Re: Layer 3 switching [7:63304]

[Robert Edmonds]

I'm fairly certain the answer to your first question is no, the switch will
not be intelligent enough to switch it to the appropriate port
automatically.  The reason is that the switch must go through a layer 3
device to get from one VLAN (aka IP subnet) to another.  I don't think this
is a real issue since the rest of the traffic is switched at wire speed,
introducing very little (almost no) latency.  There are however switches on
the market, even by Cisco that will do this.  Any layer 3 switch will do.
For example, the Cisco 2948G-L3 switch.  Check out their website under
"Products and Technologies" for more information.


""Han Chuan Alex Ang""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> hi, I am trying to have a clearer picture of the layer 3 switching
>
> concept.
>
> Assuming that I have a Core Catalyst 6 series switch with layer 3
>
> switching capabilities, I have a Access layer switch connected to the
>
> core with two port label Vlan 1 subnet 1 and Vlan 2 subnet 2,
>
> when frames is sent from from Vlan 1 to Vlan 2 on the same Access
>
> switch, my understanding is that for layer 3 switching , it will
>
> evoke a route one and switch the rest concept , my question is that,
>
> after the first route , if no Access list has been created, will the
>
> the Access switch be smart enough to perform internal
>
> switching, that is , frame direct from Vlan 1 to Vlan 2 internally
>
> within the Access switch. If the answer is no, Are there switches on
>
> the market that is routing by this concept, please advice ,
>
> thanks to all the guys who have tried to entertain all my questions




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63312&t=63304
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX enable SYN Floodguard by default on outer int? [7:63314]

[Robert Edmonds]

Check the following link and see if it has the answer to your question:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration
_guide_chapter09186a008008d313.html


""Richard Campbell""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi..  Group,
>
> May I know whether the SYN Floodguard is enabled on PIX outside interface
or
> I have to manually enable by the following command
>
> PIX(config)#nat (outside) 1 0.0.0.0 0.0.0.0 8000 8000
>
> Is the command correct? assuming my nat_id is 1.
>
> Thanks a lot
>
>
>
>
>
>
>
> _
> Add photos to your messages with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63314&t=63314
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN Client help!! [7:63333]

[Robert Edmonds]

Don't quote me, but I do believe the access list is necessary as it actually
tells the router which traffic to encrypt.  PERMIT =ENCRYPT and DENY=DON'T
ENCRYPT.

I think the following Cisco link may help answer your question best.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt4/scdipsec.htm#37434

""Antero Vasconcelos""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> I have a router connected to internet and remote clients with VPN-Client
> 1.1. They need to browse the networkview some hosts and access to some
> network services.
>
> the service don't work until I configure the access-list in the interface
>
> interface Serial0.80 point-to-point
>  description  Ligacao para VPNs sobre internet ***
>  bandwidth 192
>  ip address xxx.xxx.xxx.210 255.255.255.252
>  ip access-group 180 in
>  no ip route-cache
>  no ip mroute-cache
>  no cdp enable
>  frame-relay interface-dlci 80
>   class net-112k
>  crypto map mymap
>
> access-list 180 permit ahp any host xxx.xxx.xxx.210
> access-list 180 permit esp any host xxx.xxx.xxx.210
> access-list 180 permit udp any host xxx.xxx.xxx.210 eq isakmp
> access-list 180 permit tcp any host 192.168.0.2 eq 137
> access-list 180 permit tcp any host 192.168.0.2 eq 138
> access-list 180 permit tcp any host 192.168.0.2 eq 139
> access-list 180 permit udp any host 192.168.0.2 eq netbios-ss
> access-list 180 permit udp any host 192.168.0.2 eq netbios-dgm
> access-list 180 permit udp any host 192.168.0.2 eq netbios-ns
> access-list 180 permit tcp any host 192.168.0.4 eq 137
> access-list 180 permit tcp any host 192.168.0.4 eq 138
> access-list 180 permit tcp any host 192.168.0.4 eq 139
> access-list 180 permit udp any host 192.168.0.4 eq netbios-ss
> access-list 180 permit udp any host 192.168.0.4 eq netbios-dgm
> access-list 180 permit udp any host 192.168.0.4 eq netbios-ns
> access-list 180 deny   ip any any log
>
> Isthis necessary, or i miss something
>
>
>
> Thx in advance.
> Antero Vasconcelos




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63353&t=6
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VLAN routing [7:63412]

[Robert Edmonds]

By default a trunk port will carry all VLANs, which it will need to do in
the setup you have illustrated.  If you prune the other VLANs at the second
switch, the users in VLANs 3 and 4 on the third switch will be cut off.

""Happy World""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All,
>
> I am new newbie in VLAN routing and don't have enough equipments to test
> myself. If I have the following setup. The tagged port 1 need include vlan
> 1,2,3,4 or simply include vlan 1,2 to make all 4 VLANs routable? Similiar
in
> tagged port2, include 1,2,3,4 or 3,4 only?
>
>
> Layer3 switch
>  /\
> /  \
> tagged port1  tagged port2
>/\
>   /  \
>   Layer2 switchLayer2 switch
>   /\ /   \
>vlan1 vlan2 vlan3vlan4
>
> Thanks in advance.
>
> rgds,
> Happy World




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63422&t=63412
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: layer 3 switch [7:63407]

[Robert Edmonds]

Just set the 3550 as a VTP client in your current domain and it will just be
a layer 2 device.  Or order it with the SMI software load rather than the
EMI.

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello All:
>
> Question - By default, out of the box, will a L3 switch simply act as a L2
> switch?
>
> I am planning to purchase a Cisco 3550-12G, along with other fiber gigabit
> ready L2 switches for a LAN upgrade. The current LAN is one huge flat
> network with a mixture of hubs and switches. I plan to install the 3550
and
> use it simply as a device to connect the different areas. I do not want
the
> 3550 to act as a L3 switch to start. Is it possible to install this switch
> and have it act as a L2 device. I would then later start segmenting and
> enabling the L3 functions of the 3550.
>
> Any other suggested implementation methods?
>
> This goes along well with my current CCNP switching exam studies, nothing
> like a little OJT.
>
> Thanks,
> Tim
>
>
>
>
>
>
> Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information
intended
> only for the use of the specific individual or entity named above. If you
or
> your employer is not the intended recipient of this e-mail or an employee
or
> agent responsible for delivering it to the intended recipient, you are
> hereby notified that any unauthorized dissemination or copying of this
> e-mail is strictly prohibited. If you have received this transmission in
> error, please immediately delete the message and advise the above by
> telephone, email or fax response to this message.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63420&t=63407
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco 2950 and trunk negotiation [7:63466]

[Robert Edmonds]

The reason that the 2950's do not support ISL trunking is that Cisco is
gradually moving towards supporting the major standards more and proprietary
standards less.  As part of this plan they are beginning to make switches
that only support dot1q trunking.  At least that's what a TAC engineer told
me.  However, this brought up the question, "What about EIGRP?"  He assured
me that some of the proprietary stuff like EIGRP, where there is a real
tangible benefit to using it, will stay.

Robert

""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
>
> Any one else noticed that on the 2950, and I guessing other catalyst low
end
> switch's, that one cant define the encapsulation of the trunk link. Yes it
> will auto negotiate, however I feel that control has been pulled away from
> me. I also dont like on the 4006, that you can only define this same
setting
> (if you have a GBIC Module) for the first 2 GBIC ports. The rest of the
> ports default to dot1q. Thankfully I use this, but I am betting that there
> are the odd people out there who may use ISL...
>
> Can some one tell me, is possible, how to define what type of trunk I wish
> to use on the 2950 using IOS 12.1(11)
>
> Thanks all
>
> John
> (please correct where I am wrong)
>
>
> **
>
> visit http://www.solution6.com
>
> UK Customers - http://www.solution6.co.uk
>
> **
>
> The Solution 6 Head Office and NSW Branch has moved premises.
> Please make sure you have updated your records with our new details.
>
> Level 14, 383 Kent Street, Sydney NSW 2000.
>
> General Phone: 61 2 9278 0666
>
> General Fax: 61 2 9278 0555
>
> **
>
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
>
> *




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63509&t=63466
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: L3 Switching Huh???? [7:63728]

[Robert Edmonds]

Layer 3 switching combines the best of switching and routing in one
platform.  The main advantage here is speed.  The way it works is, in a
switch you have some kind of layer 3 routing engine (aka route processor, or
RP).  For example, the MSFC2 (Multilayer Switch Feature Card 2) is one of
the options available for the Cisco 6500 (and a couple of others, I think)
switches.  When the switch receives a packet bound for a different VLAN, it
sends it to the RP.  The RP makes the routing decision and puts an entry in
the route cache for the switch.  The first packet in a flow is routed and
the rest are switched at wire speed, hence the increase in speed.  That's
kind of a simplified view, but I think it gets the general idea across.  So,
layer 3 switching is both routing and switching, but faster (usually,
anyway).

""DeVoe, Charles (PKI)""  wrote in message
news:[EMAIL PROTECTED]
> I am under the impression that switching is a layer 2 function and that
> routing is a layer 3 function.  I have seen several discussions talking
> about layer 3 switching.  Could someone explain this to me?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63738&t=63728
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: new access list problem [7:63715]

[Robert Edmonds]

Couldn't you just use the wildcard mask 0.0.4.255 to deny 192.17.73.0 -
192.17.77.0?  I used the Boson wildcard mask calculator to check this, and
it gave me those networks.

""Andrew Larkins""  wrote in message
news:[EMAIL PROTECTED]
> the first access-list will not work.
> The second one will also deny networks 192.17.72.0 and 78.0 as well as
79.0
> -
> You are correct about zeros must make at 1's are don't care, but you need
to
> understand the basic of subnetting. A 248.0 subnet mask means 8 "Class C"
> subnets. You have to start at a valid network address which in this case
is
> 192.17.72.0
>
> Router(config)#access-list 11 deny 192.17.73.0 0.0.7.255
> Router#sho access-list 11
> Standard IP access list 11
> deny   192.17.72.0, wildcard bits 0.0.7.255
>
>
> Notice that it fixes your mistake for you.
>
> Regards
>
> Andrew
> CCNP, CCDP, CSS1
>
> -Original Message-
> From: Jason Steig [mailto:[EMAIL PROTECTED]
> Sent: 25 February 2003 16:26
> To: [EMAIL PROTECTED]
> Subject: new access list problem [7:63715]
>
>
> Hello i networks 192.17.73.0 - 192.17.77.0
>
> is there anyway to deny these networks with one entry in an access list?
>
>
> such as deny 192.17.73.0 0.0.248.255?
>
> is this going to deny these networks?  it's also going to black hole
several
> other networks though.  Or does the list have to be
>
> deny 192.17.73.0 0.0.7.255 ?
>
> i thought zeros must match and ones we don't care.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63742&t=63715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: new access list problem [7:63715]

[Robert Edmonds]

I replied earlier, but it didn't seem to come through.  Anyway, you should
use the wildcard mask 0.0.4.255.  That will match the addresses
192.17.73.0 - 192.172.77.255, which I think is what you want.  In case you
don't already have it, download Boson's free wildcard mask calculator at the
following link.

http://www.boson.com/promo/utilities/wildcard/wildcard.htm

Hope that helps.

Robert

""Jason Steig""  wrote in message
news:[EMAIL PROTECTED]
> Hello i networks 192.17.73.0 - 192.17.77.0
>
> is there anyway to deny these networks with one entry in an access list?
>
>
> such as deny 192.17.73.0 0.0.248.255?
>
> is this going to deny these networks?  it's also going to black hole
several
> other networks though.  Or does the list have to be
>
> deny 192.17.73.0 0.0.7.255 ?
>
> i thought zeros must match and ones we don't care.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63758&t=63715
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN client conflict [7:63951]

[Robert Edmonds]

I'm not sure what the actual cause or fix is, but I had the same problem.  I
ended up uninstalling the AT&T client to get it to work.

""supernet""  wrote in message
news:[EMAIL PROTECTED]
> I have AT&T VPN client on my laptop. It stopped working after I
> installed Cisco VPN client. Is there any conflict between them? Is there
> a work around? Thanks. Yoshi.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=63989&t=63951
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Silly EIGRP question [7:64259]

[Robert Edmonds]

If show ip eigrp doesn't give
you what you're looking for, I think you're going to have to break down and
use debug.  If I'm wrong, I'm sure someone will correct me.


""Michael Williams""  wrote in message
news:[EMAIL PROTECTED]
> I know this question sounds silly, but I can't for the life of me figure
out
> how to do this:
>
> Short of debugging, how can I tell the last EIGRP update that was received
> on a router, from what neighbor that update came, and for what network(s)
it
> updated?
>
> I know I can 'sh ip prot' and see when the last update was, but this isn't
> what I'm looking for.
>
> TIA,
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64271&t=64259
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT on Cisco Catalyst 3550 [7:64239]

[Robert Edmonds]

I checked the Network Address Translation Catalyst Switch Support Matrix on
Cisco's website and confirmed that the 3550 does not support NAT.

""Michael Williams""  wrote in message
news:[EMAIL PROTECTED]
> I don't believe the 3550 supports NAT.  There was a recent discussion
about
> this on the IE mailing list, and the conclusion was that the 3550 doesn't
> support NAT.
>
> There are some debug commands relating to NAT, but it seems to be part of
> the clustering.
>
> Mike W.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64272&t=64239
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: default router for 2950 switch [7:64489]

[Robert Edmonds]

I believe the command you are looking for is "ip default-gateway .
Since the 2950 is an IOS based switch, the set commands don't apply here.


""J. Johnson""  wrote in message
news:[EMAIL PROTECTED]
> All,
>
> Is there a way to set a default router for a 2950 switch?  Apparently
other
> 2900 switches have the "set ip route default GATEWAYADDR" command (see
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2900/cgcr29k/index.ht
m
> - thanks, Priscilla) but not, as far as I can tell, on the 2950 (see
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12112cea/2950cr)
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: to the moderator [7:65037]

[Robert Edmonds]

Well, I would like to take this opportunity to thank Paul then.  I have
learned a lot just reading the interesting posts here.  In fact, I keep a
document of any particularly good tips for future reference.  I would also
like to thank a couple of the most active folks here, like Larry and
Priscilla for sharing their obvious experience.  This free site helps make
my (and I'm quite sure, other folks') job a lot easier.

Robert

""John Neiberger""  wrote in message
news:[EMAIL PROTECTED]
> >just wondering who is the moderator here?
> >yesterday i could send messages ok, now, i can't, can u tell what you
> >changed? and if so the reasons that made you do so?
>
> Paul, the list owner and operator, was working on a problem with the
> GroupStudy email system most of yesterday.  It appears that it has been
> fixed.
>
> To answer your first question, there are actually several participants
> that act as moderators but we don't have any control over the actual
> operation of the system.  Paul is the owner/operator and is also who we
> should thank for GroupStudy even being in existence.  I mention that
> because he doesn't get nearly the credit he deserves for the amount of
> work he puts into a FREE site.  :-)
>
> Regards,
> John
> One of several possible moderators




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65121&t=65037
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT: Linux recommendations [7:65671]

[Robert Edmonds]

I know this is the Cisco forum, but I know many of you folks use Linux on
your networks, so I am asking for your recommendations.

I have a Cisco network with a PIX firewall in place.  I would like, if
possible, to put a Linux server on the network to act as a proxy
server/internet monitoring computer.  My goal is to dump the log files into
something like MS Access and be able to run reports off of it based on
user/computer name.  I would prefer free, but inexpensive is good too.  Does
anyone do anything like this on their network?  If so, I am open to
suggestions.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65671&t=65671
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Finding device on network via cisco switch [7:65670]

[Robert Edmonds]

Start at your core and work your way out.  For example, if you have a core
switch connected to other switches at the distribution or accesss layers via
trunks, do a show mac-address-table (or show cam dynamic for CatOS switches)
and see which trunk port it is coming from.  Then go to the next switch and
do the same thing.  Eventually you will get to the switch to which it is
directly connected and get the actual port.
Of course, if you are using VLANs or otherwise subnetting your network, you
can narrow down your search quite a bit by only searching switches that
carry that VLAN.

""David Ristau""  wrote in message
news:[EMAIL PROTECTED]
> given an IP address and a MAC address, how can I use my cisco switch to
> identify which port an unknown device is attached to ?
>
> can I view the switching table cache entries ?
>
> I've got an IP device on the network and nobody seems to know where it is.
> heh!
>
> given a catalyst 3500XL running ios v 12.0
>
> thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65679&t=65670
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Open http: traffic on firewall... [7:65755]

[Robert Edmonds]

First, you need to define your inside and outside interfaces for NAT.
Usually, the interface where your webserver is connected will be defined as
inside and all others are outside.  This would look something like this,
assuming your web server is on interface ethernet 0:

interface ethernet 0
 ip address 2.2.2.1 255.255.255.240
 ip nat inside
interface serial 0 (or interface serial 0.1 for frame relay subinterface,
depending on your setup)
 ip nat outside

Next, you'll need to define a static translation between your web server and
your outside IP addresses assigned by your ISP.  I will use 10.0.0.1 to
represent your web server address and 2.2.2.2 for your ISP assigned address.

ip nat inside source static 10.0.0.1 2.2.2.2

Or, if you want to get fancy and do PAT:

ip nat inside source static tcp 10.0.0.1 80 2.2.2.2 80 extendable

Next, tell your router to send all traffic destined for 2.2.2.2 (the outside
address of your web server) to the proper interface.

ip route 2.2.2.2 255.255.255.255 ethernet 0

Your setup may demand something a little different, but in general I think
this should get you started.

Robert


""SMAN""  wrote in message
news:[EMAIL PROTECTED]
> I have a cisco 2611 router/firewall that I need to open up for http:
> traffic.  I need to configure NAT to point to the static IP on the web
> server.  How do I do this?  What are the specifics?
>
> Thanks
>
> Ken




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65763&t=65755
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Difference on L3 switching of Cat4500 and Cat6500? [7:65832]

[Robert Edmonds]

Actually, Multiprotocol Label Switch is MPLS.  MLS is MultiLayer Switching.
This refers to a switch that can do not noly what Kiran said about L3
switching, but can make forwarding decisions based on higher level
protocols, such as tcp, udp, etc.


""Kirankumar Patel""  wrote in message
news:[EMAIL PROTECTED]
> Dear
>
> L3 switching is nothing but switch acting as a router.
>
> MLS -- Multiprotocol Label Switch -- Can enables routers to make
forwarding
> decisions based on short labels, thereby avoiding the complex
> packet-by-packet look-ups used in conventional routing.
>
> With MLS, can run faster then ATM switch.
>
> Regards,
>
> Kiran
>
>
> >From: "Neil Arlante"
> >Reply-To: "Neil Arlante"
> >To: [EMAIL PROTECTED]
> >Subject: Difference on L3 switching of Cat4500 and Cat6500? [7:65802]
> >Date: Thu, 20 Mar 2003 02:56:26 GMT
> >
> >Hi group,
> >
> >What is the difference between L3 switching capabilities of 4500 and
6500?
> >Catalyst 4500 docs mentioned it support L3 switching, but not MLS. What
is
> >the
> >main difference between L3 switching of 4500 and MLS of 6500?
> >
> >TIA
> _
> Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/
> News, Views and Match Reports.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=65832&t=65832
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IGRP Metric calculation [7:66062]

[Robert Edmonds]

Try the following Cisco link on IGRP metrics:

http://www.cisco.com/en/US/tech/tk826/tk365/technologies_tech_note09186a0080
09405c.shtml


""Tim Champion""  wrote in message
news:[EMAIL PROTECTED]
> When calculating the metric of an IGRP route (with non-default 'K' values)
> which load and reliability values does one use? Do you use the highest,
> lowest or average value for the entire route?
>
> Also if anyone could point me to a document on the above it would be
> appreciated.
>
>
> Many thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66067&t=66062
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Redistribution question [7:66071]

[Robert Edmonds]

I have a network with approximately 20 VLANs, running EIGRP as my routing
protocol.  One of my VLANs, VLAN12, runs RIP for connectivity to another
organization.  The others do not need to receive RIP updates.  So, the
solution I came up with is to make the other 19 VLANs passive interfaces so
that RIP updates are not sent out interfaces that do not have any RIP
routers.  I also have 3 VLANs where I only need a static route, so I have
added those as passive interfaces for EIGRP too.  My question is:  is this
the most efficient way to do it?
I imagine that in a very large network, adding every single interface as a
passive interface would get old rather quickly.  Any suggestions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66071&t=66071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Redistribution question [7:66071]

[Robert Edmonds]

Thanks a lot Daniel.  That was exactly the type of solution I was looking
for.

Robert

""Daniel Cotts""  wrote in message
news:[EMAIL PROTECTED]
> Try
> passive-interface default
> no passive-interface s0 (or whatever)
> Works for EIGRP. Not sure about RIP.
>
>
> > -Original Message-
> > From: Robert Edmonds [mailto:[EMAIL PROTECTED]
> > Sent: Monday, March 24, 2003 9:51 AM
> > To: [EMAIL PROTECTED]
> > Subject: Redistribution question [7:66071]
> >
> >
> > I have a network with approximately 20 VLANs, running EIGRP
> > as my routing
> > protocol.  One of my VLANs, VLAN12, runs RIP for connectivity
> > to another
> > organization.  The others do not need to receive RIP updates.  So, the
> > solution I came up with is to make the other 19 VLANs passive
> > interfaces so
> > that RIP updates are not sent out interfaces that do not have any RIP
> > routers.  I also have 3 VLANs where I only need a static
> > route, so I have
> > added those as passive interfaces for EIGRP too.  My question
> > is:  is this
> > the most efficient way to do it?
> > I imagine that in a very large network, adding every single
> > interface as a
> > passive interface would get old rather quickly.  Any suggestions?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66207&t=66071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: regulations [7:66267]

[Robert Edmonds]

I can't help too much with the banks, but I used to run the network for
hospital and supported several doctor's offices that used our network.  The
main thing you need to worry about there is that you meet the requirements
outlined in the HIPAA (Health Insurance Portability and Accountability Act
of 1996) regulations.  I hope you're up for some dry reading.  However, this
has been going on for quite a while, so they will be well aware of at least
the general ramifications.

www.wedi.org/snip

That should get you started.  It has plenty of information and links to
other sites.


""Stull, Cory""  wrote in message
news:[EMAIL PROTECTED]
> Where could I go to find information on network security regulations for
> banks and medical offices?.  Information on firewalls and rules they have
to
> abide by and that sort of thing?
>
> Thanks
>
> God Bless our troops.
>
> Cory Stull
> CCNP,CCDP,MCSE4/2k
> Communications Concepts Unlimited
> 262-814-7214




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66275&t=66267
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Layer 3 and 2 question. [7:69576]

[Robert Edmonds]

I'm not sure I understand the question correctly, but I do know that it is
never a good idea to duplicate IP addresses on your network.  This can only
lead to trouble.  My advice would be, don't do it.

""Nuurul Basar""  wrote in message
news:[EMAIL PROTECTED]
> I am planning to configured both my core and distributions as L3 device,
and
> let the access switch to distribution using L2.
> I was advice that by doing this on my network two identical ip address on
> same subnet/vlan but in a different access switch can exist.
> And a packet that is attend to a host in the different switch might end up
> in the else where.  Is this real?.
>
> Sorry, but I have never think off this before.
>
> Thanks
>
> Nuurul Basar Mohd Baki
> Network Engineer
> DDSe




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69591&t=69576
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Leased line/1721 problem [7:69573]

[Robert Edmonds]

I had almost the exact same problem with a T1 line.  In order to convince
the telco, I replaced the WIC cards at both ends and then called them and
told them I didn't care what it took, but they better fix the line.  They
then came out and performed an on-site test again, and lo and behold, there
was a bad pair.  Where did that come from?  Anyway, sometimes you have to do
all the work yourself to get the telco to do theirs.  No offense to telco
guys, but we all know that none of our equipment (both the network and the
telco guys) is ever bad ;-)

""James Gosnold""  wrote in message
news:[EMAIL PROTECTED]
> Dear all,
>
> I have something of a problem I hoped someone might offer some advice on.
>
> We have a 1721 router at each end of a 128k leased line. The line went
down
> this morning, red alarm light on the CSU, router showed as Serial
Interface
> Up, Line protocol down. Ok fair enough, reported the fault, telco claimed
to
> repair the fault.
>
> Alarm light on CSU is no longer red but 'show interface serial0' still
shows
> Interface Up, Line protocol down. I've power-cycled the routers with no
joy.
> Engineers from the telco have actually come on site and performed an end
to
> end test and are telling me it's fine.
>
> Looking at the advice offered here by Cisco:
>
http://www.cisco.com/en/US/products/hw/routers/ps221/products_configuration_guide_chapter09186a008007cd3d.html#xtocid8
they tell me that the problem could be: The local or remote router, a
problem with the leased line or a problem with the CSU/DSU. Great thanks,
that's helpful!!
>
> Can anybody offer any suggestions on what might have gone wrong? It seems
> strange to me that a pair of routers that worked perfectly fine for 8
months
> have developed a fault at exactly the same time as the leased line did?
How
> can I prove to the telco that it is their problem?
>
> The config of these routers is really simple by the way, 1 x Ethernet
> Interface, 1 x Serial (WIC) interface, static route, encapsulation ppp, no
> chap/pap, that's about it!
>
> Thanks, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69586&t=69573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: VPN 3000 concentrator question [7:69676]

[Robert Edmonds]

To the first part of your question, yes, that is it basically.  If you are
using the Cisco VPN client, you will enter the group name and password under
the "Authentication" tab.  You can also use the VPN client that is built
into Windows, in which case you do not need the group name and password, but
you have to set up the Base Group to accetp PPTP and L2TP connections.  One
thing about your setup.  If your users in London are behind a NAT device,
you need to make sure that your VPN client is set up to do NAT Traversal
(NAT-T), sometimes referred to as IPSEC over UDP or IPSEC over NAT.
Microsoft just release a Windows update that allows the PPTP client in
Windows 2000 to do this.
The difference between users and groups is the same as in any NOS.  Users
can be members of groups, and therefore can inherit the group's properties.
This is beneficial when you have, say 50 users that all need the exact same
policies, and/or you want them to pull their IP addresses from the same
pool.  You just set up a group with the options you want, set the IP pool
for that group, then create the users and add them to the group.
""Richard Campbell""  wrote in message
news:[EMAIL PROTECTED]
> Hi..  I am new to this VPN 3000 concentrator.  I want to ask if I have a
VPN
> 3000 concentrator device in NY.  Can I connect my VPN client in London to
> it?  What info do I need?  Just the external IP of the VPN server and VPN
> client group name + password?  Is the VPN client free for download?
>
> When I go to the VPN3000 web interface-->configuration-->User Management
I
> saw the group and users?  What is the difference?
>
> _
> Protect your PC - get McAfee.com VirusScan Online
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69704&t=69676
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Am I over my head guys? [7:69746]

[Robert Edmonds]

My first Network Administrator job came to me when the current Network
Administrator was fired for lying about his certs, and I was the most
experienced (relative term) person there.  At the time, I was way over my
head, but it all worked out fine since there are always resources to tap,
people to call, manuals to read and, perhaps most importantly, technical
support to call.  If you're a quick learner, as it appears, I'm sure you'll
do fine.  Oh, and in my current position, I had relatively little Cisco
experience, managing a network with 6506, 4006, 3500 series switches,
wireless, etc, much of it for the first time.  And, like some of the other
folks, I am looking for challenges all the time.  GOOD LUCK!

Robert

""B Rudy""  wrote in message
news:[EMAIL PROTECTED]
> Hey guys, I just got an offer to become a 2nd senior network engineer for
> this company in Orange Country.  Great News i know!!
>
> Dilemma:  I am a CCNP but have no local Area Nework Experience.  Going to
be
> workin with Catalyst 6500 switches.  Also i have about 2 yrs working with
> cisco equipment, however, dont feel i am ready for a senior title and
> duties.  Also working with cisco routers.
>
> What do you guys think i should do?
>
> 1.  Take the job and see how it works out?  Maybe mess up their network
and
> look real dumb and unknowledgable on some troubleshooting.  risked getting
> fired?
> 2.  Let the job go, and watch a great opp float away?
> 3.  Keep the existing job i have working with cisco equipment and
technology?
>
> p.s.  This job is a senior position, so meaning senior pay. very positive
> aspect, and a great company going places. over 4000 employees.
>
> Your output is greatly appreciated. Really need some advice. Thanx




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69763&t=69746
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Dynamic Route Graphs...... [7:69738]

[Robert Edmonds]

My question to Tom and Raj is, where can I get it?  I am not a programmer
(yet, working on that), so scripts like these that are free are always a
welcome site.  If you guys are willing to share what you have (your
livelihood doesn't depend on it) let me know.

Robert

""Tom Martin""  wrote in message
news:[EMAIL PROTECTED]
> Raj,
>
> Is the software going to be open source?  I have a large collection of
> scripts for automating configuration (during rollouts) and basic
> troubleshooting.  I've had intentions of providing a GUI front-end at
> some point, either in Java or PHP, but never seem to have the time to
> get around to it.
>
> Most of the advanced troubleshooting is performed by our technicians
> anyway (as opposed to directly by the customer), so not having a
> graphical interface has not been a big deal.
>
> Either way, since you've obviously done some work in that area it might
> be nice to merge some sources to provide additional functionality.  For
> example, I can see where it might be nice to see which switches are
> encountered between hops, especially if the next hop isn't reachable.  I
> wouldn't imagine this would be terribly difficult, since the code is
> already written.
>
> Just a thought.
>
> - Tom
>
> Raj Santiago wrote:
> > Hi All,
> >
> > A friend and myself have recently completed a program, in which WE
think
> > is going to be very helpful to all engineers out there. Basically its a
> > network-graphing program. How does it work ?
> >
> > 7 logs on to all known routers in your network and issues term len 0
and
> > then show ip route. These outputs are then stored under the name of
the
> > router.
> > 7 Next you specify a source ip(or name) and a destination ip (or name)
> > 7 Our code basically works out the starting point(s) and then builds a
> graph
> > based on the routing table(stored as files) to the destination.
> > 7 The graph(very pretty with nice colours  ) is stored as a png file and
a
> > HTML document is created to reference it.
> >
> > What does this mean?
> > 7 You can basically get a graphical representation of your network from
any
> > two points
> > 7 All of this is dynamic because it follows your routing table
entries.
> > 7 Makes troubleshooting simpler
> > Etc
> >
> > Well, we were stoked to see the end product (in which we are doing final
> > testing and formulating a module). I was wondering if this would be
useful
> > to you out there ? If so, just leave a comment. This will give us a
rough
> > idea on how user friendly we need to package this
> >
> >
> > Here is a sample diagram :
> >
http://www.superplasmas.com.au/routeparser/10.25.159.1_10.47.200.30.png
> >
> > With IE, you will need to enlarge the pic to view it correctly... (just
run
> > your mouse over and click on the enlarge button).
> >
> >
> > Any feedback will be good. Please remember this program is free.
> >
> > Cheers
> >
> > Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69764&t=69738
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 3550 [7:70449]

[Robert Edmonds]

Is that output from a 3550?  I know the command is the same on most Cisco
gear, but my 3550 doesn't show whether it's SX or LX.  It shows everything
else, though.

Robert

""Scott Chau""  wrote in message
news:[EMAIL PROTECTED]
> Hi Tim,
>
> DNWB-008-AS01#show interface gi0/1
> GigabitEthernet0/1 is up, line protocol is up
>   Hardware is Gigabit Ethernet, address is 000b.5f82.2cb1 (bia
> 000b.5f82.2cb1)
>   Description: Connected to DHAA-005-DR01 Gi3/4
>   MTU 1500 bytes, BW 100 Kbit, DLY 10 usec,
>  reliability 255/255, txload 1/255, rxload 1/255
>   Encapsulation ARPA, loopback not set
>   Keepalive set (10 sec)
>   Full-duplex mode, link type is force-up, media type is SX
>
> Scott
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Tim Champion
> Sent: Tuesday, June 10, 2003 6:31 AM
> To: [EMAIL PROTECTED]
> Subject: Catalyst 3550 [7:70449]
>
>
> Does anyone know of a command which will show the flavour of GBIC in a
> particular slot of a 3550?
>
> Many thanks in advance.
>
> Tim




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70475&t=70449
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX CCO question [7:56162]

[Robert Edmonds]

Don't quote me, but I don't believe so.  I would see if I could specify that
the PIX must come with the latest software revision; that is, if I didn't
buy the contract, which is a good idea because stuff happens, you know?

""sam sneed""  wrote in message
news:200210231729.RAA20504@;groupstudy.com...
> I was looking into getting a PIX and had a question. If cdw.com (for
> instance) ships one over with an older OS and I want the current OS loaded
> on it what happens if I don't have a CCO support contract. Is there a
grace
> period once you buy the product to be able to download the latest OS and
the
> instructions to upgrade?
>
> thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56167&t=56162
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Public Internet Access [7:55898]

[Robert Edmonds]

I work for a county government.  As part of building a new courthouse, I am
tasked with providing attorneys in courtrooms with Internet access through
my network.  Of course, I would like to provide them access to what they
need while blocking access to our internal network.
My network is setup in the following manner:
In the new courthouse, the MDF has a 3550-12G acting as the root switch for
the building, and has the layer 3 image.  It connects directly to my core,
with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515 for
Internet access.  I plan on creating a separate VLAN for the public Internet
access, but beyond that I'm left a bit short.  Obviously I don't want to
create a 300 line access-list that would deny them access to each internal
VLAN, then each of our servers in turn.  Can someone give me some
suggestions to get this done?  Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55898&t=55898
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Public Internet Access [7:55898]

[Robert Edmonds]

First, the 300 line access-list was a bit of an exageration, more to make
the point that I don't want an ungodly long access-list.
Well, basically every floor in each building has its own /24 subnet.
Unfortunately the real problem is that to get to the Internet, traffic must
traverse VLAN 1, which also houses all my servers.  That's the real problem.
Is it possible to force traffic from one VLAN to go only out through my PIX
and not be able to browse the servers on that subnet?
Not being really familiar with the concept, I was thinking along the lines
of policy routing.  Is this the type of application it is intended for?  I'm
still trying to find good information on it.
""Steven A. Ridder""  wrote in message
news:200210181920.TAA12300@;groupstudy.com...
> Not sure I understand how you are running your network, but if you deny
the
> lawyers VLAN from accessing the other VLAN's in your network, you should
be
> all set.  That way you only have one deny statement to add to each VLAN.
I
> think what's throwing me is the 300 line access-list statement.  There's a
> ton of solutions out there for you, but you need to be more clear in terms
> of describing your internal network.
>
>
> ""Robert Edmonds""  wrote in message
> news:200210181908.TAA09447@;groupstudy.com...
> > I work for a county government.  As part of building a new courthouse, I
> am
> > tasked with providing attorneys in courtrooms with Internet access
through
> > my network.  Of course, I would like to provide them access to what they
> > need while blocking access to our internal network.
> > My network is setup in the following manner:
> > In the new courthouse, the MDF has a 3550-12G acting as the root switch
> for
> > the building, and has the layer 3 image.  It connects directly to my
core,
> > with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515
for
> > Internet access.  I plan on creating a separate VLAN for the public
> Internet
> > access, but beyond that I'm left a bit short.  Obviously I don't want to
> > create a 300 line access-list that would deny them access to each
internal
> > VLAN, then each of our servers in turn.  Can someone give me some
> > suggestions to get this done?  Thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55900&t=55898
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Easy Aironet 350 question [7:55885]

[Robert Edmonds]

David,
To add a new user, from the home menu go to SETUP (s) then SECURITY (se) and
select USER INFORMATION (i).  From there you can select ADD NEW USER (add)
and fill in the appropriate information for the user.

""David j""  wrote in message
news:200210181620.QAA27129@;groupstudy.com...
> Hi all:
> Today is the first day that I can play with an Aironet 350 and I have a
very
> simple question: I want to setup a console password (I'm conected through
> the console port), is this done using the User Managment window and
setting
> write (or whatever) permissions?  (I'm pretty sure that is done in that
way
> but I'd be grateful if someone could confirm it)
> Thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55901&t=55885
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Subinterface config. in CAT3550. [7:56174]

[Robert Edmonds]

The 3550 definitely does support ISL trunking.

""Ellis, Andrew""  wrote in message
news:200210241123.LAA30175@;groupstudy.com...
> Raj,
>
> The following link will tell you enough so you can make it work, if you
have
> the right router.
>
> http://www.cisco.com/warp/public/473/50.shtml
>
> -Drew
>
> -Original Message-
> From: Rajesh Kumar [mailto:pikumar@;cisco.com]
> Sent: Wednesday, October 23, 2002 7:28 PM
> To: [EMAIL PROTECTED]
> Subject: Subinterface config. in CAT3550. [7:56174]
>
>
> Hi all,
>
> I am trying to configure a router on a stick configuration - with 26xx
> series router's e0/0 port connected to fa0/1 port of CAT3550.
>
> Router's E0 port is configured like this
>
> int e0/1
> no shu
> no ip address
>
> int e0/1.1
> encap isl 20
> ip address 192.168.20.1 255.255.255.0
>
> int e0/1.2
> encap isl 40
> ip address 192.168.40.1 255.255.255.0
>
> When I try to do the same thing on CAT 3550's fa0/1 port, I get an error
> message like this :
>
>  " Configuring IP routing on LAN subinterface is only allowed if that
> subinterface is configured as a part of IEEE 802.10 or dot1q or ISL
> VLAN. "
>
> But nowhere I find the command "encap isl  " to insert this in
> the subinterfaces.
>
>
> Does anyone has anythoughts on this and how to overcome this?
>
> Thanks,
> Rajesh




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56206&t=56174
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 switch [7:56285]

[Robert Edmonds]

Did you issue "ip subnet-zero"?

""Brian Zeitz""  wrote in message
news:200210251603.QAA05517@;groupstudy.com...
> Hello
>
>
>
> I am new to working with the 3550-24, I upgraded to the EMI layer 3.
> That worked fine, I used a TAR file and did an overwrite. What I want to
> do is make a router from 192.168.1.x to 192.168.0.x to connect 2
> networks. The problem is when I put in the subnet mask on the
> 192.168.0.x its giving me the error, "invalid subnet". I tried
> 255.255.255.0 and 255.255.0.0 with no luck. I am using the 800 pages
> Cisco configuration guide, and I just ordered the Field Manual for Cat
> switches from Cisco Press.
>
>
>
> Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56296&t=56285
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OT Microsoft Server help [7:55403]

[Robert Edmonds]

Although I can't speak to your problem specifically, I have seen similar
issues with other software products.  For example, we use SurfControl
Superscout for web monitoring/filtering.  It has an icon down by the clock
you can double click on to configure certain items.  This icon is not
available in a Terminal Services session.  You have to be physically at the
server or using VNC, PCA, etc. to get the "real" desktop.
I would recommend calling Broadcomm and asking them if this is the case with
your issue, although, I would bet a Mountain Dew that it is.  Good Luck.

""jeff sicuranza""  wrote in message
news:200210111912.TAA18265@;groupstudy.com...
> Hello all, I was wondering if any of the Microsoft experts out there can
> help me out with this. I have a new server running windows 2k server all
> service packs and critical updates installed. I have Agilent Advisor
> protocol analyzer software edition installed. The server has two Broadcomm
> gigabit Ethernet adapters. When I launch the software I can see both NDIS
> adapters and select them for use.
>
> My problem is as follows:
> This server is a terminal server running in administration mode. When a
> single terminal server client logs in and runs the Agilent protocol
analyzer
> software the Broadcomm adapters do not show up. The terminal server client
> has administrative privileges and I also used the administrative Id as
well.
> I also tried all of the terminal server configurations options except
> converting the terminal server to apps. mode. Am I missing something? Is
> terminal server locking up the Broadcomm NDIS adapter's resources? This
> terminal server setup is only for one user at a time for a remote
> educational lab. Etherpeek has the same problem yet a public domain
protocol
> analyzer using WINPCAP works fine.
> Also, if I user VNC all apps and adapters work fine. I would rather deploy
> terminal server for it is faster and crisper in viewing experience to the
> students. Any ideas are greatly appreciated.
>
> Thank.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55420&t=55403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Terminal Server [7:56454]

[Robert Edmonds]

I've used Zyplex (or is it Xyplex?) in the past and had good luck with them.
Their configuration was very straightforward also.

""Frank Dagenhardt""  wrote in message
news:200210291456.OAA08533@;groupstudy.com...
> Hi All,
>
> I was wondering if anyone had any advice on a good 8 port terminal server.
I
> would prefer to get cisco but the cost is a little much. Does anyone have
> experience with a different brand that does the job at close to the same
> quality?
>
> Thank you in advance,
>
> Frank




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56460&t=56454
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Questions before tests [7:56452]

[Robert Edmonds]

I've heard this same thing too.  However, I really don't put much weight in
it.  Here's why.  Let's say you answer all the questions in a way that makes
you seem like a beginner.  It would make sense that you would probably get
easier questions.  Why would Cisco want a CCNA, CCNP or CCIE out there that
could only answer the easiest questions?  They want their certifications to
mean something so more people will obtain them so more people will be
familiar with their products so more people will BUY their products.  Doing
what you've described would seem to undermine their entire purpose; to sell
more product.  Anyway, it's my very humble opinion that the people who
believe that also believe that the government is monitoring every single
phone call made by every American citizen (or insert your nationality in
place of American).  It's just one more thing to be paranoid about.
Besides, you've passed the first three, so you basically know what to
expect.  Good luck.
""Aaron Ajello""  wrote in message
news:200210291447.OAA07111@;groupstudy.com...
> I'm working on my CCNP, just have CIT to go and when I have taken the
first
> three, I just kindof flew through the questions before the test where
Cisco
> asks about your experience level, whether or not you can configure things
on
> your own or need help with a coworker, etc.
>
> Is it true that your answers will determine how the test is graded or what
> types of questions you will get on the actual test?  I thought it was
merely
> a survey so Cisco could get an idea of what types of backgrounds people
had
> who were taking their tests.  But recently I read where someone says those
> questions will actually determine how Cisco tests you and which questions
> from the pool you will receive.
>
> This seems ridiculous to me, but I have to ask.
>
> thanks,
> Aaron




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56461&t=56452
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Works 2000 and Windows XP [7:56485]

[Robert Edmonds]

I had the demo version installed.  It's the same as the full just with the
time stamp, right?


""Fernandez, Tim""  wrote in message
news:200210292045.UAA29160@;groupstudy.com...
> Hey all, has anyone been able to install Cisco Works 2000 on an WindowsXP
> Pro Box?
> Thanks,
>
> Timothy B. Fernandez
> Network Technician
> Sales, Trading and Wealth Management
> Thomson Financial




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56490&t=56485
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Switching exam [7:56507]

[Robert Edmonds]

The switching exam questions that refer to IOS based switches will be more
like the 2900 and 3500 series and less like the 1900 series.

""Ahed Naimi""  wrote in message
news:200210300639.GAA02527@;groupstudy.com...
> Hi All;
> I am working on CCNP switching exam and I saw that , there are differences
> in commands between Cat 1900 and Cat 2900-3500 switches (IOS based
> switches). On which series of  IOS switches the exam
> questions are?
>
> Pls, advise




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56523&t=56507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Subnets [7:56745]

[Robert Edmonds]

If I understand correctly, I believe this will accomplish it.

access-list 100 deny ip 10.5.0.0 0.0.255.255 10.1.0.0 0.0.255.255
access-list 100 permit ip any any
interface e0/1 ip access-group 100 in

This will deny traffic from 10.5.0.0 from getting to 10.1.0.0, but let all
other traffic through and let all 10.5.0.0 traffic get anywhere else it
needs to go.

""Catalin""  wrote in message
news:200211021650.QAA21112@;groupstudy.com...
> Here is my problem:
>
> 1) I have two subnets: 10.1.0.0 255.255.0.0 and 10.5.0.0 255.255.0.0
> 2) 10.5.0.0 should not access any resource on 10.1.0.0
> 3) 10.5.0.0 should have internet access
> 4) the internet access router is connected with both subnets: Ethernet 0/0
> 10.1.0.1 255.255.0.0 and Ethernet 0\1 10.5.0.1 255.255.0.0.
> 5) the wan link is on serial0\1.
> 6) the routing is eigrp
>
>
> So, the question is how to give internet access for 10.5.0.0.
> The internet router is a cisco 2611.
>
>
> Thanks in advance.
>
> Catalin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56750&t=56745
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Definition [7:56825]

[Robert Edmonds]

My guess is that you're using the 640-504 study guide by Clare Gough, Cisco
Press.  I am also using this book as a study guide and have been very
confused by her use of these terms.  Remember that this book is a bit older
than the current criteria, so when she was actually penning it the
information was a little more current (in regards to NIC still being
around).  Regardless, it's confusing when other terminology could be
replaced to mean the same thing.  I believe Priscilla's definitions
regarding the NIC (Network Information Center) are what you should
concentrate on, especially the organizations that have replaced it.  Then it
will make a little more sense.

""John Neiberger""  wrote in message
news:200211042012.UAA26769@;groupstudy.com...
> Yep, EIGRP does it by default.  I *really* wish they'd make 'no
> auto-summary' the default for both EIGRP and BGP.  It makes no sense to
> me to leave summarization on by default.  I don't know how many times
> I've been working a lab scenario and said "Doh!  Forgot to turn off
> summarization!"  :-)
>
> John
>
> >>> "Priscilla Oppenheimer"  11/4/02 12:49:41 PM
> >>>
> Good translation, but is it even true about EIGRP? IGRP yes, but
> EIGRP?
>
> Just checking. When a book is so clueless to still refer to the
> Network
> Information Center, I have to question other things too. ;-)
>
> Priscilla
>
> John Neiberger wrote:
> >
> > Hmm...okay. How old is this book?  They are using 'Network
> > boundary' to
> > refer to the classful major network supernet.
> >
> > I'm still confused by their use of NIC number and that's
> > because they
> > are NOT referring to the Network Interface Card like most of us
> > would
> > expect.  They appear to be referring to an allocated network
> > prefix from
> > the Network Information Center which, as far as I know, isn't
> > around
> > anymore.  You get allocations from ARIN, RIPE, and APNIC now.
> > So,
> > knowing that, let me translate:
> >
> > "BGP-4 and EIGRP summarize at the major classful network
> > boundary
> > automatically.  [This behavior can be disabled by use the 'no
> > auto-summary' command.]  Summarization to a non-classful
> > boundary must
> > be done manually."
> >
> > Regards,
> > John
> >
> > >>> "James Gosnold"  11/4/02 12:21:45 PM
> > >>>
> > Hi John,
> >
> > I always thought of the NIC number as the MAC address of a
> > Network
> > card!
> >
> > Here are a couple of quotes from the Cisco Press book I am
> > reading to
> > show
> > the context in which they use the terms:
> >
> > "BGP-4 and EIGRP summarizes at the network boundary
> > automatically.
> > Summarization within the NIC number boundary must be configured
> > manually."
> >
> > Then when talking about the characteristics of a classless
> > routing
> > protocol:
> >
> > "Some routes can be summarized within the major NIC number.
> > This is
> > done
> > manually."
> >
> > Confused? I am!
> >
> > Regards, James.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56846&t=56825
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Must Know..to pass [7:56923]

[Robert Edmonds]

I was good up until #7.  The only African dialect I am fluent in is the
"click" language !Ora (pronounced Kora) used by Southern African Bushmen.
Guess I'll have to hit the books again.

""Casey, Paul (6822)""  wrote in message
news:200211051809.SAA08018@;groupstudy.com...
> The new qualifications for CCIE have been announced. I have a copy of some
> practice questions. They are as follows:
>
> 1. Describe the history of the papacy from its origin to the present day,
> concentrating especially, but not exclusively, on its social, political,
> economic, religious, and philosophical impact on Europe, Asia, America,
and
> Africa. Be brief, concise, and specific.
> 2. You have been provided with a razor blade, a piece of gauze, and a
bottle
> of Jack Daniels. Remove your appendix. Do not suture until your work has
> been inspected. You have 10 minutes.
> 3. 2500 riot-crazed aborigines are storming the room. Calm them. You may
use
> any ancient language except Latin or Greek.
> 4. Create life. Estimate the differences in subsequent human culture if
this
> form of life had developed 500 million years earlier, with special
attention
> to its probable effect on the English Parliamentary System. Prove your
> thesis.
> 5. Write a piano concerto. Orchestrate and perform it with flute and drum.
> You will find a piano under your chair.
> 6. Based on your knowledge of their works, evaluate the emotional
stability,
> degree of adjustment, and repressed frustrations of each of the following:
> a. Alexander of Aphrodisias
> b. Ramses II
> c. Gregory of Nicea
> d. Iammurati
> Support your evaluation with quotations from each man's work, making
> appropriate references. It is not necessary to translate.
> 7. The disassembled parts of a high-powered rifle have been placed in a
box
> on your desk. You will also find an instruction manual printed in Swahili.
> In 5 minutes, a hungry Bengal tiger will be admitted to the room. Take
> whatever action you feel appropriate. Be prepared to justify your
decision.
>
>
>
>
>
>


>
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify [EMAIL PROTECTED] or
>   telephone ++ 353 1 6095000.
>
>

*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56926&t=56923
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traceroute blocking on CISCO router [7:56924]

[Robert Edmonds]

I hate to ask a dumb question, but did you apply the access list to your
inside interface with "access-group 101 in interface inside"?

I just tried the same thing on my PIX and it did work.  I would check your
config.

""Stephane Litkowski""  wrote in message
news:200211051821.SAA10082@;groupstudy.com...
> Hi all,
>
> how can I prevent a cisco router to respond to a traceroute (ICMP or UDP)
?
> I tried to apply an access-list out to prevent ICMP to be generated by the
> router, but it doesn't seem to block anything ! Maybe access-lists cannot
> block local traffic ...
>
> access-list 101 deny  icmp any any log
> access-list 101 permit ip any any
>
> I see the packet log by the ACL, but it is still transmitted (because
local
> ?)
>
> 00:24:13: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.3 ->
> 192.168.1.2(0/0), 1 packet
> 00:24:13: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len 56,
> sending
> 00:24:13: ICMP type=11, code=0
>
> Thanks for help
>
> Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56927&t=56924
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Traceroute blocking on CISCO router [7:56924]

[Robert Edmonds]

Are you wanting to also block the ICMP unreachable message?  If so, you can
use "no ip unreachable".

""Stephane Litkowski""  wrote in message
news:200211052003.UAA03311@;groupstudy.com...
> Robert,
>
> I tried to apply th ACL at inbound (for ICMP traceroute version) :
> on the PC (192.168.1.2), I tried to traceroute an address behind the
router
> (172.16.4.5)
> I can see in debug that the the ICMP packet is denied by ACL but the
router
> replies to the host :
>
> 00:07:23: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.2 ->
> 172.16.4.5 (0/0), 1 packet
> 00:07:23: IP: s=192.168.1.2 (Ethernet0), d=172.16.4.5, len 92, access
denied
> 00:07:23: ICMP type=8, code=0
> 00:07:23: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len 56,
> sending
> 00:07:23: ICMP type=3,
->(unreachable
> because the address i traceroute does not exist)
>
>
> ""Robert Raver""  a icrit dans le message de news:
> [EMAIL PROTECTED]
> > Stephane,
> >
> > How are you applying this?  It should be coming and not going out. ex.
ip
> > access-group 101 in
> >
> > Thanks,
> > Robert Raver
> >
> >
> > - Original Message -
> > From: "Stephane Litkowski"
> > To:
> > Sent: Tuesday, November 05, 2002 11:21 AM
> > Subject: Traceroute blocking on CISCO router [7:56924]
> >
> >
> > > Hi all,
> > >
> > > how can I prevent a cisco router to respond to a traceroute (ICMP or
> UDP)
> > ?
> > > I tried to apply an access-list out to prevent ICMP to be generated by
> the
> > > router, but it doesn't seem to block anything ! Maybe access-lists
> cannot
> > > block local traffic ...
> > >
> > > access-list 101 deny  icmp any any log
> > > access-list 101 permit ip any any
> > >
> > > I see the packet log by the ACL, but it is still transmitted (because
> > local
> > > ?)
> > >
> > > 00:24:13: %SEC-6-IPACCESSLOGDP: list 101 denied icmp 192.168.1.3 ->
> > > 192.168.1.2(0/0), 1 packet
> > > 00:24:13: IP: s=192.168.1.3 (local), d=192.168.1.2 (Ethernet0), len
56,
> > > sending
> > > 00:24:13: ICMP type=11, code=0
> > >
> > > Thanks for help
> > >
> > > Stephane




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=56949&t=56924
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Selective NAT [7:59287]

[Robert Edmonds]

This one's for you Dwayne:

I've never done it before but I know you can NAT based on source address.  I
believe you would use the "ip nat inside source list "
command.  Then, I guess you would apply an access-list to the destination
subnet allowing only the NATed addresses and deny all others.  Somebody
correct me if I'm way off base.

 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is it possible to use extended ip access-lists for NATing. Basically i
want
> traffic from a particular subnet destined for a particular subnet only to
be
> NATed?? All other traffic should not be NATed.
>
>
> Cheers
> Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59292&t=59287
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Catalyst 3548 vs. 3550 [7:53172]

[Robert Edmonds]

Try the following link.  It details QOS.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/1216ea2b/scg/swg
qos.htm


""RJ""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> anybody knows the catalyst 3548 will offer the same QoS function as 3550?
> is 3548 also on the ccie lab equipment list?
>
> thanks!!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53203&t=53172
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: cisco 2509 not booting [7:53198]

[Robert Edmonds]

It sounds to me like you have bad RAM or NVRAM.  Do you have a Smartnet
contract on this router?  I would call Cisco.


""Binoy K L""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi friends,
>
> I have a cisco 2509. It is not booting up. As I power it on the
> following output is given in the hyper terminal
>
> System Bootstrap, Version 4.14(9.1), SOFTWARE
> Copyright (c) 1986-1994 by cisco Systems
>
> Bad memory - unable to write low core
>
> I am new to this error. After this the router gets stuck. Nothing
> else is coming down after this.
>
> kindly help me
>
> Thanks in advance
>
> Binoy
>
>
>
> Thanks,
>
> Binoy K L




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53204&t=53198
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: POP3 - IMAP relay agent [7:53200]

[Robert Edmonds]

Avaya is the former Lucent right?  They made a product that used to be
called Unified Messenger that would bring it all together in one mailbox.
Contact Avaya and ask them about that product.


""Firesox""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Folks
> I need a quick solution to do the following.
> It probably is a tough one for most folks here, but any
> suggestions/assistance will be appreciated.
> Please send replay to [EMAIL PROTECTED]
> Basically I need a relay agent that monitors POP3 server and pulls all
> messages and redirect to IMAP servers(Excange 2000).
> Here is what I have..
>
>
> Scenario:
>
> Avaya Intuity Audix POP3 server receives fax messages and stores them in
> POP3 mailboxes.  These POP3 accounts need to be forwarded to an exchange
> server to be accessed via Outlook XP and/or OWA.  The 750 DID numbers
point
> to 750 POP3 accounts within the Intuity.  The Intuity is not capable of
> forwarding email to a different address.  The users will access email via
> Outlook XP and OWA and want all mail in a single mailbox.  The Intuity was
> in place, paid for and working prior to this project, therefore less
> expensive than installing an additional BisCon type fax server.
>
> Hypothetical Solution:
>
> The hope is for a relay/gateway device which will routinely login to the
> POP3 server for each of the 750 accounts and forward the messages to the
750
> exchange accounts.
>
> Future Administration:
>
> Because the PBX's DID numbers will be permanently mapped to the Intuity
POP3
> accounts, the administration would therefore be in adjusting the
"forwards"
> within the relay/gateway to send to the new user's email account as things
> change.
>
> Note:
>
> The exchange 2000 server is located across a WAN.  The 750 users are on
> brand new PCs which are being installed now (150 out of 750 completed).




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53207&t=53200
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Fiber cables [7:53208]

[Robert Edmonds]

Try Black Box.  They make them all.
www.blackbox.com


""Robert A. McIntire""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm in the process of connecting several 3548 switches ( located in IDFs )
> via GBICs and need some long patch cables to do so.  Does anyone know of a
> good source for extended fiber patch cables?
>
> Thanks in advance, Bob McIntire




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53209&t=53208
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CAT 3550 : IPX and AT support? [7:53642]

[Robert Edmonds]

Diego,
I don't think the 3550 supports IPX at all.  I have checked Cisco's web
site, plus I have a 3550-12G on my network and I can't find any IPX
commands.
""Diego Rissone""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does anybody know if the ios of the 3550's  supports or will support ipx ?
> and at?
>
> thanks
>
> Diego Rissone
> CCIP,CCDP,CCNP,MSCE+I
>
> TECHINT GROUP -ARGENTINA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53643&t=53642
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: TACACS/RADIUS on CISCO Router [7:53621]

[Robert Edmonds]

I'm not an expert on this, but it seems to me that if you don't have a local
database or an external server, you don't have any user names to
authenticate against.  I think you'll need something else.
""exchange""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hey,
>
> is there a possibility to set up a router acting
> as a  radius or tacacs server with local authentication
> without external server ?
>
> Please let me know
>
> best regards
>
> Michael




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53644&t=53621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Security for router connected to Cable Service [7:43322]

[Robert Edmonds]

If I understand your question correctly, you just need to enable NAT for the
server in question and allow FTP traffic through on that address.  For
example, Server1 is the FTP server you want to allow people on the outside
to access.  It's private IP address is 10.10.10.10 and the outside address
you want the internet users to access is 64.64.64.65.  So, your
configuration might look a little like this if Server1 was hanging off the
Ethernet1 interface.  (NOTE:  The frame relay configuration is not
important, it is just thrown in for the completeness of the configuration
example.)


interface ethernet1
  description FTP Server
  ip address 10.10.10.1 255.255.255.0
  ip nat inside
interface serial0
  no ip address
  encapsulation frame-relay IETF
  service-module t1 timeslots 1-24
  service-module t1 remote-alarm-enable
interface serial0.1 point-to-point
  description Frame Relay Connection to ISP
  ip address 64.64.64.66 255.255.255.248
  ip nat outside
  frame-relay interface-dlci 123

ip nat inside source static 10.10.10.10 64.64.64.65
ip route 64.64.64.65 255.255.255.255 ethernet1



""Wesley J""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello, have you come up w/ a solution to allow connections into your
> network, say to an ftp server from the outside, through a router using the
> IOS Firewall Feature Set? I could use some input or any ideas on how to
> configure that.
>  Thanx for any suggestions




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53645&t=43322
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP exam [7:53668]

[Robert Edmonds]

I'm not sure if 504 covered it, (it's not covered in the 2 books I've read
preparing, but the BSCI test includes IS-IS.  Make sure you're up on it.

http://www.cisco.com/warp/public/732/Tech/routing/isis.shtml

""Kaminski, Shawn G""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You'll be OK. The old 640-504 exam and the new 640-604 exam cover the same
> topics. The only difference that I know of is that new, more difficult,
> questions were written for the new 640-604 exam. Same topics, just more
> difficult questions. Just make sure you know the material.
>
> Shawn K.
>
> > -Original Message-
> > From: Han Chuan Alex Ang [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, September 19, 2002 10:02 PM
> > To: [EMAIL PROTECTED]
> > Subject: CCNP exam [7:53668]
> >
> > hi, I am currently preparing for my CCNP module , however , the course
> > that
> > I took which is Building Cisco Multilayer Switched Networks (BCMSN) was
> > quote as 640-504 and the exam I am taking now is
> > 640-604, can any body tell me if there is any significant different
> > between
> > the two. thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53717&t=53668
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Certificatiom [7:53666]

[Robert Edmonds]

At my last organization, we had someone who lied about their Microsoft
certification.  We just called the number that you would call to check your
own status, told them what we suspected, and they verified it.  Try that.


""Kaminski, Shawn G""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Yes. The Cisco website has a section that allows you to check CCIE status.
> You need the person's name and their CCIE # to verify it.  As for the
CCNP,
> I haven't heard of anything to check this status.
>
> Shawn K.
>
> > -Original Message-
> > From: Han Chuan Alex Ang [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, September 19, 2002 9:41 PM
> > To: [EMAIL PROTECTED]
> > Subject: Certificatiom [7:53666]
> >
> > hi, everyone , is there any way to verify if it is true if a person
> > claimed
> > he has a CCNP or CCIE certification ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53718&t=53666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX Upgrade [7:53747]

[Robert Edmonds]

To upgrade the PIX to a newer software version, do you just do
copy tftp 172.16.6.100/pix622.bin flash
and then reload?
Sounds like I'm missing something.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53747&t=53747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Upgrade [7:53747]

[Robert Edmonds]

I don't see any version newer than 6.22 on their download page.  Am I
missing something?
""Robert Edmonds""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> To upgrade the PIX to a newer software version, do you just do
> copy tftp 172.16.6.100/pix622.bin flash
> and then reload?
> Sounds like I'm missing something.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53757&t=53747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Upgrade [7:53747]

[Robert Edmonds]

I have a 515 without a floppy drive.  Do I need to go into monitor?  Or can
I just tftp the file and reload?
""Robert Edmonds""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> To upgrade the PIX to a newer software version, do you just do
> copy tftp 172.16.6.100/pix622.bin flash
> and then reload?
> Sounds like I'm missing something.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53766&t=53747
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: 3550 SMI to EMI upgrade [7:53876]

[Robert Edmonds]

I believe the upgrade from SMI to EMI is pretty standard.  Check the
following link for more ino:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1219ea1/ol208901.h
tm#xtocid10


""Firesox""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is it just a software upgrade to go from 3550 SMI to EMI?
> if so, is it same as doing the TFTP transfer?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53879&t=53876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Certificatiom [7:53666]

[Robert Edmonds]

I sent a message to Cisco asking if it was possible to verify certification
status, and this is the response I received:

Dear Robert:

Thank you for contacting Cisco Training and Career Certifications team.

We can verify certification for candidates given the proper information.
Please provide the following information to verify the candidate:

Candidate's name:
Candidate ID or Cisco ID #:
Certification level(s) you wish to verify:

Once the customer service department receives your updated request we will
be able to verify the certification(s) achieved. Please note that exam
scores and other contact or personal information will not be released.

Please click on the hyperlink below to update, review or generate a support
request.

Be sure to bookmark the www.cisco.com/go/certsupport site for all of your
future Cisco Training and Career Certification inquires.


""Han Chuan Alex Ang""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> hi, everyone , is there any way to verify if it is true if a person
claimed
> he has a CCNP or CCIE certification ?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53908&t=53666
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Same subnets on each side of an ATM WAN [7:53973]

[Robert Edmonds]

I read about an almost identical (if not actually identical) issue on
Cisco's website.  The solution they gave was to do NAT on one side of the
WAN link.


""McHugh Randy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have an OC3 ATM WAN link that connect two LANs, but there are two
> identical subnets /30 on either side of the WAN link. Has any one ever had
> that type of setup and how is that possible with two identical public IP
/30
> subnets on either side of WAN connection?
>
> Here are the interfaces on either side of the wan
>
> AAAV7204#sh int fastEthernet 1/0
> FastEthernet1/0 is up, line protocol is up
>   Hardware is DEC21140A, address is 0003.6cce.f01c (bia 0003.6cce.f01c)
>   Description: FE from PM to WDGB
>   Internet address is 205.109.29.10/30
>   MTU 1500 bytes, BW 10 Kbit, DLY 100 usec,
>  reliability 255/255, txload 1/255, rxload 2/255
>   Encapsulation ARPA, loopback not set
>   Keepalive set (10 sec)
>   Full-duplex, 100Mb/s, 100BaseTX/FX
>   ARP type: ARPA, ARP Timeout 04:00:00
>   Last input 00:00:21, output 00:00:00, output hang never
>   Last clearing of "show interface" counters never
>   Input queue: 0/75/4/0 (size/max/drops/flushes); Total output drops: 0
>   Queueing strategy: fifo
>   Output queue :0/40 (size/max)
>   5 minute input rate 814000 bits/sec, 113 packets/sec
>   5 minute output rate 81000 bits/sec, 79 packets/sec
>  441800484 packets input, 1055724299 bytes
>  Received 713 broadcasts, 0 runts, 0 giants, 2 throttles
>  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
>  0 watchdog
>  0 input packets with dribble condition detected
>  349363988 packets output, 1452170449 bytes, 0 underruns
>
> AAAV7206#sh ip int fastEthernet 1/0
> FastEthernet1/0 is up, line protocol is up
>   Internet address is 205.109.29.9/30
>   Broadcast address is 255.255.255.255
>   Address determined by non-volatile memory
>   MTU is 1500 bytes
>   Helper address is not set
>   Directed broadcast forwarding is disabled
>   Outgoing access list is not set
>   Inbound  access list is not set
>   Proxy ARP is enabled
>   Security level is default
>   Split horizon is enabled
>   ICMP redirects are always sent
>   ICMP unreachables are always sent
>   ICMP mask replies are never sent
>   IP fast switching is enabled
>   IP fast switching on the same interface is disabled
>   IP Flow switching is disabled
>   IP CEF switching is enabled
>   IP Fast switching turbo vecto
>
> Thank you,
> Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53974&t=53973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX [7:53955]

[Robert Edmonds]

I'm not 100% sure, but I think if you want to connect to the ethernet port
you will need a crossover cable.  Why not connect to the console port to do
the initial config anyway?


""Naomi James""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a PIX 525 and I am doing the initial configuration.  I am trying to
> telnet to it to load the 6.2 version.  I have my laptop directly connect
to
> the inside interface via a CAT 5 cable.  The inside interface and my
laptop
> are on the same network.  I also have the telnet command in the
> configuration.  I am not able to telnet to the PIX.  Can anyone help?
>
>
> Naomi James
> Computer Services and Information Technology
> Savannah State University
> 912-356-2509
>
> [GroupStudy.com removed an attachment of type image/gif which had a name
of
> Mabelt.gif]
>
> [GroupStudy.com removed an attachment of type image/gif which had a name
of
> Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53988&t=53955
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IPX ID [7:53989]

[Robert Edmonds]

According to the following Cisco link:

http://www.cisco.com/warp/public/473/33.html#networknumber

As with other network addresses, Novell IPX network addresses must be
unique. These addresses are represented in hexadecimal format and consist of
two parts: a network number and a node number. The IPX network number, which
is assigned by the network administrator, is 32 bits long. The node
number,which usually is the Media Access Control (MAC) address for one of
the system's network interface cards (NICs), is 48 bits long.

  a.. Network:
a.. 32bit number represented in Hex
b.. Administratively assigned
c.. Range : 0x0001 - 0xFFFE
d.. 0x = Broadcast
e.. 0xFFFE = Default route
  a.. Node:
a.. 48 bit number represented in Hex
b.. MAC address of NIC card (can be administratively assigned )
""Mike Martins""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi
>
> Simple question, enabling IPX on a router: ipx routing x.x.x
> I want to use say 2.2.2 as the router ID. Problem is after I type this
> address and show run the router has taken one of the interface's Mac
> addresses as the router IPX ID. Is there something I am missing here? (I
am
> using ver 12.1(5)T)
> cheers and thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=53993&t=53989
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Simple static route redistribution [7:54040]

[Robert Edmonds]

Anthony,
If I understand you correctly, it shouldn't be a problem.  All you're doing
is mixing dynamic with static routing.  It's done every day, all over the
world.  By the way, how do you like your Extreme equipment.  Where I used to
work did a migration to Extreme (or rather has been doing a migration to
Extreme for over a year now, DOH!).  Just wondering if you've had better
luck than them.  :)
""evans Anthony""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi all,
>
> Just a quick question:
>
> I have the following setup: (a)(b)---OSPF network
>
> Router A (extreme L3 switch) is connected to router B, and router B is
> running ospf to other cisco boxes. I have setup a static route that points
> from A to B so machines can get to pc's in the ospf area. The static that
> ive configured is a /13 next-hop.
>
> Router a is not running ospf, and b only has ospf configured on the
> interfaces connected to the ospf network. Do I need to configure anything
on
> router b to allow packets from router A's network into router B ?? Since
ive
> got a static route pointing to b, i guess that B will do a lookup on the
> destination and route as persay. Is this correct or am I talking waffle.
>
> regards,
>
> A.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54055&t=54040
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routine Powercycles or reloads [7:54098]

[Robert Edmonds]

I haven't come across anything personally either way, but it seems that this
would be unnecessary for a router, since there are no hard drives, etc.  I
know it can be an issue with servers that stay on all the time, but I think
routers, switches, etc. with no moving parts (except of course, the fans)
could be left on all the time.  I've definitely never heard of or
experienced any issues relating to this.


""McHugh Randy""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can anyone tell me if they have come accross documentation or guidance
from
> Cisco on how often a 7200 router or any router should be reloaded if ever
> for a maintanance purposes ?
> Thx
> Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54099&t=54098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Simple static route redistribution [7:54040]

[Robert Edmonds]

Priscilla,
After rereading the question, I see my mistake.  I guess I just read right
over the part where he said there was no route from B to A.
Those pesky details will get you every time.

""Priscilla Oppenheimer""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> evans Anthony wrote:
> >
> > Hi all,
> >
> > Just a quick question:
> >
> > I have the following setup: (a)(b)---OSPF network
> >
> > Router A (extreme L3 switch) is connected to router B, and
> > router B is running ospf to other cisco boxes. I have setup a
> > static route that points from A to B so machines can get to
> > pc's in the ospf area. The static that ive configured is a /13
> > next-hop.
> >
> > Router a is not running ospf, and b only has ospf configured on
> > the interfaces connected to the ospf network. Do I need to
> > configure anything on router b to allow packets from router A's
> > network into router B ??
>
> Router B knows how to route packets into its OSPF domain, so that won't be
a
> problem, but have you considered the replies from the OSPF side going back
> to Router A? You'll need a static route on Router B pointing back the
other
> way, and then it should all work fine.
>
> ___
>
> Priscilla Oppenheimer
> www.troubleshootingnetworks.com
> www.priscilla.com
>
> > Since ive got a static route pointing
> > to b, i guess that B will do a lookup on the destination and
> > route as persay. Is this correct or am I talking waffle.
> >
> > regards,
> >
> > A.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54101&t=54040
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access-list question? [7:54112]

[Robert Edmonds]

I couldn't have said it better myself (especially the non-inclusive part -
that's my word for the day for the rest of this week - non-inclusive)


""Russell Heilling""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""Cisco Nuts""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi,
> >
> > What does this command actually do:
> >
> > #access-list 101 permit tcp any eq bgp any gt 1023?
>
> It adds a line to access-list 101, that permits any TCP connections
sourced
> on the BGP port (179) to destination ports above 1023 (non-inclusive).
>
> --
> Russell Heilling
> http://www.ccie.org.uk/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54123&t=54112
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routine Powercycles or reloads [7:54098]

[Robert Edmonds]

In reference to Symon's comment about server reboots, there is a moving part
that would cause you to want to reboot your server -- the hard drive.
Although it is not an extremely common occurance (especially since hard
drives are supposed to be sealed), they can gather, for lack of a better
term, gunk in the spot where the hard drive head parks when the server (or
any pc for that matter) is powered down.  I have seen where the head on an
otherwise perfectly working hard drive will get stuck when the hard drive
parks its head after powering down for something totally unrelated, like
installing RAM, etc.  Now, what was an otherwise functioning server, has
just crashed.  Powering down the server periodically apparently can prevent
this.  Just a little side note to nit pick :)


""Symon Thurlow""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Periodic server reboots are generally to deal with memory leaks rather
> than moving parts. Flawed router software could perhaps exhibit the same
> fault, although I have never heard of it personally.
>
> Symon
>
> -Original Message-
> From: Robert Edmonds [mailto:[EMAIL PROTECTED]]
> Sent: 25 September 2002 20:36
> To: [EMAIL PROTECTED]
> Subject: Re: Routine Powercycles or reloads [7:54098]
>
>
> I haven't come across anything personally either way, but it seems that
> this would be unnecessary for a router, since there are no hard drives,
> etc.  I know it can be an issue with servers that stay on all the time,
> but I think routers, switches, etc. with no moving parts (except of
> course, the fans) could be left on all the time.  I've definitely never
> heard of or experienced any issues relating to this.
>
>
> ""McHugh Randy""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Can anyone tell me if they have come accross documentation or guidance
> from
> > Cisco on how often a 7200 router or any router should be reloaded if
> > ever for a maintanance purposes ? Thx
> > Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54135&t=54098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

EIGRP routing updates [7:54164]

[Robert Edmonds]

I noticed today that between several of my routers, routes that were
statically assigned did not get sent in the routing updates to neighboring
routers running EIGRP.  So, I removed the static routes on several of them
to one subnet in particular, and when the router closest to the subnet in
question learned the route from the router on that subnet, the other routers
in the network picked the route up immediately.  Do static routes not get
propogated, or is there something in my configuration that is causing this
behavior?  I was not aware of this behavior until today.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54164&t=54164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Routed interfaces vs. Switched interfaces on 6500 [7:54170]

[Robert Edmonds]

Ryan,
If I understand your question, then I think I may be able to help.
I believe what it means when it talks about caching flows, is that it caches
the information about the flow -- particularly the path the flow will take.
This makes it so the layer 2 portion of the switch doesn't have to send
every packet to the router to make the layer 3 decision to route the packet.
The basic process for MLS is like this.  A stream of data comes into the
router interface that is destined for a network other than the one it came
in on, another VLAN.  The switch sends the first packet in the flow to the
MSFC (in the case of the 6500) to determine the path that should be taken to
the remote network.  The MSFC figures out how it should get to the remote
network, sends the information to the switch, and the rest of the packets
are switched using the information provided by the MSFC.  Depending on the
flow mask used, the next flow that comes through with the same destination
address, may be able to be fast-switched (hope I used the right term)
directly to the destination in question.
Did I answer your question?  Hope I have helped.

""Newell Ryan D SrA 18 CS/SCBT""  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Referencing LAN Switching I have a question concerning routed vs. switched
> interfaces on the 6500 running in native IOS mode.
> If the diagram on page 832 is correct I'm confused about MLS. Does the
> PFC/NFFC have the ability of caching flows between
> an interface configured as a switched/routed interface??
>
>
> Ryan Newell




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54180&t=54170
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: EIGRP routing updates [7:54164]

[Robert Edmonds]

After further investigation, I believe I have found the answer.  However, I
would like to run it by you all.  The routers in question did not have the
command redistribut static configured on them.  If I understand the meaning
of this command, it is used to inject the static routes configured on a
router for redistribution into the routing protocol in question; in this
case EIGRP.  Sound right?  Thanks.


""Robert Edmonds""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I noticed today that between several of my routers, routes that were
> statically assigned did not get sent in the routing updates to neighboring
> routers running EIGRP.  So, I removed the static routes on several of them
> to one subnet in particular, and when the router closest to the subnet in
> question learned the route from the router on that subnet, the other
routers
> in the network picked the route up immediately.  Do static routes not get
> propogated, or is there something in my configuration that is causing this
> behavior?  I was not aware of this behavior until today.  Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54182&t=54164
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Messing up Access Lists [7:54268]

[Robert Edmonds]

You don't always want to put the deny at the end.  For example, if you want
to deny just one subnet, but permit everything else, putting the permit any
statement at the beginning would allow the subnet you intended to deny.  I
know, a lot of permitting and denying going on in that sentence.  :)-
""Nathan Nakao""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> CTM,
>
>   First of all, in my experience, writing down exactly what you want to
> do really helps.  It gives you a visual map of what you want to go
> through and what you don't.  Second of all (now correct me if I'm wrong)
> you want all "deny" statements at the end.  That's how I've done it
> anyways.  After you've figured out all of that, it's just a simple
> rewording of the access list.  You may also want to keep in mind that
> where you place the access list matters (ie if it's an "in" or "out"
> access group).
>
> -Nate
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 26, 2002 12:54 PM
> To: [EMAIL PROTECTED]
> Subject: Messing up Access Lists [7:54268]
>
>
> I've been trying to optimize communications between two distant routers.
> So
> far I've managed to lock myself out of the far router three times, folks
> over there are getting weary of my mistakes ;-)
>
> I have a subnet of 172.29.30.0/24 and a subnet of 172.29.10.0/24, the
> latter
> is physically the same devices multihomed as 192.168.100.0/24.
>
> I realize my NAT is messed up and I'm wrapping my head around the
> literature
> pulled from Cisco (led to by links provided by you generous folks).
> Looks like I also need to look in depth at access lists. I'm taking baby
> steps but am slowly making progress.
>
> Would love to solicit comments/advice on the following:
>
> ip nat pool SCISANRTR001-natpool-1 64.172.228.155 64.172.228.158 netmask
> 255.255.255.224
> ip nat inside source list 101 pool SCISANRTR001-natpool-1 overload
> ip nat inside source static 172.29.10.20 64.172.228.154
> ip nat inside source static 192.168.100.20 64.172.228.132
> ip nat inside source static 192.168.100.135 64.172.228.135
> ip nat inside source static 172.29.20.20 64.172.228.133
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial0/0.1
> ip route 172.29.20.0 255.255.255.0 Serial0/1.474
> ip route 172.29.40.0 255.255.255.0 Serial0/1.474
> !
> logging history size 250
> logging history errors
> logging facility syslog
> access-list 100 permit ip 64.172.228.128 0.0.0.31 172.29.30.0 0.0.0.255
> access-list 100 permit ip 192.168.100.0 0.0.0.255 172.29.30.0 0.0.0.255
> access-list 101 deny   ip 192.168.100.0 0.0.0.255 172.29.30.0 0.0.0.255
> access-list 101 permit ip 192.168.100.0 0.0.0.255 any
> access-list 101 permit ip 172.29.10.0 0.0.0.255 any
> route-map nonat permit 10




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54274&t=54268
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: WAN Monthy Report [7:54362]

[Robert Edmonds]

I make up numbers based on the amount of calls that I can attribute to WAN
problems, place them in a presentation with lots of acronyms and long
technical words and e-mail them to my boss.  Then, if the boss has any
questions about the technical jargon, I look up the answer on the Bastard
Operator From Hell web site.  That usually works farily well.  :)-


""Tim Metz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> We use an Excel spreadsheet that counts up the minutes and displays your
> uptime as a percentage. Is that the kind of thing you are looking for?
It's
> very management friendly ;-)
>
> ""Azhar Teza""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > My boss has asked me to provide a monthly WAN reports regarding the
> > UpTime/Downtime, Data Throughput etc.  Does someone has a template in
> > regards of what other fields can be included in the report?  He would
like
> > to have a professional report. Thanks, Teza
> >
> > 
> > Changed your e-mail?  Keep your contacts!  Use this free e-mail change
of
> > address service from Return Path.  Register now!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54379&t=54362
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: SuperNetting [7:54403]

[Robert Edmonds]

The configuration you posted will result in a network that looks like the
information below.

SubnetMask Subnet Size Host Range
Broadcast
191.72.0.0 255.255.224.0 8190 191.72.0.1  to
191.72.31.254 191.72.31.255

""JohnZ""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can someone correct if I am wrong here
> 191.72.1.0
> 191.72.2.0
> 191.72.4.0
> 191.72.12.0
> 191.72.21.0
>
>
> Am I correct in supernetting this to 191.72.0.0 /19




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54404&t=54403
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX 501 config [7:54390]

[Robert Edmonds]

I don't have the config you want, but how about a link for configuration
help?

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/over
vw.htm


""NetEng""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I was trying to get FTP to work through my PIX and totally screwed things
> up. My PIX no longer passes the DNS info (from my ISP) to my clients and
NAT
> is not working the way it should. I've looked all over cisco for the
> solution but no dice. Can someone please email me the original config for
a
> PIX 501 (ver6.1). Thanks a million.
>
> NE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54407&t=54390
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Switching [7:54422]

[Robert Edmonds]

I'm currently studying for routing.  It looks to me as if OSPF is going to
give me the most trouble (I use EIGRP at work, also have used RIP, versions
1 and 2).  How bad was it?  Give it to me straight, Doc!
""Symon Thurlow""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Passed the exam yesterday, thanks to all on this list. Just silently
> lurking in the background, reading relevant posts has helped a lot when
> studying.
>
> 2 more to go for CCNP, BCRAN and Support, should be the easiest two.
>
> Cheers,
>
> Symon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54430&t=54422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lookee Lookie - new certifications!!!! [7:54435]

[Robert Edmonds]

I don't think it's accurate to say that Cisco, Microsoft and Novell have
contributed to the "paper cert syndrome".  They simply created
certifications in an effort to distinguish those who are familiar with their
products from those who don't.  The people who use brain-dumps and boot
camps are the real culprits.  They get the certifications that get them the
jobs, then prove they don't know what they're doing, and in turn it casts a
shadow of doubt on those who do (know what they're doing).  You can't blame
them.  Besides, all three have made their more recent certifications more
difficult with simulations, etc.  And I don't think many people doubt that
someone who has passed the CCIE lab knows at least enough to stumble through
and succeed.  Anyway, I think the idea is great, and I hope they succeed.  I
will definitely be in line to get my FCP certification.  Maybe it will be
the difference between me and that other guy.  Maybe you (not anyone
specific -- generally).

""Chuck's Long Road""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""Kevin Wigle""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > If you read further into the site you will that the FCPA is proposing to
> > deliver hands-on testing at both junior and senior levels of
> certification.
> >
> > They have buy in from the major vendors such as Cisco, Microsoft, Novell
> and
>
>
> CL: ironically, all three of the above have contributed mightily to the
> whole "paper cert" syndrome!
>
>
> > Red Hat.
> >
> > Both Novell and Red Hat and talking it up as the "capstone" to their
> certs,
> > but not as a replacement.
> >
> > People who have CCIE / CDE / RHCE certs will be awarded a FCPA cert
> without
> > being tested.
> >
> > Which is a bit funny as the list has from time to time "discussed" paper
> > CCIEs.
> >
> > Since the FCPA cert is just another lab, I don't know how it would be
> > different from any other.  It still doesn't "automatically" mean yoou
have
> > real world experience, just real lab experience.
> >
> > However, it is almost a daily discussion where I work about how someone
> has
> > some initials but can't seem to troubleshoot out of a paper bag.  Quite
> > often people are sent off on courses but are not "motivated" to take the
> > exam.  Anybody can sit at the back of the classroom and play solitaire -
> not
> > everyone passes the exam.
> >
> > A "hands-on" exam I think would be very beneficial as another tool to
> assess
> > a person's ability.  Still, as mentioned we will always be able to
debate
> > the "lab/real world" gambit but at least the whole discussion would be
on
> a
> > higher plane.
> >
> > However, being on a "vendor neutral" plain, anyone can walk in and take
> the
> > exam without pre-requisites.  This could be enhanced by having a real
> > pre-requisite of having the vendor's "paper" cert before attempting the
> lab.
> >
> > But this can be debated also.  On the site in one of the meeting minutes
> was
> > an interesting quote:
> >
>
http://www.fieldcertification.org/Composition/Steering_Committee_Meeting_Min
> > utes_06-18-01.htm
> >
> >  Eighty Pound Weight:  Mr. Brown commented that he believed a company
> could
> > spend a million dollars designing a multiple-choice test which
accurately
> > predicts whether a person is likely able to lift an eighty-pound weight
> or,
> > the test taker could prove this ability merely by being asked to lift an
> > eighty-pound weight.  Mr. Brown believed the FCPA. effort is attempting
to
> > have technology workers prove themselves by "lifting eighty pound
> weights."
> >
> >
> > I think I like what FCPA wants to accomplish but the devil is always in
> the
> > details and whether yet another certification will gain industry
> acceptance.
> >
> > In this regard, the FCPA seems to have attracted participation from a
lot
> of
> > the industry's top vendors so maybe the time is right for performance
> based
> > testing.
> >
> > Kevin Wigle
> >
> > - Original Message -
> > From: "Chuck's Long Road"
> > To:
> > Sent: Saturday, September 28, 2002 6:00 PM
> > Subject: Re: Lookee Lookie - new certifications [7:54435]
> >
> >
> > > check further into the site:
> > >
> > > http://www.fieldcertification.org/Field_Certification.htm
> > >
> > > read all about "field certification"
> > >
> > > also
> > >
> > > http://www.fieldcertification.org/How_It_Works.htm
> > >
> > > sure looks like a whole new level of certification to me.
> > >
> > > not that I disagree with the principal here. But the home page ( and
> > Cisco's
> > > site ) does talk about this
> > >
> > > "Get the Field Certified Professional (FCPT) credential to assert
> yourself
> > > as the real IT professional with actual skills and set your credential
> > apart
> > > from the paper ones! "
> > >
> > > Like I said - a whole new certification to certify that your
> certification
> > > is better than some "paper" certification.
> > >
> > > I can hardly wait.
> 

Re: Router Config [7:54479]

[Robert Edmonds]

Copy it to a text file, then print it.  There is no way to print it directly
from the router.

""Hamed Sedighi""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> How can I print my router configuration?
>
> Thanks,
> Hamed Sedighi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54483&t=54479
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Router Config [7:54479]

[Robert Edmonds]

Steven,
Thanks for the correction.  And I thought I was going to make it through
this weekend without learning something ;)

""Steven A. Ridder""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> There is a command "printer" under global config that allows you to send
> jobs to a printer.  I just looked it up and you need to understand the LPD
> Unix command to understand printer on a router.
>
>
> ""Robert Edmonds""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Copy it to a text file, then print it.  There is no way to print it
> directly
> > from the router.
> >
> > ""Hamed Sedighi""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi,
> > > How can I print my router configuration?
> > >
> > > Thanks,
> > > Hamed Sedighi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54489&t=54479
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Lookee Lookie - new certifications!!!! [7:54435]

[Robert Edmonds]

Here's another benefit I see from certifications like this:  there are
things that all of us know how to do, but if asked to walk someone through
it over the phone, couldn't do it.  For example, for me it would be DNS
configuration.  I can do it, but I can't tell YOU how to do it.  I know it
just well enough to kind of stumble through it and get it working.  And I
can get it working CORRECTLY.  It's just that I am weak in that area.  With
a performance based test in a lab situation, I could pass by getting it to
work, but I may not be able to answer the question correctly on paper.  And,
in my opinion, it's more important to be able to "walk the walk" than "talk
the talk".  What do you think?
""Kevin Cullimore""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> inline
> - Original Message -
> From: "Robert Edmonds"
> To:
> Sent: 29 September 2002 12:00 am
> Subject: Re: Lookee Lookie - new certifications [7:54435]
>
>
> > I don't think it's accurate to say that Cisco, Microsoft and Novell have
> > contributed to the "paper cert syndrome".  They simply created
> > certifications in an effort to distinguish those who are familiar with
> their
> > products from those who don't.
>
> As part of the process of actuating those certifications, they
commissioned
> tests containing questions that could be answered "correctly" without
> possessing an adequate knowledge of the subject matter. Even if you are
only
> concerned with their ability to gauge book learning, the questions have
> tended to fall far, far short of useful expectations.
>
> >The people who use
> brain-dumps and boot
> > camps are the real culprits.  They get the certifications that get them
> the
> > jobs, then prove they don't know what they're doing, and in turn it
casts
> a
> > shadow of doubt on those who do (know what they're doing).  You can't
> blame
> > them.  Besides, all three have made their more recent certifications
more
> > difficult with simulations, etc.  And I don't think many people doubt
that
> > someone who has passed the CCIE lab knows at least enough to stumble
> through
> > and succeed.  Anyway, I think the idea is great, and I hope they
succeed.
> I
> > will definitely be in line to get my FCP certification.  Maybe it will
be
> > the difference between me and that other guy.  Maybe you (not anyone
> > specific -- generally).
> >
> > ""Chuck's Long Road""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > ""Kevin Wigle""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > If you read further into the site you will that the FCPA is
proposing
> to
> > > > deliver hands-on testing at both junior and senior levels of
> > > certification.
> > > >
> > > > They have buy in from the major vendors such as Cisco, Microsoft,
> Novell
> > > and
> > >
> > >
> > > CL: ironically, all three of the above have contributed mightily to
the
> > > whole "paper cert" syndrome!
> > >
> > >
> > > > Red Hat.
> > > >
> > > > Both Novell and Red Hat and talking it up as the "capstone" to their
> > > certs,
> > > > but not as a replacement.
> > > >
> > > > People who have CCIE / CDE / RHCE certs will be awarded a FCPA cert
> > > without
> > > > being tested.
> > > >
> > > > Which is a bit funny as the list has from time to time "discussed"
> paper
> > > > CCIEs.
> > > >
> > > > Since the FCPA cert is just another lab, I don't know how it would
be
> > > > different from any other.  It still doesn't "automatically" mean
yoou
> > have
> > > > real world experience, just real lab experience.
> > > >
> > > > However, it is almost a daily discussion where I work about how
> someone
> > > has
> > > > some initials but can't seem to troubleshoot out of a paper bag.
> Quite
> > > > often people are sent off on courses but are not "motivated" to take
> the
> > > > exam.  Anybody can sit at the back of the classroom and play
> solitaire -
> > > not
> > > > everyone passes the exam.
> > > >
> > > > A "hands-on" exam I think would b

Re: Filter odd routes via wildcard bits - How?? [7:54496]

[Robert Edmonds]

Check out the following link for a free subnet mask and wildcard mask
calculator from boson.  I use it myself.

http://www.boson.com/promo/utilities.htm


""Brett spunt""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Great, detailed explanation !
>
> Thanks!
>
> Brett Michael Spunt
> Internetworking Engineer
> CCNP,MCSE,CIPT,CCNA,MCP,CNA,A+
> 818 734-6880 ext.59
> [EMAIL PROTECTED]
>
>
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Haakon Claassen (hclaasse)
> Sent: Sunday, September 29, 2002 1:28 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Filter odd routes via wildcard bits - How?? [7:54496]
>
>
> Hi
>
> Just do the binary  calculus
>
> 0.0.254.255  is  .  .  1110 .  
>
> apply that to your prefix 172.168.1.0
>
>
> the first two bytes (172 and 168) will have to match
> and  the last bit of the 3rd byte needs to be 1
>
> so that would be 172.168.1  .3   .5   .7 .8
> in the other case .0 .2 .4 .6  you have a 0 at that position
>
>
> These maches the routes to be denied (the odd ones)
> And the even gets permitted by the permit any
>
>
>
> In short
>subnet masks need to be contiguous 1 ones followed by contiguous
> zeros
>wildcards don't   1010 0111 .   . 1110 0111 . 1010 1010  is a
> valid wildcard ( 167.240.199.170)
>
> regs
>
>
>
>
> Haakon Claassen
> EMEA - IT Transport Services -WAN
>
> Cisco Systems
> De Kleetlaan 6b - Pegasus Park
> B-1831 Diegem (Belgium)
>
>
>
> -Original Message-
> From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
> Sent: zondag 29 september 2002 20:59
> To: [EMAIL PROTECTED]
> Subject: Filter odd routes via wildcard bits - How?? [7:54496]
>
> Hello,
>
> I am trying to understand how a wildcard mask of 0.0.254.255 filters odd
>
> routes so that only even routes get across the router.
>
> Ex. If you have routes for 172.168.1.0/24, 2.0/24, 3.0/24, 4.0/24,
> 5.0/24,
> 6.0/24 and you have an access-list of:
>
> #access-list 11 deny 172.168.1.0 0.0.254.255
> #access-list 11 permit any
>
> And a:
>
> #distribute-list 11 out
>
> This will allow only: 172.168.2.0/24, 4.0/24 and 6.0/24 routes out.
>
> Anyone can kindly explain the magic of this 0.0.254.255 wildcard?
>
> Thank you.
>
> Sincerely.
>
>
> BTW: Anyone know the link on this on CCO?
>
>
>
>
>
>
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54506&t=54496
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MPLS Vs EIGRP [7:54507]

[Robert Edmonds]

In a large organization, I would recommend OSPF anyway.  It's generally
considered to be more scalable the EIGRP.

""nrf""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> ""Chuck's Long Road""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > hey, friends, I'm always interested in learning something I didn't know
> > before. not claiming to know a whole lot about MPLS, but in terms of
> > operation, MPLS operates on top of a routing protocol, any routing
> protocol,
> > correct? Requires that CEF is enabled, at least in the Cisco world, but
> any
> > old routing protocol is fair game as the transport piece, correct?
> >
> > So to me, the question would become one of the relative merits of any
> > routing protocol, without the MPLS issue clouding it. I would think, but
> > what do I know?
>
>
> I got an even more fundamental question - why does MPLS require IP at all?
> At the risk of starting a religious way, it's not called Internet Protocol
> Label Switching, it's Multi-protocol label switching.  MPLS has
effectively
> become a feature of IP, as opposed to a generalized control-plane
mechanism
> for which is what it was originally intended.
>
>
>
> >
> > I suppose there are always the issue of interoperability.
> >
> > I would certainly appreciate the wisdom of the folks on this group.
> >
> > Chuck
> >
> >
> >
> > ""Kohli, Jaspreet""  wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > I am looking for a comparative design question: Why a large
corporation
> > > should or should not  use MPLS over  EIGRP . Any useful links will be
> > > greatly appreciated .
> > >
> > >
> > > Thanks as always
> > >
> > >
> > > Jaspreet
> > > _
> > >
> > > Consultant
> > >
> > >
> > > Andrew NZ Inc
> > > Box 50 691, Porirua
> > > Wellington 6230, New Zealand
> > > Phone +64 4 238 0723
> > > Fax +64 4 238 0701
> > > e-mail [EMAIL PROTECTED]
> > >
> > >
> > > WARNING:  The contents of this e-mail and any attached files may
contain
> > > information that is legally privileged and/or confidential to the
named
> > > recipient.  This information is not to be used by any other person
> and/or
> > > organisation.  The views expressed in this document do not necessarily
> > > reflect those of Andrew NZ Inc   If you have received this e-mail and
> any
> > > attached files in error please notify the sender by reply e-mail and
> > destroy
> > > your copy of this message.  Thank you.
> > >
> >
>
> --
> > --
> > > This message is for the designated recipient only and may
> > > contain privileged, proprietary, or otherwise private information.
> > > If you have received it in error, please notify the sender
> > > immediately and delete the original.  Any unauthorized use of
> > > this email is prohibited.
> >
>
> --
> > --




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54518&t=54507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: MLS issue - MSFC not learning switch address [7:54531]

[Robert Edmonds]

I get the exact same thing on my 6506's.  However, everything I've found on
Cisco's website leads me to believe this isn't an issue.  They haven't
specifically said that, but the MLS troubleshooting doesn't even mention it
(at least not that I've found).  Let me know if you find out anything.

Robert


""Hitesh Pathak R""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear Group,
>
> i m facing a piculiar problem. i have 2 cat 6509's switches as CORE
> connected back to back. Both the switches has 2 MSFC's (total four) as a
> redundent. I have configured HSRP between them and even enabled MLS on
both
> the switches.
>
> I have followed proper Cisco documentation for configuring MLS in cat6k
> environment. However when I am giving command "sh mls rp ip" on both my
> active MSFC's , it does not show the switch's mac address.
>
> When I issue command "sh mls" on the switch , it shows the MSFC15 as the
> designated router learned with some Vlan's MAC addresses as well. The
output
> of "sh mls rp ip" on MSFC looks like this :-
>
> router currently aware of following 0 switch(es):
>   no switch id's currently exists in domain
>
>
> can anybody help me debug this ??
>
>
>
>
> DISCLAIMER:
> Information contained and transmitted by this E-MAIL is proprietary to
Wipro
> Limited and is intended for use only by the individual or entity to which
it
> is addressed, and may contain information that is privileged, confidential
> or exempt from disclosure under applicable law. If this is a forwarded
> message, the content of this E-MAIL may not have been sent with the
> authority of the Company. If you are not the intended recipient, an agent
of
> the intended recipient or a  person responsible for delivering the
> information to the named recipient,  you are notified that any use,
> distribution, transmission, printing, copying or dissemination of this
> information in any way or in any manner is strictly prohibited. If you
have
> received this communication in error, please delete this mail & notify us
> immediately at [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54536&t=54531
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RADIUS Authentication [7:54628]

[Robert Edmonds]

I am trying to configure the MSFC2 on my 6506 to use RADIUS authentication
from my Windows 2000 Server.  What I would like is to have the MSFC
authenticate users using the RADIUS server on login.  I would also like a
backup account locally in case RADIUS authentication is not available.  If
it is possible, I would like to have a group (we'll call them netadmins)
that has level 15 access on the MSFC, while all others have restricted
access, to be defined later.
The backup account is already created, and is called switchadmin.  Can
somebody please help me with this configuration.  I have it configured now,
but I don't think it's configured properly, because when I log in, I can't
do anything.  No show run, no nothing.  :)
How about a little help here?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54628&t=54628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: would you attend a two day basics class? [7:54631]

[Robert Edmonds]

For $500, that sounds like a bargain.  I've never seen two day class offered
for that little.

""Neal Rauhauser""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Would you guys attend a two day, hands on basics class for Cisco
> routers?
>
>
>   I own an internet provider and starting tomorrow morning I am teaching
> a two day class for our installers and one enterprise customer. Topics
> covered would be more productivity focused than theory - ie these are
> the top ten things you'll have to do on basic installs and we're going
> to touch each one from the customer and provider side so you guys
> understand what you're doing.
>
>
>   This first thing kind of sprung up under my feet due to the enterprise
> customer wanting to get comfortable with their new four location VPN and
> the rest are tagging along - I am wondering if this is something I could
> put a little polish to and then offer to the masses. We're charging the
> attendees $500 for the two days - do you guys think something like this
> would fly as a regular offering via a community college, local computer
> store, etc???
>
>
>
>
>
>
> --
> Neal Rauhauser CCNP, CCDP voice: 402-301-9555
> mailto:[EMAIL PROTECTED] fcc  : k0bsd
> "I've seen the angels wearing their disguise,
> ordinary people leading ordinary lives" - Tracy Chapman




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54635&t=54631
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RADIUS Authentication [7:54628]

[Robert Edmonds]

Well, as it turns out, what I'm trying to accomplish can only be done using
TACACS.  So, I will have to use privilege levels within the switch to
restrict access.

""Robert Edmonds""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am trying to configure the MSFC2 on my 6506 to use RADIUS authentication
> from my Windows 2000 Server.  What I would like is to have the MSFC
> authenticate users using the RADIUS server on login.  I would also like a
> backup account locally in case RADIUS authentication is not available.  If
> it is possible, I would like to have a group (we'll call them netadmins)
> that has level 15 access on the MSFC, while all others have restricted
> access, to be defined later.
> The backup account is already created, and is called switchadmin.  Can
> somebody please help me with this configuration.  I have it configured
now,
> but I don't think it's configured properly, because when I log in, I can't
> do anything.  No show run, no nothing.  :)
> How about a little help here?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54710&t=54628
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP Recert [7:54787]

[Robert Edmonds]

Personally, I can't imagine being able to pass the CCIE R&S exam and not
being able to breeze through the CCNP stuff.  It may be different than
version 1, but I imagine you've probably been keeping fairly up to date with
this stuff since you're attempting your IE cert.

""ccnp ccnp2002""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> It may not work, what with all these new things that have been added.
>
> But I would imagine that if you have some money and get good practice
exams,
> it should do the job, especially if you have been working with the
> technologies.
>
> The best thing of all is that knowledge which you stuggled to get... you
> just need to refresh, even if you have not been using it!
>
> Good Luck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54793&t=54787
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX Confusion [7:54875]

[Robert Edmonds]

>From Cisco's website:



You can use the fixup command to change the default port assignments or to
enable or disable application inspection for the following protocols and
applications:

  a.. FTP


  b.. H.323


  c.. HTTP


  d.. ILS


  e.. RSH


  f.. RTSP


  g.. SIP


  h.. SKINNY (SCCP)


  i.. SMTP


  j.. SQL*Net


The basic syntax for the fixup command is as follows:

[no] fixup protocol [protocol] [port]
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/fixu
p.htm#xtocid2

The command would be
fixup protocol ftp 5051
And as far as changing your NAT statements, I believe as long as you use the
keyword ftp
in your commands, it will adjust to the port number change.
""NetEng""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a PIX 501 and get a single IP from my ISP. I would like to set up
an
> FTP conduit, but on port 5051. I can't find any docs on how to do this.
When
> I play around it it states that I have to change my NAT rules too. I still
> want all inside users access outside. Any info or links are appreciated.
>
> NetEng




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54886&t=54875
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ADSL Vs. SDSL [7:54909]

[Robert Edmonds]

The information afterwards is not my words.  I got it off of
www.examnotes.net.  It was written by a guy that frequents their forums who
works in the telecom industry, doing work related to WAN type installations,
including DSL.  Here's what he said about the subject:

ADSL. Asymmetric Digital Subscriber Line. A term for one-way T1 transmission
of signals to the home over the plain old, single twisted-pair wiring already
going to homes. ADSL modems attach to twisted pair copper wiring. ADSL is
often provisioned with greater downstream than upstream rates (hence
"asymmetric"). These rates are dependent on the distance a user is from the
central office and may vary from as high as 9 Mbps to as low as 384 Kbps.
HDSL. High bit-rate Digital Subscriber Line. The oldest of the DSL
technologies, HDSL continues to be used by telephone companies deploying T1
lines at 1.5 Mbps and requires two twisted pairs.
IDSL. ISDN Digital Subscriber Line. IDSL provides up to 144-Kbps transfer
rates in each direction and can be provisioned on any ISDN capable phone
line.
Unlike ADSL and other DSL technologies, IDSL can be deployed regardless of
the
distance the user is from the central office.
RADSL. Rate Adaptive Digital Subscriber Line. Using modified ADSL software,
RADSL makes it possible for modems automatically and dynamically to adjust
their transmission speeds. This often allows for good data rates for
customers
residing greater distances from the CO.
SDSL. Single-line Digital Subscriber Line or Symmetric Digital Subscriber
Line. A modified HDSL software technology, SDSL is intended to provide 1.5
Mbps in both directions over a single twisted pair. However, the distance
over
which this can be achieved is less than 8,000 feet.
VDSL. Very high-rate Digital Subscriber Line. The newest of the DSL
technologies, VDSL can offer speeds up to 25 Mbps downstream and 3 Mbps
upstream. Similar to SDSL, the gain in speed can be achieved only at short
distances. These maximum speeds can be achieved only up to 1,000 feet.
Sometimes also called broadband digital subscriber line (BDSL).
xDSL. A generic term for the suite of digital subscriber line (DSL) services,
where the "x" can be replaced with any of a number of letters. See also DSL,
ADSL, HDSL, IDSL, MDSL, RADSL, SDSL, VDSL.


""Brian Zeitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have 2 Verizon DSL lines, one is 1.5M down/128k up. The second is
> 768k/768k up and down. They both have dynamic IPs. My question is; Are
> these
> both ADSL lines? My boss thinkins the one 768k/768k is SDSL. I dont
> think it
> is, first of all, both lines have the same modem. If the one like was
> ADSL,
> and the other was SDSL there would be a different kind of modem. Or does
> SDSL require a modem at all? These are both Verizon lines, but i am
> confused
> on the naming. On my order it says they are both ADSL lines. Any input
> would
> be appreciated, is my boss right, or am I right?
>
>
>
> According to verizon's website ( I don't take this as the final word
> however)
>
>
>
> What is the difference between DSL technologies such as SDSL, ADSL,
> IDSL, etc.?
>
> Most small businesses are connected to an asymmetric (ADSL) line. ADSL
> matches the Internet utilization of most users by providing higher
> downstream capacity for browsing or downloading. Symmetric DSL (SDSL)
> is a variation of ADSL, but provides the user with the same speed for
> both downstream and upstream applications. Verizon Online Business DSL
> portfolio of DSL speeds provides our Business customers with solutions
> that meet their specific Internet application needs.
>
>
>
> Ok that being said, why can i use the same modem on the ADSL line and
> the SDSL line. Why do they make specific
>
> modems for SDSL if they are both the same technology?
>
>
>
> Thanks,
>
>
>
> Brian




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54917&t=54909
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: NAT question? [7:55043]

[Robert Edmonds]

Ok, consider this.  You have a server behind a router and you want others on
the Internet to be able to use the services on this server.  The server's IP
address is 172.16.1.10.  You have a block of IP address given to you by your
ISP.  The addresses are 192.1.1.1 - 192.1.1.14 (this implies a subnet mask
of 255.255.255.240).  Now, you want the users on the Internet to use the IP
address 192.1.1.2 to connect to your internal router.  Your router is on
interface Ethernet1 and your internet connection is on interface Serial0.1.
The point to point link between you and your ISP uses the address
192.1.1.16/30.  Your end is 192.1.1.17 and theirs is 192.1.1.18.  Your
config would look something like this.

interface Ethernet1

 description Ethernet Connection to WEBSERVER

 ip address 172.16.1.1 255.255.255.0

 ip nat inside

defines the Ethernet 1 interface as an inside address



interface Serial0.1 point-to-point

 description Full T-1 to ISP

 ip address 192.1.1.17 255.255.255.252

 no ip directed-broadcast

 ip nat outside

-defines Serial0.1 as outside



ip nat inside source static 172.16.1.10 192.1.1.2

-assigns the outside address of 192.1.1.2 to the server at 172.16.1.10



ip route 0.0.0.0 0.0.0.0 192.1.1.18

-default route, using ISP's router



ip route 192.1.1.2 255.255.255.255 Ethernet1

-if the server is directly connected to Ethernet1, route it this way



I hope this helps.


""Karl West""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Can some one give me an example of using  "ip nat inside destination" ?
> I know it enables NAT of the inside destination address. But I would
> like to see an
> example of how it is used. I check the cisco site but it doesn't go into
> detail or maybe
> I just didn't find it.
>
> Thanks
> Karl




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55051&t=55043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP dumps????????????? [7:55156]

[Robert Edmonds]

Nice racist attitude there.  Nothing like good ole American bigotry posted
all over the global Internet to win world favor.  Keep it up!!!

""Erwin""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Go and find it in your own country !
>
> ""Vinod Raju""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Could someone please tell me where to avail latest CCNP dumps especially
> for
> > BSCI (routing) and BSCSN (switching)?
> >
> > Please reply fast 
> >
> > Thanx in advance,
> >
> > Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55167&t=55156
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CCNP dumps????????????? [7:55156]

[Robert Edmonds]

I apologize for my outburst.  I did not mean to insinuate that ONLY
Americans can be racist.  In all fairness I will acknowledge that people
from any country can be equally racist, intolerant and ignorant.

""Howard C. Berkowitz""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 12:00 PM + 10/9/02, Erwin wrote:
> >Go and find it in your own country !
> >
> >""Vinod Raju""  wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >>  Could someone please tell me where to avail latest CCNP dumps
especially
> >for
> >>  BSCI (routing) and BSCSN (switching)?
> >>
> >>  Please reply fast 
> >>
> >>  Thanx in advance,
> >>
> >  > Raj
>
> I'm going to respond to this as a moderator. The particular messages
> did not show up in the moderator queue, so this is the first chance
> I've had to seen this.
>
> Raj, this list is very anti-dump.  First, it's not practical to
> memorize everything needed for the advanced exams.  Second, the
> majority of people here believe in working to understand, not
> memorizing.
>
> Erwin, any national references, other than perhaps to clarify
> language differences, often are inflammatory, and thus not
> appropriate to the list.
>
> --
> "What Problem are you trying to solve?"
> ***send Cisco questions to the list, so all can benefit -- not
> directly to me***
>


> Howard C. Berkowitz  [EMAIL PROTECTED]
> Chief Technology Officer, GettLab/Gett Communications
http://www.gettlabs.com
> Technical Director, CertificationZone.com http://www.certificationzone.com
> "retired" Certified Cisco Systems Instructor (CID) #93005
> books: Building Service Provider Networks (Wiley 2002), WAN
> Survival Guide (Wiley 2000), Building Routing and Switching
> Architectures for Enterprise Neworks (McMillan 1999), Building
> Addressing Architectures for Routing and Switching (McMillan 1998).




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55179&t=55156
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: E1 [7:55380]

[Robert Edmonds]

access-list rate-limit
To configure an access list for use with committed access rate (CAR)
policies, use the access-list rate-limit global configuration command. To
remove the access list from the configuration, use the no form of this
command.

access-list rate-limit acl-index {precedence | mac-address | exp mask mask}

no access-list rate-limit acl-index {precedence | mac-address | exp mask
mask}

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_refe
rence_chapter09186a0080087f36.html

""Hamed Sedighi""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> How can I restrict the bandwidth on some ports of E1 connection?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55382&t=55380
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: "set" IOS Command [7:55395]

[Robert Edmonds]

The only place I have experience with "set" commands is on CLI based
switches, such as the 4000, 5000, 6000 series.  On those platforms, instead
of having global and interface configuration modes, you do everything from
privileged exec mode using set commands.
What exactly are you trying to accomplish?  Maybe we can help you get there.

""Trevor Chandler""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello all, Has anyone ever used the "set" command that is available
ineither
> the USER or PRIVILEGE modes? The brief description provided by the IOS
> is:  Set system parameter (not config) The IOS doesn't provide any
> additional parameter information
> when I append the /?. I'm using an 804 router with IOS version
> 12.0(1)XB1. Thanks in advance to all who respond. Trevor C.
>
> 
>
> MSN Photos is the easiest way to share and print your photos: Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55402&t=55395
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Press [7:55482]

[Robert Edmonds]

I can't speak for all four, but I know I passed the switching exam using the
5xx series books.  The routing exam has added IS-IS, which is not covered in
the 5xx series books, so you may want to add that to your studying.  I'm not
sure about BCRAN and CIT.

""Irfan Hussain""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Does any one know when Cisco Press will be releasing the next set of Books
> for CCNP 6xx series? Whats the main difference between the 5xx series
exams
> for CCNP and the 6xx series? Can I still use the Cisco Press 5xx series
> books to pass the 6xx series CCNP tests?
> Thanks for all your help in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55494&t=55482
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: nat problem [7:55537]

[Robert Edmonds]

Two comments I would like to make.
1.  Richard, the gateway of last resort IS on the same network as E0/0.  The
subnet mask is 255.255.0.0.
2.  The route you added tells the router that 1.1.1.1 is out interface E0/0.
It's on E0/1.  So that definitely won't work.
If you remove the NAT statements, are you able to ping everything on both
sides?  If not, then you have a routing issue.  If so, then it is something
else.  Is there something missing from this config, like access-lists, etc.
that may be causing the problems?
If you are just wanting to NAT the one IP address, the first ip NAT line and
the associated access-list are unnecessary.  Try removing them from the
config and see what happens.

""bbfaye""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> hi eb,
> I met a problem here:
> a Cicsco 2611#:
>
> Router#show running-config
> Building configuration...
>
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname Router
> !
> !
> ip subnet-zero
> !
> interface Ethernet0/0
> ip address 10.1.2.3 255.255.0.0
> no ip directed-broadcast
> ip nat outside
> !
> interface Ethernet0/1
> ip address 192.168.1.254 255.255.255.0
> no ip directed-broadcast
> ip nat inside
> !
> ip nat inside source list 10 interface Ethernet0/0 overload
> ip nat inside source static 192.168.1.1 1.1.1.1
> ip classless
> ip route 0.0.0.0 0.0.0.0 10.1.255.254
> no ip http server
> !
> access-list 10 permit 192.168.1.0 0.0.0.255
> !
> line con 0
> transport input none
> line aux 0
> line vty 0 4
> login
> !
> end
>
> Router#
>
> -
> the server 1.1.1.1 can be connected fine from the outside  network,
> but if a host 192.168.1.5 from inside network want to ping 1.1.1.1,
> it fail with timeout.
>
> I thought it was the problem that nat creation address was not learn by
the
> router so I add : ip route 1.1.1.1 255.255.255.255 e0/0.it still not work.
>
> why.?how can I fix it?
> !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1&t=55537
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Firewall [7:55547]

[Robert Edmonds]

Naomi,
Try adding the following lines to your config
access-list acl_outside permit icmp any any echo-reply (hitcnt=7515)
access-list acl_outside permit icmp any any time-exceeded (hitcnt=911)
access-list acl_outside permit icmp any any unreachable (hitcnt=34292)

As far as pinging from outside to inside, though, you don't want to do that.
And if you are using private addresses on your inside network, you won't be
able to ping them from the Internet anyway.  Good luck.

Robert Edmonds
""Naomi James""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have a PIX 525. I am trying bring it up on my network.  It is installed
> virtually betrween my router and my ISP's router.  While testing, I
noticed
> that from an inside host, I could ping my inside interface on the PIX, but
> not the outside interface.  From the ISP, they could ping my outside
> interface but not my inside interface.  From the PIX I can ping  my
outside
> interface and beyond.
> Any suggestions?
>
> Naomi James
> Computer Services and Information Technology
> Savannah State University
> 912-356-2509
>
> [GroupStudy.com removed an attachment of type image/gif which had a name
of
> Mabelt.gif]
>
> [GroupStudy.com removed an attachment of type image/gif which had a name
of
> Mabelb.gif]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=0&t=55547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: nat problem [7:55537]

[Robert Edmonds]

Richard,
Can't be.  We geeks don't do that.  And if we do, we never admit it.

""Richard Botham""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Robert,
> Apologies - comes from reading too quickly :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55565&t=55537
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: adding new IOS to cat 4000 [7:55536]

[Robert Edmonds]

If you issue the command dir, do you see the file that you loaded via tftp?

""John Brandis""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> **
>
> visit http://www.solution6.com
>
> UK Customers - http://www.solution6.co.uk
>
> *
> This email message (and attachments) may contain information that is
> confidential to Solution 6. If you are not the intended recipient you
cannot
> use, distribute or copy the message or attachments.  In such a case,
please
> notify the sender by return email immediately and erase all copies of the
> message and attachments.  Opinions, conclusions and other information in
> this message and attachments that do not relate to the official business
of
> Solution 6 are neither given nor endorsed by it.
> *
>
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> I am stupid, so please laugh at your convienence. However, when I
> want to TFTP my new IOS config for my 4006, to what part of the flash
> to I copy to ? (i am guessing bootflash)
>
> If I try to enter the
>
> boot system bootflash filename
>
> the router has no idea what I am talking about.
>
> I have it already in flash via
>
> copy tftp flash filename
>
> Any idea's ?
>
> Thanks all
>
> not with it today.
>
> jb
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use
>
> iQA/AwUBPapqcAYJZoSdx3uGEQIkNgCfShCA4oD/bGom+z1l8Khr0Gv8D9cAn2xa
> 0qsHrT2/mNEVPW4R6ABxFJYS
> =YM5t
> -END PGP SIGNATURE-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55604&t=55536
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Visio Stencils [7:72054]

[Robert Edmonds]

I have the old file with the 3508 series if you need it.  Just let me know
where to e-mail it.

Robert

""Elijah Savage""  wrote in message
news:[EMAIL PROTECTED]
> Does anyone have visio stencils for Cisco 3500 series switches like the
> 3508's and 3548's, I use to have them but had to reinstall and now that I
> have done that Cisco has seemed to remove these products from their site.
> Here is where all the other stencils are and there is a 3500 series
> stencil but it only has 3550's in the zip file.
>
> http://www.cisco.com/en/US/customer/products/prod_visio_icon_list.html
>
> Any help in locating these would be appreciated.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72106&t=72054
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Speaking of PIX Translation Problems... [7:72573]

[Robert Edmonds]

John,
That's not so bad.  I have been aware of that fact for quite some time, but
still continue to forget to issue a clear xlate about half the time.  So
which is worse, ignorance or stupidity?

Robert

""John Neiberger""  wrote in message
news:[EMAIL PROTECTED]
> I thought I'd share an embarrassing moment from yesterday in hopes that
> others will learn from my mistake.
>
> I have a router on the outside of a firewall that needed to be upgraded
> after the advisory yesterday. In order to reach the TFTP server I needed
to
> add a static translation in the PIX. No problem. I should also mention
that
> this server is one of our internal DNS servers.
>
> The file transfer doesn't take long at all and I remove the conduit and
> static translation from the PIX as soon as I'm done. As far as I'm
concerned
> this is the end of it. I was wrong.
>
> We later start receiving reports that certain web pages have become
> inaccessible, while others are still responding. My first thought is that
> I've hosed something with the IOS upgrade, but after checking things out I
> was satisfied that everything there was working properly. So, I check the
> firewall logs which leads me to check the xlate table. Lo and behold, the
> static translation that I'd previously added--and removed--is still there!
> [I hear knowing laughter already.]  It's in the table but somehow traffic
is
> being hosed. Our DNS server is sending queries to our external server and
> replies are coming back, but something is wrong and communications
continue
> to fail. I clear the xlate table and all is immediately fixed. This caused
a
> fair amount of irritation with me but my boss was even more irritated.
>
> I presumed this was a 'feature' or a bug because it was my _assumption_
that
> the removal of the static translation from the config would also clear it
> from the xlate table. Wrong! I looked up the command on CCO and there is
> this little tidbit:
>
> "Usage Guidelines
>
> The clear xlate command clears the contents of the translation slots.
> ("xlate" means translation slot.) The show xlate command displays the
> contents of only the translation slots.
>
> Translation slots can persist after key changes have been made. Always use
> the clear xlate command after adding, changing, or removing the
aaa-server,
> access-list, alias, conduit, global, nat, route, or static commands in
your
> configuration."
>
> So, there are two morals to this story. First, don't get into the habit of
> making assumptions about commands that you think you're familiar with,
> because there may be unforeseen consequences. Second, don't get into the
> habit of making changes to critical production equipment even when you
think
> those changes are insignificant.
>
> Of course, I'll continue to make what I think are insignificant changes
but
> I'm going to be a lot more careful in the future.
>
> Let that be a lesson to you,
> John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72579&t=72573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]