINE with your next email.
THEN we can help you.


-Original Message-
From: Mears, Rob [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 9:33 AM
To: [EMAIL PROTECTED]
Subject: 3660 router [7:11917]


Any one ever had a problem loading IOS on a 3660 right out of the box? I
have one with 64meg flash and 256 ram and the damn thing will not come out
of RMMON. I have set the confreg to boot correctly still RMMON. I have
flashed it with two different IOS (12112.2), swapped out Flash, MEM, even
sent the chassis back to Cisco and the new one had the same problem. TAC has
no clue, they have been sending me part and giving me to different Engineer
with no luck.

What gives?

Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=11948t=11917
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3660 router [7:11917]

[Mears, Rob]

I hope u can help. With the message below it would appear the it has bad
mem, but I replace it. I got this error message on both router, the old and
the new. The only thing that was left in common was the IOS so I got a
different version and still the same problem.



Here is the error message

WARNING: All existing data in flash will be lost!
Invoke this application only for disaster recovery.
Do you wish to continue? y/n  [n]:  y
Ready to receive file c3660-jk8s-mz.122-1b.bin ...
Erasing flash at 0x3000sector erase failed at location 0x3000,
status 0x
20202020
flash sector will NOT erase...aborting
rommon 2 

-Original Message-
From: Peter Slow [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 8:59 AM
To: [EMAIL PROTECTED]
Subject: RE: 3660 router [7:11917]


open up hyperterm, connect to console, log the session, flick the power
switch, and let it drop into ROMMON.

then you need to post the text file IN LINE with your next email.
THEN we can help you.


-Original Message-
From: Mears, Rob [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 9:33 AM
To: [EMAIL PROTECTED]
Subject: 3660 router [7:11917]


Any one ever had a problem loading IOS on a 3660 right out of the box? I
have one with 64meg flash and 256 ram and the damn thing will not come out
of RMMON. I have set the confreg to boot correctly still RMMON. I have
flashed it with two different IOS (12112.2), swapped out Flash, MEM, even
sent the chassis back to Cisco and the new one had the same problem. TAC has
no clue, they have been sending me part and giving me to different Engineer
with no luck.

What gives?

Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=11950t=11917
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX 5.25 ftp Passive-non Passive [7:10306]

[Mears, Rob]

Question for the gods,

We have a requirement to retrieve data from a client's FTP server which is
not Passive in natures, meaning it does not support. My pix box has no
problems getting to FTP sites that support Passive mode. I am 90% sure the
problem is with the client and not me. I have researched this and have
found, in order to allow my users to the FTP I would have to open a range of
ports on the Fwall. Has anyone run into this and does anyone have a easy
fix? I am about to tell the client to (##$%^) just submit and upgrade their
FTP but who knows how long this will take.

How about some help.


Thanks




Thank you,
Rob Mears III, CCNA, MSCE, CNE, NNCDS, NNCSS, A+
Technical Mercenary
Valor Telecom




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=10306t=10306
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Firewall [7:9295]

[Rob Smyth]

I wouldn't recommend a direct termination with a cross-over.
They should be plugged into a switch.
I have had problems in the past with 7200 series Routers plugged directly
into the PIX, interfaces tend to go up and down.

If I am not mistaken you can have only one default gateway.

You can specify traffic to other networks using Routes on the interface, the
Pix is a Firewall, not a router or switch.

You could also get an ASN number and run BGP to your ISPs, do a little
subnetting and specify that traffic coming from the lower half goes out one
t-1 and the upper out the other.  This would be based on your static from
the Pix.

Something I have done in the past is set up 2 PIX and split the network out.
One out PIX1 and the other out Pix 2.

If anyone else has suggestion please let me know, I am very interested as
well.

Robert C. Smyth
- Original Message -
From: sanjeev tyagi 
To: 
Sent: Thursday, June 21, 2001 5:17 AM
Subject: PIX Firewall [7:9295]


 Dear All,

 I am having PIX-515UR with 3-10/100 Ethernet ports, I have 2-ISP's which
are
 connected to 2-different 2500 series Routers.Can I terminate RJ-45
 interfaces from Router on PIX Firewall, how will Pix decide on which
Router
 the packets are to be send.
 Please Help.
 Thanks in advance
 Sanjeev Tyagi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=9337t=9295
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Could someone give me an example config of adsl+router? [7:6762]

[Mears, Rob]

Hi,

we are running ADSL at our ROBO around the US, we also use a VPN to get them
back to HQ. I will include a config that might help.   This is a 2621 router

Thank you,
Rob Mears III, CCNA, MSCE, CNE, NNCDS, NNCSS, A+
Technical Mercenary
Valor Telecom
**
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Amardsl001
!

logging rate-limit console 10 except errors
enable secret 5 $1$Onlr$fH2gcC0tDCI9hEpkC2/Nq.
!
!
!
memory-size iomem 10
ip subnet-zero
!
!
no ip finger
ip name-server XXX.XXX.1.8
!
no ip dhcp-client network-discovery
no mgcp timer receive-rtcp
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
crypto isakmp key X address XXX.XXX.37.5
!
!
crypto ipsec transform-set rtpset esp-des esp-md5-hmac
!
crypto map rtp local-address BVI1
crypto map rtp 1 ipsec-isakmp
 set peer XXX.XXX.37.5
 set security-association lifetime seconds 28800
 set transform-set rtpset
 match address amarillo
!
call rsvp-sync
!
!
!
!
!
bridge irb
!
!
!
!
interface FastEthernet0/0
 ip address XXX.XXX.102.1 255.255.255.224
 ip helper-address XXX.xX.6.31
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 duplex auto
 speed auto
!
interface ATM0/1
 description ADSL SWB XXX-3xxx-1600 Trouble 800-net-help
 no ip address
 no ip mroute-cache
 atm vc-per-vp 256
 no atm ilmi-keepalive
 pvc 0/35
  encapsulation aal5snap
 !
 bundle-enable
 dsl operating-mode auto
 no fair-queue
 bridge-group 1
 hold-queue 224 in
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface BVI1
 ip address XXX.XXX.XXX.49 255.255.255.248
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 crypto map rtp
!
ip nat pool Net-XXX.xxX.218.126.50 XXX.xXX.126.50 netmask 255.255.255.248
ip nat inside source route-map nonat pool Net-64 overload
ip classless
ip route 0.0.0.0 0.0.0.0 xxx
no ip http server
!
!
ip access-list extended amarillo
 permit ip x
 permit ip x
 permit ip x
logging 10.x
access-list 1 permit xxx
access-list 120 deny   ip xxx
access-list 120 permit ip xxx
!
!
route-map nonat permit 10
 match ip address 120
!
snmp-server community  RO
snmp-server community  RW
snmp-server packetsize 4096
bridge 1 protocol ieee
 bridge 1 route ip
!
dial-peer cor custom
!
!
!
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password xxx
 login
!
no scheduler allocate
end

Amardsl001#





















































-Original Message-
From: Steve Smith [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 01, 2001 8:47 AM
To: [EMAIL PROTECTED]
Subject: RE: Could someone give me an example config of adsl+router?
[7:6756]


I use a 827 router. This will go step by step to config one. You need
CCO.
http://www.cisco.com/warp/customer/794/827_faq.html

Steve

-Original Message-
From: Leo Shen [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 01, 2001 4:05 AM
To: [EMAIL PROTECTED]
Subject: Could someone give me an example config of adsl+router?
[7:6732]


it neednot dial,thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6762t=6762
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: entry in the ospf database but not in the route table ? Is [7:5067]

[Rob Fielding]

This is not a direct answer to your question, but you might be interested to
read this.  This paper describes one strange situation in which ospf routes
don't get into the routing table:

http://www.cisco.com/warp/public/104/10.html


-Rob Fielding



- Original Message -
From: Padhu (LFG) 
To: 
Sent: Friday, May 18, 2001 10:53 AM
Subject: entry in the ospf database but not in the route table ? Is that p
ossible ?


 I am trying to locate an email thread that was talking about having an
 entry
  in the ospf database but not in the route table ? Is that possible ?
 
  Cheers,Padhu
 **Please read:http://www.groupstudy.com/list/posting.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5067t=5067
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Study Partner in San Jose [7:4391]

[Rob Boyd]

Hi gang,

I've taken (and failed) the CCIE lab exam once.  I'm scheduled for December
2001.
I'd like to find anyone in the San Jose, CA area (hopefully with a similar
lab date) who
would be interested in putting together a staged attack.  I have a good
collection of
books and scenarios, lots of experience, and some home equipment.

Please let me know.

Thanks!

-Rob




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=4391t=4391
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: best location for ccie lab - rtp [7:2149]

[Rob]

what hotel would you recommend ?  thanks


Urooj's Hi-speed Internet  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I have only been to the Halifax site. It has cheap hotels (if you are
 spending in US $$), five-minute walk to the CCIE lab, very fair and
friendly
 Proctors, plus a historical city to see (for which one may not have the
 time).

 And if you manage to pass, you can celebrate with a feast of fine
lobsters.

 Aziz S. Islam

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Rob
 Sent: Thursday, April 26, 2001 2:13 PM
 To: [EMAIL PROTECTED]
 Subject: best location for ccie lab - rtp [7:2149]


 what's the best location to take the CCIE lab exam?  I realize that the
 exams are standardized worldwide but I'm looking for the overall picture,
 the friendlieness, good cheap hotels, easy commute to the lab facility
etc..
 I'm considering NC, halifax and maybe CA..  thanks
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=2291t=2149
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

best location for ccie lab - rtp [7:2149]

[Rob]

what's the best location to take the CCIE lab exam?  I realize that the
exams are standardized worldwide but I'm looking for the overall picture,
the friendlieness, good cheap hotels, easy commute to the lab facility etc..
I'm considering NC, halifax and maybe CA..  thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=2149t=2149
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3COM - CISCO interoperability

[Rob Fielding]

3Com's gig trunking protocol is proprietary.  Its a load sharing method
similar to Cisco's fast etherchannel concept.  The 6506 won't know what to
do with it.  Their gig modules will talk to each other, and both support
802.1q, but you cannot load share links between them.

-Rob Fielding


- Original Message -
From: "freddy moreno" [EMAIL PROTECTED]
Newsgroups: groupstudy.cisco
To: [EMAIL PROTECTED]
Sent: Tuesday, March 13, 2001 1:52 PM
Subject: 3COM - CISCO interoperability


 do any of you have experience connecting a 3com Corebuilder 9000 to a
Cisco
 6506
 using Gig Trunking?
any gotchas, special things that need to be done.

 please let me know than you

 thank you very much


 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Firewall Vlan Problem update: Still a problem

[Rob Cabeca]

Update:
I know that the Firewall does not know that the 10.25.192.0 /19 exists. I
tried to put in a route statement on the pix but it would not accept it.
This was the command: "route inside 10.25.192.0 255.255.224.0 10.25.223.2 1"

When I put in a route to the secondary Address of VLAN 1, it accepted it,
but I still could not ping anything in the 10 network from the firewall.
This was the command:"route inside 155.102.0.0 255.255.0.0 155.102.127.26 1"
I am completely stumped!

These were some of the previous comments I received and my original
statement is below. Thank you for amy insight you ma have on this!
Rob

comment:
"It sounds like your PIX doesn't know about 10.25.192.0/19 subnets.  It
knows
about the directly-connected 155 subnet, but not any past the 6506.  It
seems like you'll need some routes on the PIX (but I'm not really familiar
with those boxes).  Your PIX is probably defaulting to its outside
interface.  You need a route for 10.25.192.0/19 to 155.102.127.26 (if that
is the 6506) on the PIX."

comment:
"First, you have to understand that the PIX, out of the box, will not route
any
packets.  So you have to add static route statements pointing at interfaces
so
packets get to their destination.  Example:

route inside 10.0.0.0 255.0.0.0 10.1.1.1 1
route outside 1.2.3.4 255.255.255.0 5.6.7.8 1

The PIX probably doesn't know how to get to the other VLAN.  What are your
route statements in the PIX?"

Original:
Overview.

I am upgrading a network which has a 155.102.0.0 255.255.0.0 network. It is
flat. I have implemented a new IP Scheme  to be used in several VLAN's and
am trying to migrate to it. IP range is 10.25.192.0 - 10.25.223.254 broken
up into several /24's. There are 600 devices. Now to the nitty gritty.

Network Description

The 6506 has seven VLAN's configured as follows:
VLAN 1 - 10.25.223.2 /24 Primary  155.102.127.26 /16 secondary.
VLAN 2 - 10.25.215.254 /24
VLAN 3 - 10.25.216.254 /24
to -
VLAN 7 - 10.25.220.254 /24

There are 2 2600's which are routing to an ASP. Their addresses are  router
A - 10.25.223.3  B - .4 with .5 as HSRP.
There is a Pix 515 using address 155.102.18.191 Nating to the internet.
The 2600's have an extended access list on them which directs Port 80
traffic from the 159.102.x.x network between the ASP WAN and the internet.
They are also doing NAT from the ASP to the 155.102.x.x network. 1 class C
NAT pool for each router. A- 10.25.213.0 /24, B - 10.25.214.0 /24.

Problem

I cannot ping the firewall interface from the MFSC or the 6506 or from any
workstation that is using ANY of the VLAN default gateways. I have full
connectivity to the asp wan. I have full connectivity to the other VLAN's.
When devices use the 2600's HSRP address as default gateway, they have
access to the firewall, the asp and the VLAN's. I have no access to the
2600's as they do not belong to us.

I spoke with the Cisco TAC a few times. They gave up and wouldn't escalate
it because they could not find our service contract that we purchased. They
were anxious to close the case.

The trick to this migration is to maintain connectivity to all devices as
they are being migrated to the new IP scheme.

I will be very grateful to any serious replies to this situation.

Thanks for your expertise!
Rob

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help!, because Cisco says they can't. Firewall Vlan problem.

[Rob Cabeca]

The subnet masks on the pix and secondary address of the msfc is
255.255.0.0. Since the ASP routers are using an access list to direct
traffic to and from the internet, it may be filtering the route from the
msfc. Then we would be sol. I like your idea af switching the primary and
secondary ip's on the msfc. Also, there is no gateway of last resort. my
default gateway is pointing to the asp routers, and we are using the same
eigrp ##.

Thanks for your insight. Any further thoughts will be appreciated.
Rob


-Original Message-
From: Moe Tavakoli [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 02, 2001 0043
To: Rob Cabeca; groupstudy
Subject: Re: Help!, because Cisco says they can't. Firewall  Vlan
problem.


Back to basics:

Check your subnet mask on the interfaces connecting
the MSFC and the PIX (on the 155.102/16 net) If you
can;t ping the inside address of the PIX then your SOL
(make sure nothing is filtering the ping) once you
have this established (also check wirring and the such
and maybe even go to the extent of making your
secondary address the primary on the MSFC)
After that you should look into the routing table of
your MSFC.  Make sure the gateway of last reort (0 0
route) is point to the inside interface of the PIX,
and the selective route for the subnet pointing to the
ASP routers.
Be the packet know your source and destination and
follow it at every hop and make sure it can find out
wehre to go and how to get back (i.e. an internal
route on the PIX for the internal range to the MSFC.)

Moe.

--- Rob Cabeca [EMAIL PROTECTED] wrote:
 You guys have always been on target for me. I am
 hoping you give some
 insight to this. (the following addresses have been
 slightly altered for
 obvious reasons but they are true to the real ones).

 Overview.

 I am upgrading a network which has a 155.102.0.0
 255.255.0.0 network. It is
 flat. I have implemented a new IP Scheme  to be used
 in several VLAN's and
 am trying to migrate to it. IP range is 10.25.192.0
 - 10.25.223.254 broken
 up into several /24's. There are 600 devices. Now to
 the nitty gritty.

 Network Description

 The 6506 has seven VLAN's configured as follows:
 VLAN 1 - 10.25.223.2 /24 Primary  155.102.127.26
 /16 secondary.
 VLAN 2 - 10.25.215.254 /24
 VLAN 3 - 10.25.216.254 /24
 to -
 VLAN 7 - 10.25.220.254 /24

 There are 2 2600's which are routing to an ASP.
 Their addresses are  router
 A - 10.25.223.3  B - .4 with .5 as HSRP.
 There is a Pix 515 using address 155.102.18.191
 Nating to the internet.
 The 2600's have an extended access list on them
 which directs Port 80
 traffic from the 159.102.x.x network between the ASP
 WAN and the internet.
 They are also doing NAT from the ASP to the
 155.102.x.x network. 1 class C
 NAT pool for each router. A- 10.25.213.0 /24, B -
 10.25.214.0 /24.

 Problem

 I cannot ping the firewall interface from the MFSC
 or the 6506 or from any
 workstation that is using ANY of the VLAN default
 gateways. I have full
 connectivity to the asp wan. I have full
 connectivity to the other VLAN's.
 When devices use the 2600's HSRP address as default
 gateway, they have
 access to the firewall, the asp and the VLAN's. I
 have no access to the
 2600's as they do not belong to us.

 I spoke with the Cisco TAC a few times. They gave up
 and wouldn't escalate
 it because they could not find our service contract
 that we purchased. They
 were anxious to close the case.

 The trick to this migration is to maintain
 connectivity to all devices as
 they are being migrated to the new IP scheme.

 I will be very grateful to any serious replies to
 this situation.

 Thanks for your expertise!
 Rob


 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
_
Moe Tavakoli

__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Help!, because Cisco says they can't. Firewall Vlan problem.

[Rob Cabeca]

Thanks for responding. I may not be understnading something here. If the
firewall is on the same subnet and it's inside interface is connected to the
6506, what type of routing statement would it need?

I am able to ping the inside interface of the firewall when the
workstation is assigned to vlan 1 and is using 155.102.127.26 as the default
gateway. once I asign the workstation to another vlan, it can ping
everything in the 155 network EXCEPT for the firewall.

Obviously I am confused.

Thanks for your help. Any further thoughts would be appreciated.
rob

  -Original Message-
  From: Darren Crawford [mailto:[EMAIL PROTECTED]]
  Sent: Friday, March 02, 2001 1211
  To: Nabil Fares; Rob Cabeca; groupstudy
  Subject: RE: Help!, because Cisco says they can't. Firewall  Vlan
problem.


  You should be able to Ping the inside interface of your PIX.  You can not
ping an outside interface.  There must be route statements in your PIX so
that it knows where to send the reply.


  At 08:52 AM 03/02/2001 -0500, Nabil Fares wrote:
  Rob,
  
  By default PIX does not allow pings!  You can have connectivity though it
  but, you can't ping it.  You have to create an access list allowing icmp.
  Of course thing assuming its not a subnetting issue.  Cisco recommends
this
  access-list be used for testing purposes only, remove when done.
  
  HTH,
  
  Nabil
  
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
  Rob Cabeca
  Sent: Thursday, March 01, 2001 9:37 PM
  To: groupstudy
  Subject: Help!, because Cisco says they can't. Firewall  Vlan problem.
  
  
  You guys have always been on target for me. I am hoping you give some
  insight to this. (the following addresses have been slightly altered for
  obvious reasons but they are true to the real ones).
  
  Overview.
  
  I am upgrading a network which has a 155.102.0.0 255.255.0.0 network. It
is
  flat. I have implemented a new IP Scheme  to be used in several VLAN's
and
  am trying to migrate to it. IP range is 10.25.192.0 - 10.25.223.254
broken
  up into several /24's. There are 600 devices. Now to the nitty gritty.
  
  Network Description
  
  The 6506 has seven VLAN's configured as follows:
  VLAN 1 - 10.25.223.2 /24 Primary  155.102.127.26 /16 secondary.
  VLAN 2 - 10.25.215.254 /24
  VLAN 3 - 10.25.216.254 /24
  to -
  VLAN 7 - 10.25.220.254 /24
  
  There are 2 2600's which are routing to an ASP. Their addresses are
router
  A - 10.25.223.3  B - .4 with .5 as HSRP.
  There is a Pix 515 using address 155.102.18.191 Nating to the internet.
  The 2600's have an extended access list on them which directs Port 80
  traffic from the 159.102.x.x network between the ASP WAN and the
internet.
  They are also doing NAT from the ASP to the 155.102.x.x network. 1 class
C
  NAT pool for each router. A- 10.25.213.0 /24, B - 10.25.214.0 /24.
  
  Problem
  
  I cannot ping the firewall interface from the MFSC or the 6506 or from
any
  workstation that is using ANY of the VLAN default gateways. I have full
  connectivity to the asp wan. I have full connectivity to the other
VLAN's.
  When devices use the 2600's HSRP address as default gateway, they have
  access to the firewall, the asp and the VLAN's. I have no access to the
  2600's as they do not belong to us.
  
  I spoke with the Cisco TAC a few times. They gave up and wouldn't
escalate
  it because they could not find our service contract that we purchased.
They
  were anxious to close the case.
  
  The trick to this migration is to maintain connectivity to all devices as
  they are being migrated to the new IP scheme.
  
  I will be very grateful to any serious replies to this situation.
  
  Thanks for your expertise!
  Rob
  
  
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
  
  _
  FAQ, list archives, and subscription info:
  http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

  Darren S. Crawford - CCNA
  Lucent Technologies Worldwide Services
  2377 Gold Meadow WayPhone: (916) 859-5200 x310
  Suite 230   Fax: (916) 859-5201
  Sacramento, CA 95670Pager: (800) 467-1467
  Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED]
  http://www.lucent.com   Network Systems Consultant


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Help!, because Cisco says they can't. Firewall Vlan problem.

[Rob Cabeca]

You guys have always been on target for me. I am hoping you give some
insight to this. (the following addresses have been slightly altered for
obvious reasons but they are true to the real ones).

Overview.

I am upgrading a network which has a 155.102.0.0 255.255.0.0 network. It is
flat. I have implemented a new IP Scheme  to be used in several VLAN's and
am trying to migrate to it. IP range is 10.25.192.0 - 10.25.223.254 broken
up into several /24's. There are 600 devices. Now to the nitty gritty.

Network Description

The 6506 has seven VLAN's configured as follows:
VLAN 1 - 10.25.223.2 /24 Primary  155.102.127.26 /16 secondary.
VLAN 2 - 10.25.215.254 /24
VLAN 3 - 10.25.216.254 /24
to -
VLAN 7 - 10.25.220.254 /24

There are 2 2600's which are routing to an ASP. Their addresses are  router
A - 10.25.223.3  B - .4 with .5 as HSRP.
There is a Pix 515 using address 155.102.18.191 Nating to the internet.
The 2600's have an extended access list on them which directs Port 80
traffic from the 159.102.x.x network between the ASP WAN and the internet.
They are also doing NAT from the ASP to the 155.102.x.x network. 1 class C
NAT pool for each router. A- 10.25.213.0 /24, B - 10.25.214.0 /24.

Problem

I cannot ping the firewall interface from the MFSC or the 6506 or from any
workstation that is using ANY of the VLAN default gateways. I have full
connectivity to the asp wan. I have full connectivity to the other VLAN's.
When devices use the 2600's HSRP address as default gateway, they have
access to the firewall, the asp and the VLAN's. I have no access to the
2600's as they do not belong to us.

I spoke with the Cisco TAC a few times. They gave up and wouldn't escalate
it because they could not find our service contract that we purchased. They
were anxious to close the case.

The trick to this migration is to maintain connectivity to all devices as
they are being migrated to the new IP scheme.

I will be very grateful to any serious replies to this situation.

Thanks for your expertise!
Rob


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: what is the average age of people in this stuff?

[rob]

I bet you know plenty of 40 year olds that are just as smart.  As well 
as those that are 20 and aren't that intelligent.  The age thing, 
although very important on one lever, should not be the determining 
factor.

The excess energy of youth sometimes manifest itself in a way that can 
cause quite a bit of harm to something as delicate as an enterprise 
network.  The reason that some may view your youth as a bad thing is 
that through experience they have seen and in fact have done a few 
things in haste that may have needed a bit more thought.  Being almost 
right can be worst then being absolutely wrong in some instances.  And 
the one thing that age SOMETIMES gives you is patience.

So, use your youth and the knowledge you have.  Let us old folks 
continue to mentor you.  It makes us feel better and will only serve to 
help you in the long run.  ANd it certainly will not help you if you 
continue to push the fact that you know more then we do in our faces. 
We currently have the seats of power.  hang on.  Your turn is coming fast.

Rob

Denis A. Baldwin wrote:

 I find myself in much of the same situation Dale is in.  At 20, I am busting
 with energy most of the time. I know how to fix the problems and I have the
 desire to, but I often get the "you're not old enough and experienced
 enough" excuse from people who haven't seen my work.  A lot of people assume
 that experience and ability comes with age. I agree with that point to a
 degree.  However, I know a lot of teenagers who are brilliant and a lot of
 people in their 40s who don't have sense enough to get out of the rain. :-)
 
 Denis
 
 
 Denis A. Baldwin - Network Administrator
 A+ / Network + / I-Net+ / MCP
 
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Robert Padjen
 Sent: Monday, February 26, 2001 1:17 PM
 To: Dale Frohman; Mel Chandler PMI
 Cc: [EMAIL PROTECTED]
 Subject: RE: what is the average age of people in this stuff?
 
 
 Contrary to Mr. Reagan, sometimes youth is a positive.
 I have two years on Mel, and I'm just finally getting
 out of the 'you're so young...' Govern your enthusiasm
 and impatience in meetings and kick (*$.
 
 
 --- Dale Frohman [EMAIL PROTECTED] wrote:
 
 If they think you are young, they will probably
 think I am still a baby
 being only 19.  I have my CCNA, 1/4 CCNP and
 actively seeking MCSE 2k.  I
 also have an AA degree and also seeking my bachelor
 degree in computer
 science.  I plan on getting my CCIE within the next
 few years.  I have
 worked with an internet company for more than three
 years now.  I have
 been told that I am impatient and immature, but I am
 not one to just sit
 around.  If anyone can help me dispel some of these
 notions I would be
 greatly thankful.  Also if someone veterans can give
 some pointers/tips on
 how to make it in this industry, that would also be
 helpful.  I hope all
 this hard work pays off!
 
 Dale
 
 
 On Mon, 26 Feb 2001, Mel Chandler PMI wrote:
 
 
 I'm 29 and all I ever hear about is how young I am
 
 (I guess youth is
 
 automatically associated with inexperience)  But
 
 I've been around.  I've
 
 done a four year tour in the Navy in the Advanced
 
 Electronics field as a
 
 Sonar Technician on a Submarine.  I've worked for
 
 some fortune 500 companies
 
 like Airtouch, IBM, Boeing, AST, Bergen Brunswick.
 
  I have some certs to
 
 back me up, but no matter what I do, it just never
 
 seems to be enough...  Oh
 
 well, maybe after I have a PhD and CCIE I'll get
 
 someone to listen to me.
 
 Mel L. Chandler, A+, Network+, MCNE, MCP+I, MCSE,
 
 CCNA
 
 [EMAIL PROTECTED]
 Network Analyst
 Information Services
 PMI Delta Dental
 (562) 467-6627
 
 
 -Original Message-
 From: John Hardman
 
 [mailto:[EMAIL PROTECTED]]
 
 Sent: Saturday, February 24, 2001 9:30 AM
 To: [EMAIL PROTECTED]
 Subject: Re: what is the average age of people in
 
 this stuff?
 
 
 LOL!
 
 I am 36, and have the same problem, thank Cisco
 
 that they put a ? in the
 
 IOS.
 
 Don't worry about it, most of the people I work
 
 (worked) with in the network
 
 business are between 20-60 with the majority being
 
 in their 40's.
 
 They say that memory is the first thing to go, I
 
 just wish would have told
 
 my body that!
 
 --
 John Hardman CCNP MCSE+I
 
 
 ""rtc"" [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
 I'm 40--am I getting too old for this stuff?
 
 Cant remember anything worth
 
 a
 
 damn,
 especially the commands nd command syntax
 
 _
 FAQ, list archives, and subscription info:
 
 http://www.groupstudy.com/list/cisco.html
 
 Report misconduct and Nondisclosure violations
 
 to [EMAIL PROTECTED]
 
 
 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to
 
 [EMAIL PROTECTED]
 
 ___

Re: Cisco Product line

[ROB]

For the CCDA, it's not that you need to know exact port densities.  You must know what
product is best suited for what application.  And where in the scheme of the network 
the
product fits.  Be it at the core, distribution, or access layers.

Hunt Lee wrote:

 Does anyone knows what extent of Cisco product line knowledge is
 required for the CCDA exam?  For example:  the number of ports, the
 difference between 3620 and 3640 router etc?  I know a few like 2524,
 1004, 3600 etc... but there are too many to look up.  Any help would be
 greatly appreciated.

 Regards,
 Hunt Lee
 IP Solution Analyst
 Cable and Wireless (Sydney)

 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SAMPLE QUESTIONS FOR CCNA.

[ROB]

http://www.cisco.com/cgi-bin/front.x/wwtraining/colt/ColtLogin.pl

Vishweshwaran wrote:

   WHERE CAN I GET THE SAMPLE QUESTION PAPERS FOR CCNA?

 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Last Nights DC Cisco Meeting

[Rob Montgomery]

Yeah, no doubt.  If they think about it, since CCO gives all the answers to
the exams, aren't they breaking their own agreement?

- Original Message -
From: "William E. Gragido" [EMAIL PROTECTED]
To: "'Ehab Mohamad Abdullah'" [EMAIL PROTECTED]; "'Billy Monroe'"
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, January 28, 2001 6:33 AM
Subject: RE: Last Nights DC Cisco Meeting


 Is that who they are going after?  Certification Zone?  I have been the
 site, and I have not seen anything that really compromises the NDA, in
fact,
 most the papers that are there seem like interpretations of the cisco.com
 site.  That's a shame.  Next it will be Coriolis and Sybex!

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Ehab Mohamad Abdullah
 Sent: Sunday, January 28, 2001 2:44 AM
 To: 'Billy Monroe'
 Cc: '[EMAIL PROTECTED]'
 Subject: RE: Last Nights DC Cisco Meeting


 Hi,

 It is the Certification Zone

 Ehab
 CCNP, ASE, MCSE, CNE
 -Original Message-
 From: Billy Monroe [mailto:[EMAIL PROTECTED]]
 Sent: Sunday, January 28, 2001 11:41 AM
 To: [EMAIL PROTECTED]
 Subject: Re: Last Nights DC Cisco Meeting


 ?

 "Nathan Casassa" [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Think Cisco will get upset if I forward this info on?
 
  To pass the CCIE lab exam you must know this:
 
  "configure terminal"
 
 
 
 
 
  "Christine Johnson, CCNP" wrote:
 
   Last night I attended a meeting where one of the Cisco vice presidents
   stated that Cisco is investing 50 million dollars in protecting the
 Cisco
   CCIE.  They are going after any person that has an NDA agreement and
 posts
   things considered a violation and publishes the information on a
website
 or
   book.  They stated that they were going after a guy named Howard
 Berkowitz
   for having a website that has 168 violations. They are sending him a
 letter
   stating he is no longer certified by Cisco and suing him down to a
   Volkwagen. Does anyone know what website he has?
  
   Christine Johnson, CCNP
  
   ___
   Send a cool gift with your E-Card
   http://www.bluemountain.com/giftcenter/
  
   _
   FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
   Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
  _
  FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
  Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 


 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Certifications on resumes

[Rob]

That sounds like a very good compromise.  I think it is a good way to go.

Craig Columbus wrote:

 I've actually seen more than one post that said CCIE required, CCNA 
 preferred.  Go figure.
 In my experience, CCNP doesn't get a lot of play in HR departments.  HR 
 recognizes CCNA, but doesn't understand CCNP.
 I've also seen a fair number of recruiters/HR confuse CCNA with CNA.
 Bottom line?  I don't put any letters after my name, but I have a 
 certifications section on my resume where I list each certification, spell 
 it out, and put the date achieved...even an HR person should be able to see 
 that the CCNA = Cisco Certified Network Associate, and that it was earned 
 prior to my CCNP.
 
 Craig
 
 At 10:08 AM 1/26/2001 +, you wrote:
 
 Robert,
 You will find that some jobs advertised in a way that they are looking for
 people who are CCNA or CCIE ( so where is CCNP ) . It seems that some
 recruitment agency do not know the difference between CCIE and CCNA. I will
 put it the CCNA somewhere in your resume just to avoid that .
 
 Robert Padjen [EMAIL PROTECTED] wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 
 I was asked an interesting question this morning by a
 friend who just passed their CCNP. Basically they
 wanted to know if they should now remove the CCNA from
 their resume or list both CCNA and CCNP.
 
 I took the position that (as I do) the CCNP implies
 the CCNA, and therefore one would only list their
 'highest' within a track. A number of co-workers said
 no, list it all.
 
 Please chime in with your position - unicast if your
 just sending a vote and multicast if you are raising a
 discussion. Sorry to those who feel this is an
 improper use of the board.
 
 Thanks.
 
 =
 Robert Padjen
 
 __
 Do You Yahoo!?
 Yahoo! Auctions - Buy the things you want at great prices.
 http://auctions.yahoo.com/
 
 _
 FAQ, list archives, and subscription info:
 
 http://www.groupstudy.com/list/cisco.html
 
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
 
 
 _
 FAQ, list archives, and subscription info: 
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 
 
 _
 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Certifications on resumes

[Rob Michel]

It's been my experience that a lot of head hunters and HR have no clue as to
what the job requirments are for certian positions and wouldn't know that a
CCNA is a prerequist for a CCNP. So I would leave it on for that reason,
also if someone does a resume search on monster for CCNA, you want to make
sure that your resume pops up.

- Original Message -
From: "Robert Padjen" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 26, 2001 3:27 AM
Subject: Certifications on resumes


 I was asked an interesting question this morning by a
 friend who just passed their CCNP. Basically they
 wanted to know if they should now remove the CCNA from
 their resume or list both CCNA and CCNP.

 I took the position that (as I do) the CCNP implies
 the CCNA, and therefore one would only list their
 'highest' within a track. A number of co-workers said
 no, list it all.

 Please chime in with your position - unicast if your
 just sending a vote and multicast if you are raising a
 discussion. Sorry to those who feel this is an
 improper use of the board.

 Thanks.

 =
 Robert Padjen

 __
 Do You Yahoo!?
 Yahoo! Auctions - Buy the things you want at great prices.
 http://auctions.yahoo.com/

 _
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]