Re: CCIE#8903 [7:37490]
Great job. Richard Newman, CCIE#8878, CCNP, CCDP ""George Zhang"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > All, > > The title says it all. I took my first attempt at the CCIE lab test > yesterday (March 5) in Halifax and received the "Congratulations on Passing > the CCIE Lab!" this morning. > > I was the only person taking the lab test in Halifax yesterday. I was told > that there was another person scheduled yesterday but did not show up. My > test started about 8:15 AM in the morning. We broke for lunch at about > 12:20PM. By then, I only finished all the IGP stuff and felt some pressure > on time. But I have already reviewed rest of the test and knew that I could > go through the rest quickly. After the 15 min lunch break, I worked through > rest of the test very quickly. By about 3:00 PM, I finished every thing > except one small requirement that I had no clue how to do it. I decided to > skip that item. Then, I started reviewing and checking my config. Along > the way of reviewing/checking, I spotted and fixed a few issues. Just about > the time I finished reviewing every thing, the proctor walked in and told me > that it' time. I looked at the watch. It was 4:30 PM. My proctor was > Steve. Steve is a great proctor. He answered quite a few of my questions > and cleared my mis-understanding and confusion about the requirements of the > test. > > I would like to take this opportunity to thank all people who helped me to > achieve my goal. First, I would like to thank my wife for her support and > understanding. Without her support, there is no way I could achieve my > goal. Next, I will give my thanks to Bruce, Val, and Fred of > NetMasterClass. As I said earlier, the NMC1 class is the most important > part of my final preparation. Thanks to Katie Wong of Cisco who scheduled > me to access the ASET racks. Thats my primary resource for hands-on > practices for the past couple of months. Thanks to Eric Fairfield for > lending me a few routers when I was in Wisconsin. Also thanks to those that > I've either studied with or have helped me one way or another. Thanks also > to Paul for putting this great list together. > > As far as my story, I started my quest of the Cisco certifications a little > over two and half years ago. I got my CCNA and CCNP in the first year. > Three months later, I passed the CCIE written test. I wanted to take the > lab a year ago. However, due to work and personal reasons, I did not get > time to do it until now. Last year, I was too busy to do much study. At > work, as a consultant, I was billing at least 40 hours/week for the whole > year. At home, my second child was born in February, my wife finished > school in July, and we moved to New Jersey from Wisconsin in September. In > October of last year, I foresaw a window of opportunity for me to take the > lab test early this year. Then, I lobbed my manager to let me go to the > ECP1 class. By the time my manager approved my training request, I found > that Mentor Technologies went belly up. However, I learned that Bruce and > Val founded a new company called NetMasterClass, LLC > (www.netmasterclass.net) and offering the NMC1 and NMC2 classes. I > registered and took the NMC1 class by the end January. By the end of last > year, the project I worked on finished. So since the beginning of this year > I got a lot of time to study. For the past couple of months, I have studied > 8-10 hours every day. > > As far as how I prepared, I have read most of the books (Doyle I & II, > Caslow, Halabi, Tam-Nam-Kee, Solie, Satterlee, etc.) recommended by people > on this list. Among this long list of books, the only one I dont like is > Solies book because there are too many errors in the book. There are a few > topics I was more confused after reading the book. I dont have a home lab. > So my primary resource for hands-on practice is remote labs such as Mentor > Technologies vlabs (not available any more), Cisco ASET lab. Because I > dont have a home lab, my preparation included more reading than hands-on > practice. That actually worked out very well for me. Above all, the most > important part of my preparation is the NMC1 class taught by Bruce, Val and > Fred. IF I HAD NOT TAKEN THE NMC1 CLASS, IT PROBABLY WOULD HAVE TAKEN ME > ONE OR TWO MORE ATTEMPTS BEFORE I COULD GET MY NUMBER. There are a lot of > things that just cannot be learned from reading books or practicing. So the > NMC1 class helped me to fill in that gap very well. It also helped me to > access my strength and weakness. So I know what to study on the last few > weeks. I
Re: CCIE #8886 [7:37530]
Great job. Richard Newman, CCIE#8878, CCNP, CCDP ""Zwaanswijk, John"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear all > > At last it is my turn to write this email, I've got my number at my fourth > attemp in Brussel last Monday > I was not a very active member of this group (sorry for that), but I've > learned a lot of things from you all. > I thank you all for the help and the answers you gave me. > My advise for everybody is study and practice as much as you can. > > Good luck for anyone who is going to take his exam in the future > > Regards John Zwaanswijk > CCIE #8886 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37538&t=37530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Well it's my turn...CCIE#8878 [7:37145]
With many hours of reading and hands on, not to mention all the OTJT (sometimes that's the best) I succeeded in passing on my first attempt. Thanks to all those who helped along the way. Richard Newman, CCIE#8878 Alltel Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37145&t=37145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SNA DDR [7:36631]
Sort of. SNA by design is constantly polling the end device. If you are using DLSw in your cloud you can use the local ack feature to keep the polling traffic off the link You can then set your permit-list to have any dlsw traffic activate the link Richard ""Picciani Francesco Saverio"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a SNA PU (a cash of a bank) connected to a router, the router > connected by a ISDN BRI to a romote router and the romote router connected > to a FEP (so to a HOST) by a Token Ring LAN. > > PU-->>Router-->>BRI-->>remote router-->>TR-->>FEP-->>HOST. > > Is possible to permit the comunication beetween the PU and the HOST whit the > ISDN BRI actrive only when thare is traffic?? > > > Thanks > Francesco Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36637&t=36631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Lab this Fri. in RTP [7:36365]
Any last minute study suggestions. I've been through all the FatKid and CCBoot Camp labs twice. There are a couple of areas where I'm shaky which I'll be concentrating on. What should my focus be in this the last few days of studing? Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36365&t=36365 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF and DDR w/area authentication [7:33884]
I'm not discounting a bug. I have submitted a question to the open forum on cco, no responses yet. I know that my config is correct as the ospf neighbors form soon after the isdn link is activated (ie. the keys do match on both sides). The neighbors will stay up, however, the isdn link also stays up. If I filter out 224.0.0.5 from being interesting, something I assumed was done when you code ip ospf demand-circuit, once the isdn link is down, ospf is still sending hello packets, at the dead-interval the neighbors die due to the dead-interval being hit. This is shown in debugs/logs adj-change neighbor down dead interval hit. My understanding of demand-circuit is that there is no dead interval. The hellos should be suppressed. If you issue a show ip ospf interface dialer0, it shows that the hellos are suppressed for 1 neighbor(s). However, if I simply use the dialer-list 1 protocol ip permit the isdn link is brought up by the 224.0.0.5 and stays up. Very strange. I do not have access to an ISDN simuator at my office lab. Hopefully I'll get more time at our local Cisco office. For those with an ISDN simulator see if you can keep you link quiet yet keep your ospf neighbors active over the circuit with area md5 auth. turned on. Richard >>Are you using the simple password authentication or the MD5 authentication? >>I realized that I assumed MD5 in my previous answer. At 02:20 PM 2/1/02, Richard Newman wrote: >Thanks for all the replies. No clear answer yet. I do know for a fact due to >debugs that there is a periodic key exchange sequence. The debug would show >as OSPF: Send with youngest Key 1. The traffic would come across as >224.0.0.5. That's just a hello. With MD5, the key is used to create the message digest added to the hello. I agree with Peter that it might be a bug (if you're using MD5). If you're not using MD5, this may be normal behavior? But you should use MD5. The other method sends the password as clear text. It's useless as far as security is concerned. Priscilla >The only difference between the demand-circuit peers staying up >or being terminated is no authentication versus authentication. And actually >the area number doesn't matter. Also be aware, I found this out the hard >way, that you can actually have blank spaces after your key value which will >not be visible. This cost me hours of trouble shooting until I deleted and >readded my key statements. Ooops. > >Richard > > >""Richard Newman"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi all. > > I was working on a lab with an ISDN link between two of my OSPF routers. >The > > link would come up if the Frame cloud went away. Normal stuff link would >be > > initiated as usual. However, since area 0 had authentication turned on > > broadcasts from 224.0.0.5 kept the isdn link up all the time. If I >filtered > > out the 224.0.0.5 from being interesting the ospf neighbors would get > > terminated at the dead interval. When I turn off authen. from area 0 all > > worked as normal. > > > > Is this a normal occurrance? When area authentication is turned on do the > > key exchanges still happen even over a demand-circuit? > > > > Thanks... > > Richard Newman Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34367&t=33884 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF and DDR w/area authentication [7:33884]
Thanks for all the replies. No clear answer yet. I do know for a fact due to debugs that there is a periodic key exchange sequence. The debug would show as OSPF: Send with youngest Key 1. The traffic would come across as 224.0.0.5. The only difference between the demand-circuit peers staying up or being terminated is no authentication versus authentication. And actually the area number doesn't matter. Also be aware, I found this out the hard way, that you can actually have blank spaces after your key value which will not be visible. This cost me hours of trouble shooting until I deleted and readded my key statements. Ooops. Richard ""Richard Newman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all. > I was working on a lab with an ISDN link between two of my OSPF routers. The > link would come up if the Frame cloud went away. Normal stuff link would be > initiated as usual. However, since area 0 had authentication turned on > broadcasts from 224.0.0.5 kept the isdn link up all the time. If I filtered > out the 224.0.0.5 from being interesting the ospf neighbors would get > terminated at the dead interval. When I turn off authen. from area 0 all > worked as normal. > > Is this a normal occurrance? When area authentication is turned on do the > key exchanges still happen even over a demand-circuit? > > Thanks... > Richard Newman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34103&t=33884 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF and DDR w/area authentication [7:33884]
Hi all. I was working on a lab with an ISDN link between two of my OSPF routers. The link would come up if the Frame cloud went away. Normal stuff link would be initiated as usual. However, since area 0 had authentication turned on broadcasts from 224.0.0.5 kept the isdn link up all the time. If I filtered out the 224.0.0.5 from being interesting the ospf neighbors would get terminated at the dead interval. When I turn off authen. from area 0 all worked as normal. Is this a normal occurrance? When area authentication is turned on do the key exchanges still happen even over a demand-circuit? Thanks... Richard Newman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33884&t=33884 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Neighbor commands...Yes or No?? [7:33486]
As mentioned earlier layer 2 to layer 3 mappings (ie frame route) needs to be differiented from the routing process. Just because you can ping one of the spoke routers doesn't mean an OSPF neighbor will form, with or without frame maps or using inverse-arp. Again without giving away the answer look carefully at how OSPF operates in its different modes and what modes are in use on each type of interface (ie. Broadcast, NON-Broadcast, Point-to-Point and Point-to-Mulitpoint). Hope this helps. Richard ""Cisco Nuts"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello, > Would someone clarify this for me as I am getting very confused :-( > In a Frame-Relay hub-and-spoke config. using physical interfaces and > frame-relay map statements at the spokes and using OSPF, do we need to > configure neighbor commands? Yes or No? > From what I understand, OSPF works in a Non-Broadcast mode by default and > neighbor commands are only needed if not a full-mesh. In this case, will the > frame-relay map commands suffice to get from one spoke to another thru the > hub router? > Thank you. > > > _ > MSN Photos is the easiest way to share and print your photos: > http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33501&t=33486 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Study Group in Jacksonville, Fl. [7:32705]
Anyone in the Jax. Fl area interested in getting to gether to study for the lab? Richard Newman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32705&t=32705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Accounting on RADIUS [7:27271]
Mohamed, Did you configure a radius server. You also need to verify the key in your radius config and the router. They have to match. Richard ""Mohamed el-Komy"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi all, > > Can I apply accounting service with no authentication done?? i.e I want > dialup users to login on my network without any authentication and then > start accounting them. How this can be done?? > > I try the following and it works: > > aaa authentication ppp default none > aaa accounting network default start-stop group radius > > Are there any better ideas??? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27345&t=27271 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Routing problem !!! [7:26196]
Hamid, Try adding your route-map to the main FastEthernet0/0 as well as the sub interface. -Richard ""Hamid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi , > > I want to make a policy routing on one of Interfaces, and I have defined a > route-map for it:( IP addresses are changed) > > ! > route-map TEST permit 2 > match ip address 133 > set interface tunnel 0 > ! > access-list 133 permit ip 192.168.100.0 0.0.0.255 any > access-list 134 deny ip 192.168.100.0 0.0.0.255 any > access-list 134 prmit ip any any > ! > interface fastethernet0/0.7 > ip address 192.168.100.1 255.255.255.0 > ip policy route-map TEST > encapsulation isl 7 > ! > ip route 0.0.0.0 0.0.0.0 serial 4/0 > -- > The problem is that policy routing dosn't work at all. The packets are not > routed to the tunnel interface at all, instead they are routed through the > default route (serial 4/0). First I thought the problem is with the > access-list, so I applied the 134 access-list for outbound traffic on my > sreial interfaces, THE PACKETS MATCHED THE ACCESS-LIST AND GOT DROPPED. > > I don't what causes the problem, is it an IOS bug or I am doing something > wrong. > > Any input would be appreciated, > > Thanks > Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26213&t=26196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange Routing problem !!! [7:26196]
Hamid, Are you sourcing your traffic from the router? By default any traffic sourced from the router will not be policy routed. You need to add a IP LOCAL POLICY ROUTE-MAP routemap. Hope this helps. -Richard Newman ""Hamid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi , > > I want to make a policy routing on one of Interfaces, and I have defined a > route-map for it:( IP addresses are changed) > > ! > route-map TEST permit 2 > match ip address 133 > set interface tunnel 0 > ! > access-list 133 permit ip 192.168.100.0 0.0.0.255 any > access-list 134 deny ip 192.168.100.0 0.0.0.255 any > access-list 134 prmit ip any any > ! > interface fastethernet0/0.7 > ip address 192.168.100.1 255.255.255.0 > ip policy route-map TEST > encapsulation isl 7 > ! > ip route 0.0.0.0 0.0.0.0 serial 4/0 > -- > The problem is that policy routing dosn't work at all. The packets are not > routed to the tunnel interface at all, instead they are routed through the > default route (serial 4/0). First I thought the problem is with the > access-list, so I applied the 134 access-list for outbound traffic on my > sreial interfaces, THE PACKETS MATCHED THE ACCESS-LIST AND GOT DROPPED. > > I don't what causes the problem, is it an IOS bug or I am doing something > wrong. > > Any input would be appreciated, > > Thanks > Hamid Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26211&t=26196 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AAA Accounting w/Radius? [7:26119]
Here is the logon, a wr t, a sh int and the logoff. Debug aaa accounting and Debug Radius were turned on. -Richard Nov 14 07:26:56: RADIUS: Initial Transmit id 7 192.168.0.100:1645, Access-Reques t, len 78 Nov 14 07:26:56: Attribute 4 6 C0A8001E Nov 14 07:26:56: Attribute 5 6 000C Nov 14 07:26:56: Attribute 61 6 0005 Nov 14 07:26:56: Attribute 1 8 7473 Nov 14 07:26:56: Attribute 31 14 3139322E Nov 14 07:26:56: Attribute 2 18 F5AC1FA2 Nov 14 07:26:56: RADIUS: Received from id 7 192.168.0.100:1645, Access-Accept, l en 26 Nov 14 07:26:56: Attribute 6 6 0006 Nov 14 07:26:57: RADIUS: saved authorization data for user 2C2EDC at 2C348C Nov 14 07:27:12: AAA/ACCT: Command Accounting. User ts3351, Port tty12, Priv 15: "write terminal " Nov 14 07:27:12: RADIUS: unsupported accounting type 3 for user "ts3351" Nov 14 07:27:21: AAA/ACCT: Command Accounting. User ts3351, Port tty12, Priv 1: "show interfaces " Nov 14 07:27:21: RADIUS: unsupported accounting type 3 for user "ts3351" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26209&t=26119 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AAA Accounting w/Radius? [7:26119]
After turning on debug radius I get the following error when the router attempts to send accounting information: RADIUS: unsupported accounting type 3 for user xx So does this mean I have a configuration problem in my users file for my radius server? -Richard Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26144&t=26119 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AAA Accounting w/Radius? [7:26119]
I am sure then that I am missing some configuration parm then. I have several routers running IOS 11.2, 12.0 and 12.2. The router in question is running IOS 12.0(19). Here is my router config at the end. I know that my radius server (FreeRadius v0.3) is accepting accounting infomation because in the detail file my logon and logoff entries are being written. However, no other accounting records are being written. What else am I missing? Thanks Richard Newman Current configuration: ! ! Last configuration change at 10:48:15 EST Tue Nov 13 2001 by ts3351 ! version 12.0 service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption ! hostname Router-4 ! no logging console aaa new-model aaa authentication login use-radius radius enable aaa authorization exec use-radius radius if-authenticated aaa authorization network use-radius radius if-authenticated aaa accounting send stop-record authentication failure aaa accounting exec use-radius start-stop radius aaa accounting commands 0 use-radius stop-only radius aaa accounting commands 1 use-radius stop-only radius aaa accounting commands 2 use-radius stop-only radius aaa accounting commands 3 use-radius stop-only radius aaa accounting commands 4 use-radius stop-only radius aaa accounting commands 5 use-radius stop-only radius aaa accounting commands 6 use-radius stop-only radius aaa accounting commands 7 use-radius stop-only radius aaa accounting commands 8 use-radius stop-only radius aaa accounting commands 9 use-radius stop-only radius aaa accounting commands 10 use-radius stop-only radius aaa accounting commands 11 use-radius stop-only radius aaa accounting commands 12 use-radius stop-only radius aaa accounting commands 13 use-radius stop-only radius aaa accounting commands 14 use-radius stop-only radius aaa accounting commands 15 use-radius stop-only radius aaa accounting network use-radius start-stop radius aaa accounting connection use-radius start-stop radius aaa accounting system default start-stop radius aaa nas port extended enable secret 5 $1$tp1Z$JBy9IWpHELV31MBJJcwBs1 ! memory-size iomem 10 ip subnet-zero no ip domain-lookup frame-relay switching ! ! ! (snip) ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ! logging history emergencies logging trap debugging logging source-interface Ethernet0/0 logging 192.168.100.100 ! radius-server host 192.168.0.100 auth-port 1645 acct-port 1646 radius-server key router radius-server vsa send accounting radius-server vsa send authentication ! line con 0 exec-timeout 0 0 transport input none line aux 0 line vty 0 4 exec-timeout 0 0 accounting connection use-radius accounting commands 0 use-radius accounting commands 1 use-radius accounting commands 2 use-radius accounting commands 3 use-radius accounting commands 4 use-radius accounting commands 5 use-radius accounting commands 6 use-radius accounting commands 7 use-radius accounting commands 8 use-radius accounting commands 9 use-radius accounting commands 10 use-radius accounting commands 11 use-radius accounting commands 12 use-radius accounting commands 13 use-radius accounting commands 14 use-radius accounting commands 15 use-radius accounting exec use-radius login authentication use-radius ! ntp clock-period 17208186 ntp server 192.168.100.100 source Ethernet0/0 end ""Richard Newman"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Is it still true that Cisco does not support AAA accounting under Radius? I > have set up a radius server and one of my routers to authenticate to it. > This works fine, however, there are no accounting records being sent from > the router I have configured > aaa accounting commands 0 use-radius stop-only radius > ... > aaa accounting commands 15 use-radius stop-only radius > A debug of aaa accounting does show aaa records being cut by the router for > all the commands executed on the router, but nothing to the radius server. > > Thanks... > Richard Newman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26126&t=26119 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AAA Accounting w/Radius? [7:26119]
Is it still true that Cisco does not support AAA accounting under Radius? I have set up a radius server and one of my routers to authenticate to it. This works fine, however, there are no accounting records being sent from the router I have configured aaa accounting commands 0 use-radius stop-only radius ... aaa accounting commands 15 use-radius stop-only radius A debug of aaa accounting does show aaa records being cut by the router for all the commands executed on the router, but nothing to the radius server. Thanks... Richard Newman Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26119&t=26119 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]