Re: 802.1x authentication - minimal requirements? [7:74563]
Use the Doc CD online... it has a wealth of information: http://www.cisco.com/univercd/home/home.htm 2950: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12114ea1/2950scg/sw8021x.htm 3550: http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550scg/sw8021x.htm Cheers, Jeff Jsnatan ^. Jsnasson wrote in message news:[EMAIL PROTECTED] Hi, Im new to this list(first post, been watching it for a while though) I'm having a hard time trying to find the minimal requirements for 802.1x authentication. Like what version of Cisco Secure ACS do I need (is 3.0 enough?) Are all switches supported (like 3500XL for example) And what would be the minimal iso requirements for the 3500 (if supported) and 2950... Does anyone of you know this? Thanks in Advance - Jsnatan ^sr Jsnasson Net Admin [EMAIL PROTECTED] - **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74576t=74563 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: GroupStudy Server [7:74437]
Paul We would be happy to host the list for you if you would like. Ryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Borghese Sent: Thursday, August 28, 2003 11:58 AM To: [EMAIL PROTECTED] Subject: GroupStudy Server [7:74437] The server circuit breakers fired do to the continuous internet worm outbreaks. Please resend if you sent a message that did not appear on the list. Also, any recommendations for a LOW COST 1u server we may use to replace the current GroupStudy server? Thanks! Paul **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=7t=74437 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: DSL over Dry Copper [7:74117]
How do you order dry copper? Ryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 8:44 PM To: [EMAIL PROTECTED] Subject: Re: DSL over Dry Copper [7:74117] Dain Deutschman wrote in message news:[EMAIL PROTECTED] Hi All, Does anyone know if Cisco makes a product similar to the Pairgain Campus HRS or Celsian G250 LAN Extenders? I want to create a dsl connection over dry copper between two sites. Cisco reseller helpline was mildly helpfull. What are some of you using for this type of situation? I have heard it said that all you need to do is connect a couple of 827's and you are done. I don't know the specifics.. :- http://www.pbs.org/cringely/pulpit/pulpit20010823.html http://www.isp-planet.com/technology/homebrew_dsl.html one place I saw said to check out what alarm companies order - they use dry copper. or you can use the Long Reach ethernet product from Cisco at each end. I'm sure there are competitors. Thanks, -- Dain Deutschman ccnp, css-1, cnss infosec, mcp, cna Data Communications Manager New Star Sales and Service, Inc. **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74146t=74117 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: VPN Best Hardware to use? [7:73793]
You are right it is a service offering. Right now, we are using ISDN dial-up and would like to move to a full time connection. We would not be using the customerbs connection but will be installing a 144K IDSL or 192K SDSL line. What I am going to do on Friday in the lab ( If we get the lines from Covad on time) is use a 7200 at the head end and a 1700 on the other end run the IPSec and NAT on the 1700 and see how that goes. The only problem is I cannot find an IDSL WIC on CCO I only see an ADSL and SDSL. Ryan Message- From: [EMAIL PROTECTED] on behalf of Reimer, Fred Sent: Mon 8/11/2003 10:02 AM To: [EMAIL PROTECTED] Cc: Subject: RE: VPN Best Hardware to use? [7:73793] I would certainly hope that the remotes wouldn't use different platforms. I don't know the business model, but it sounds to me like it's some kind of service offering or something. Maybe they have a 2000 site Frame Relay network used to offer a service or something, and they want to switch to something more economical. Instead of paying monthly circuit fees, pay a one-time hardware cost (assuming they don't own the FR routers at the customer end) and use the customer's Internet connection. Why in the world would you want different hardware at each customer site in that situation? Standardize on one hardware platform, and build the cost of that hardware into the business model... If that's the case then the cost of a 3005 can be justified in a small number of months, depending on your FR cost. Certainly you would recoup your cost and start making more money, due to less operating cost, relatively quickly. Now, if this is something else, like a company with 2000 offices throughout the world, then I can see your point and you may end up with different requirements. But, that's not how it sounds so far. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 6:57 AM To: [EMAIL PROTECTED] Subject: RE: VPN Best Hardware to use? [7:73793] Despite all hw issues, you really need to - describe the business req's first - translate to technical req's (you are talking 2000+ sites) And you will see that you'll need more than one platform for de Remotes. Dependig on your hierarchy concerning - messaging - authentication - client-server - webapps - desktop/register maintenance/management - security man You will need to or may want to build an hierarchical design. Keep in mind that differen platfroms use different (HQ) fail-over or 2nd ip techniques. Martijn -Oorspronkelijk bericht- Van: Ryan Finnesey [mailto:[EMAIL PROTECTED] Verzonden: zondag 10 augustus 2003 4:36 Aan: [EMAIL PROTECTED] Onderwerp: VPN Best Hardware to use? [7:73793] I need to setup VPNs to about 2000 sites. Each site will have an IDSL line installed that will be used to connect to monitor network devices and servers. Some of the remote networks will be using the same network block. I am looking to know what the best hardware to use on each end is. On my end, would it be better to use a PIX or a 3030? On the remote end, I was looking at a PIX 501, SOHO 91 or the 831? Thank you Ryan **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form
RE: VPN Best Hardware to use? [7:73793]
That is a ADSL WIC or am I missing something? We are looking to use IDSL but can not find a router that supports 3DES and IDSL Ryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wed 8/13/2003 1:40 AM To: Ryan Finnesey; [EMAIL PROTECTED] Cc: Subject: RE: VPN Best Hardware to use? [7:73793] You mean? newest: DSL WAN Interface Cards WIC-1ADSL-I-DG 1-port ADSLoISDN WAN Interface Card cco partner login: http://www.cisco.com/en/US/partner/products/hw/routers/ps221/products_data_s heet09186a0080088713.html Martijn -Oorspronkelijk bericht- Van: Ryan Finnesey [mailto:[EMAIL PROTECTED] Verzonden: woensdag 13 augustus 2003 3:57 Aan: [EMAIL PROTECTED] Onderwerp: RE: VPN Best Hardware to use? [7:73793] You are right it is a service offering. Right now, we are using ISDN dial-up and would like to move to a full time connection. We would not be using the customerbs connection but will be installing a 144K IDSL or 192K SDSL line. What I am going to do on Friday in the lab ( If we get the lines from Covad on time) is use a 7200 at the head end and a 1700 on the other end run the IPSec and NAT on the 1700 and see how that goes. The only problem is I cannot find an IDSL WIC on CCO I only see an ADSL and SDSL. Ryan Message- From: [EMAIL PROTECTED] on behalf of Reimer, Fred Sent: Mon 8/11/2003 10:02 AM To: [EMAIL PROTECTED] Cc: Subject: RE: VPN Best Hardware to use? [7:73793] I would certainly hope that the remotes wouldn't use different platforms. I don't know the business model, but it sounds to me like it's some kind of service offering or something. Maybe they have a 2000 site Frame Relay network used to offer a service or something, and they want to switch to something more economical. Instead of paying monthly circuit fees, pay a one-time hardware cost (assuming they don't own the FR routers at the customer end) and use the customer's Internet connection. Why in the world would you want different hardware at each customer site in that situation? Standardize on one hardware platform, and build the cost of that hardware into the business model... If that's the case then the cost of a 3005 can be justified in a small number of months, depending on your FR cost. Certainly you would recoup your cost and start making more money, due to less operating cost, relatively quickly. Now, if this is something else, like a company with 2000 offices throughout the world, then I can see your point and you may end up with different requirements. But, that's not how it sounds so far. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 6:57 AM To: [EMAIL PROTECTED] Subject: RE: VPN Best Hardware to use? [7:73793] Despite all hw issues, you really need to - describe the business req's first - translate to technical req's (you are talking 2000+ sites) And you will see that you'll need more than one platform for de Remotes. Dependig on your hierarchy concerning - messaging - authentication
ISDN and SDS? [7:73940]
I need to make LD calls with an ISDN BRI line for a frame rely back up. I was told by ATT that I need to use SDS to make an LD call with an ISDN BRI line. The price per min per B ch is .27 but we can make and LD call on a 56K pots line for .3 are they right or just looking for $$? Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73940t=73940 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
VPN Best Hardware to use? [7:73793]
I need to setup VPNs to about 2000 sites. Each site will have an IDSL line installed that will be used to connect to monitor network devices and servers. Some of the remote networks will be using the same network block. I am looking to know what the best hardware to use on each end is. On my end, would it be better to use a PIX or a 3030? On the remote end, I was looking at a PIX 501, SOHO 91 or the 831? Thank you Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73793t=73793 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Interface Vlan 'x' is up, line protocol is down [7:73428]
If I enable any vlan interface other than vlan 1 it will not enter an protocol up state unless a physical interface that has vlan 'x' assigned to it. Why is that? vlan database vlan 2 ! interface FastEthernet0/1 switchport access vlan 2 no shutdown ! interface Vlan2 ip address 2.2.2.2 255.0.0.0 no shutdown If I were to plug a device into interface f0/1, interface vlan 2 will come up/protocol up. I change the access vlan to another vlan, interface vlan 2 will go down. I would appreciate any comments. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73428t=73428 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: TACACS - Cheap or Free [7:70764]
how about tac_plus from Cisco, also found on several other places around the 'net? It's free, and open source. -Original Message- From: Vance Krier [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 9:23 PM To: [EMAIL PROTECTED] Subject: TACACS - Cheap or Free [7:70764] Hey Group, I'm just looking for a cheap or free TACACS+ server. This doesn't need to be real powerful, just something I can use for playing around and possibly to put on customer sites for real quick and easy outbound http auth authentication purposes off a PIX. Thanks, Vance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70770t=70764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Sprint Internet Backbone and VoIP? [7:70665]
Is anyone using the Sprint Internet backbone for VoIP? If so how is it working and are you running the VoIP just in the states or outside of the states? Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70665t=70665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Sprint Internet Backbone and VoIP? [7:70665]
Yea that's what I have been told by Sprint but I can not find anyone that is running it. Also I need to find away to run VoIP in India and from what I can see they do not have a POP in India. Ryan -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED] Sent: Sunday, June 15, 2003 7:54 AM To: Ryan Finnesey Subject: Re: Sprint Internet Backbone and VoIP? [7:70665] Don't know of any customers actually using VOIP across the Sprintlink Backbone but should be no problem if one needed to !! From: Ryan Finnesey Reply-To: Ryan Finnesey To: [EMAIL PROTECTED] Subject: Sprint Internet Backbone and VoIP? [7:70665] Date: Sun, 15 Jun 2003 05:47:32 GMT Is anyone using the Sprint Internet backbone for VoIP? If so how is it working and are you running the VoIP just in the states or outside of the states? Ryan _ MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70668t=70665 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
remote management of routers? [7:70349]
Can anyone recommend a unit that I can rack mount and that would let me dial into a router via the AUX port? Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70349t=70349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: remote management of routers? [7:70349]
I am looking to manage routers when the DS1 or DS3 goes down so the only away I can get to the router is a POTTS line. -Original Message- From: Andrew Dorsett [mailto:[EMAIL PROTECTED] Sent: Sun 6/8/2003 1:38 PM To: Ryan Finnesey Cc: Subject: Re: remote management of routers? [7:70349] On Sun, 8 Jun 2003, Ryan Finnesey wrote: Can anyone recommend a unit that I can rack mount and that would let me dial into a router via the AUX port? Are you looking for just one or more ports? Perle makes a greatone that has SSH support for remote access. If you are looking for modem access just plug up an external modem to the port using the cisco adapters and console cable. Then configure the router to init the modem and answer it. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70358t=70349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: remote management of routers? [7:70349]
(AS2509-RJ-CH) we would be looking at $1600 each a bit high to manage one router but a nice setup if I have more then one. We are looking at offering a manageed router service for some ISP's in the states. Ryan - Original Message - From: Nathan To: [EMAIL PROTECTED] Sent: Sunday, June 08, 2003 6:39 PM Subject: RE: remote management of routers? [7:70349] What you can use is what's called a OOB switch. http://www.cisco.com/en/US/products/hw/iad/ps492/index.html I think that's what you might be looking for. -Nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Finnesey Sent: Sunday, June 08, 2003 1:53 PM To: [EMAIL PROTECTED] Subject: RE: remote management of routers? [7:70349] I am looking to manage routers when the DS1 or DS3 goes down so the only away I can get to the router is a POTTS line. -Original Message- From: Andrew Dorsett [mailto:[EMAIL PROTECTED] Sent: Sun 6/8/2003 1:38 PM To: Ryan Finnesey Cc: Subject: Re: remote management of routers? [7:70349] On Sun, 8 Jun 2003, Ryan Finnesey wrote: Can anyone recommend a unit that I can rack mount and that would let me dial into a router via the AUX port? Are you looking for just one or more ports? Perle makes a greatone that has SSH support for remote access. If you are looking for modem access just plug up an external modem to the port using the cisco adapters and console cable. Then configure the router to init the modem and answer it. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70371t=70349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Is 'troubleshooting campus netwroks' enough for CIT?? [7:66017]
I have read a part of this book. It seems to line up with the CIT. Will this be enough reading material to pass the CIT? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66017t=66017 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Is 'troubleshooting campus networks' enough for CIT [7:66045]
Yes, it is a retransmit. I have already taken the test and passed by the way! I have also used the book to pass a couple of Sniffer Test. I think it is great. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66045t=66045 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Is 'troubleshooting campus netwroks' enough for CIT?? [7:65732]
I have read a part of this book. It seems to line up with the CIT. Will this be enough reading material to pass the CIT? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65732t=65732 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Is 'troubleshooting campus netwroks' enough for CIT?? [7:65780]
Let me clear up the last statement. I always read at least two books before taking any exam. So if there is a subject I don't feel confident in I can pop open another book and see how this author views the subject matter. I am just wondering has any one else used this book to study for the exam. -Original Message- From: Newell Ryan D SrA 18 CS/SCBT [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 7:11 PM To: [EMAIL PROTECTED] Subject: Is 'troubleshooting campus netwroks' enough for CIT?? [7:65732] I have read a part of this book. It seems to line up with the CIT. Will this be enough reading material to pass the CIT? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65780t=65780 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65379]
Reading the CDP vulnerability link, I cannot determine how a hacker can trigger the attack. Reading the email trail it seems that you are worried about the info displayed in the frame. If that is what your company is trying to avoid, here is an idea. Why not disable it on a per port basis. That is a lot of work but every one gets what they want. On the links between network devices enable it and on the links to host disable it. That why a hacker jus cant 'plug in' and get the info. I know cisco has a the 'set port host' macro commands for CATOS that disables a lot of stuff. I wish that it encompassed disabling cdp. D -Original Message- From: Pistone, Mike [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 3:54 AM To: [EMAIL PROTECTED] Subject: RE: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65347] The NSA has an un-classified Securing Cisco Networks document that I found last year. I think it is linked off of www.nsa.gov somewhere. It is an excellent document dealing with all aspects of securing your network, including CDP I believe. From what I remember, it was developed for their use, but decided to release it to increase the security of the countries infrastructure. I just looked up the link -- it's at http://www.nsa.gov/snac/index.html Mike ___ Mike Pistone NASA - Russian Services Group Marshall Space Flight Center Huntsville, AL 35806 Ph: (256) 544-2915 Em: [EMAIL PROTECTED] -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 12:17 AM To: [EMAIL PROTECTED] Subject: RE: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65251] chris kane wrote: It recently came to my attention that my company may plan to disable all CDP in our network. The current vibe is that they see it as a security risk. My intent is to research this and provide a paper arguing for the use of CDP. The purpose for my post is to see if my opinions of the benefits of CDP are realistic (sanity check) and to see how others view CDP, weighing it's usefulness vs. any possible risk. I have already begun researching any security releases on CCO in regards to CDP. Initial scan shows a 'vulnerability' notice that Cisco most recently updated on Feb 12, 2003. This information can be found at this link: http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09 186a0080093ef0.shtml Looking at CDP from a troubleshooting tool perspective, I am all for it. I've personally been saved unknown hours tracing down a problem because CDP allowed me to bounce around the network quickly. Our network is not small. And as most people would agree, documentation is never what we all would like it to be. Therefore, I find that CDP's ability to display the network below Layer 3 is appreciated. So will a hacker appreciate CDP's ability to display information about the internetwork. I think that's the reasoning behind the security experts saying to turn it off. That is indeed the current vibe. I took a Cisco security class at the Usenix Security Symposium in August 2002. The instructor said to turn it off. Have you looked at the documents at the Center for Internet Security? They have benchmarks for Cisco security. They have 2 levels. Even with the less severe level, they say to turn off CDP. The Center for Internet Security tries to develop consensus on security measures. Their partners include The SANS Institute, the DoD Computer Emergency Response Team, NASA, National Institute of Standards and Technology, etc. Their Web site is here: http://www.cisecurity.org/ On the other hand, I think you could certainly make a good case for not disabling CDP. Being able to troubleshoot efficiently is just as important as security when considering network availability. A network that's broken and due to typical network problems is experiencing a denial of service just as bad as if a hacker had broken in. Good troubleshooting tools mean a more available network, there's no question. I hope others answer too. I know that all the security people say to turn it off and most people who actually work in the trenches say, Hunh? Priscilla Also from a tool perspective, I know CiscoWorks has tools to offer that utilize CDP. And I've seen software from other companies that does as well. Think Layer 2 traceroute capability. Looking at CDP from a multi-vendor platform perspective, I realize that it's often beneficial to turn off CDP on interfaces that connect to non-Cisco devices. No point in bothering a non-Cisco device with traffic that it can't process. But note, this is not turning off CDP globally per router/switch, but rather, disabling on an as-needed basis per interface. I'd like to hear other views and I'd appreciate feedback and opinions about this. Thanks, -chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65379t=65379
How to initiate a ssh from CATOS? [7:64556]
Trying to connect to another Cisco device via secure shell. I can do it from the IOS to CATOS. But I do not know the command to go from CATOS to any other device. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64556t=64556 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: FW: Ethernet Slot Time and Delay [7:63659]
Ms. Oppenheimer A Collegue of my pointed out to me that my wording my have seemed harsh. And that is why you slammed me for it. I did'nt think of it as a slamming just an expercience tech answering the newbie's questions. But if I offended you in any way, I apologize. I will also try and watch the way I word my questions. I know sometimes it seems I am being argrumentive. Its just when I have an understanding of a certain technology I tend to defend and back what I understand. I geuss I will work on that. Well thank you any way for answering by question! Thanks you too B.A. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 9:21 AM To: [EMAIL PROTECTED] Subject: RE: FW: Ethernet Slot Time and Delay [7:63659] Newell Ryan D SrA 18 CS/SCBT wrote: 500 Meters?? It's 2500 meters. In one example of such a network, there can be 5 segments, 4 repeaters (hubs), but only 3 segments can have end systems. That's the infamous 5-4-3 rule. It makes a lot of assumptions. Really, the size of the network depends on round-trip propagation delay for the particular equipment, cables, and cable lengths. Maybe I was wrong for thinking that. If my net was all 10 Base T, then with max 5 segments...500 meters. That's were I got that number from. Measuring the size of the collision domain is well under slot time. So I could technically extend the size of the network. The segment from the hub to the end station might be 100 meters, as that's how structured cabling is usually done. Between hubs probably isn't 100 meters, for what it's worth. In fact, it might be fiber-optic cabling. One of the things I ran into was the formula to use to calculate the round trip delay. With the formula in your book I came up with 210 bit times round trip for 500 meter 4 hub network. But with the definitive guide's method I got 362 bit times. When I was going back and forth between books I think I got lost somewhere. For a 100 meter cable they suggest 11.3 bit times. While you suggest 5 one-way or 10 round trip...very close. But they start with a base value. Example First segment would be 26.55 bit times instead of 11.3. The base value is 15.25. 15.25+11.3=26.55 bit times for the first segment. Technically, IEEE does say to add some DTE delay time, i.e. time at the stations themselves, both the sender and receiver. This is all documented in IEEE 802.3 documents, which are available for free from IEEE. It's not worth reading though (for this purpose I mean.) I think I understand the theory behind slot time. It takes a station 51.2 micro seconds to transmit the smallest frame. So station a needs to be notified by any other station if a collision was to happen while it was still transmitting. That's it. So when the first bit of station a's preamble hits station z (at the other side of the network) rx pins while station z was transmitting, it's first bit hits the repeater. The repeater is going to use collision enforcement to make all stations including station a is aware of the collision. This must happen before station a finishes transmitting the smallest Ethernet frame. I think that is it. So should bit time be the time it takes to transmit the preamble and 512 bits? The preamble doesn't count. It's used to recover timing. A station or repeater might not catch all of the preamble. It just has to see the pattern and the start of frame delimiter. A repeater regenerates the preamble, by the way. One more thing... A proper preamble should look like 10101010 or AA. I'm sure I read somewhere that a collision would appear with all 5's or C's. We used to see 55s on old coax networks. Never saw Cs though. How would that be possible if as soon as the repeater detects a collision it sends out a jam signal out all its ports? Then you would see alternating ones and zeros on the end of a frame. I have seen this, but not recently. My current NIC won't give me bad frames so even a sniffer doesn't give them to me. Also a frame with a bad CRC is suspect of a collision. The frame got damaged when the collision occured. How? If you know where I could get more reading on this that would be great! IEEE 802.3. Thanks for answering my questions! We are what we repeatedly do. Excellence, then, is not an act, but a habit.--Aristotle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63853t=63659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Ethernet Slot Time and Delay [7:63659]
500 Meters?? It's 2500 meters. In one example of such a network, there can be 5 segments, 4 repeaters (hubs), but only 3 segments can have end systems. That's the infamous 5-4-3 rule. It makes a lot of assumptions. Really, the size of the network depends on round-trip propagation delay for the particular equipment, cables, and cable lengths. Maybe I was wrong for thinking that. If my net was all 10 Base T, then with max 5 segments...500 meters. That's were I got that number from. Measuring the size of the collision domain is well under slot time. So I could technically extend the size of the network. One of the things I ran into was the formula to use to calculate the round trip delay. With the formula in your book I came up with 210 bit times round trip for 500 meter 4 hub network. But with the definitive guide's method I got 362 bit times. When I was going back and forth between books I think I got lost somewhere. For a 100 meter cable they suggest 11.3 bit times. While you suggest 5 one-way or 10 round trip...very close. But they start with a base value. Example First segment would be 26.55 bit times instead of 11.3. The base value is 15.25. 15.25+11.3=26.55 bit times for the first segment. I think I understand the theory behind slot time. It takes a station 51.2 micro seconds to transmit the smallest frame. So station a needs to be notified by any other station if a collision was to happen while it was still transmitting. So when the first bit of station a's preamble hits station z (at the other side of the network) rx pins while station z was transmitting, it's first bit hits the repeater. The repeater is going to use collision enforcement to make all stations including station a is aware of the collision. This must happen before station a finishes transmitting the smallest Ethernet frame. I think that is it. So should bit time be the time it takes to transmit the preamble and 512 bits? One more thing... A proper preamble should look like 10101010 or AA. I'm sure I read somewhere that a collision would appear with all 5's or C's. How would that be possible if as soon as the repeater detects a collision it sends out a jam signal out all its ports? Also a frame with a bad CRC is suspect of a collision. How? If you know where I could get more reading on this that would be great! Thanks for answering my questions! We are what we repeatedly do. Excellence, then, is not an act, but a habit.--Aristotle Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63659t=63659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Cant establish reverse telnet [7:63660]
Are you reverse telneting to the line the routers are connected to? -Original Message- From: McHugh Randy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: Cant establish reverse telnet [7:63660] It appears that I cannot establish a telnet session to my routers from the term server. How can I clear the line TS#sh ses % No connections open TS#r1 Translating r1 Trying r1 (1.1.1.1, 2097)... % Connection refused by remote host TS#r2 Translating r2 Trying r2 (1.1.1.1, 2098)... % Connection refused by remote host TS#clear line ? Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal TS#clear line thanks Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63665t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cant establish reverse telnet [7:63660]
Show users would have displayed the line. I think you piped in 'show session'. I think show session shows outgoing telnet connections. And show user shows connections on the lines...vty,aux,con and tty. -Original Message- From: McHugh Randy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 7:59 AM To: [EMAIL PROTECTED] Subject: RE: Cant establish reverse telnet [7:63660] I figured it out but dont really understand it. This is what I did line con 0 exec-timeout 0 0 logging synchronous line 97 112 no exec transport input all line aux 0 line vty 0 4 exec-timeout 0 0 password 7 060506324F41 login ! end TS#clear line 97 [confirm] [OK] Was it just the line 97 that was stuck? thx Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63666t=63660 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ethernet Slot Time and Delay [7:63581]
If two 10 Base T Ethernet stations transmit at the same they receive data on there receive pins. Will both stations send out a 32 bit jam sequence? If both stations do send a jam signal, why is the slot time closely related to round trip propagation delay? I would think it would be one way. Ethernet, The Definitive Guide page 182 they have some values to use to figure out propagation delay on 10 MB networks. There is a base value to start with and from there you add delay per meter. Why is the base value not zero? Also between segments the numbers do not make any sense. Going from Base to Max I understand but between segments. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63581t=63581 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Ethernet Slot Time and Delay [7:63581]
A collision could happen at the other end of the network segment. I thought on 10BaseT net a NIC was notified of a collision by its RX pin getting data. So if Station A was transmitting and it was on bit 27 and station B started TX and by the time it got Station As first bit and was on bit 2. Is the collision said to happen at the location the data crossed on the 'bus' or at the NIC? Back to exampleNow that Station B knows of the collision it will finish its preamble and will send a jam signal. So will Station A. I can see how round trip would make sense. News of the collision has to travel back to the senders. Would it be one of the senders sending jam signals? The signal travels outwards; the collision news travels back. Not really sure what you mean. I have been reading your book and the Ethernet book. I have been trying to figure this out all weekend. If a bit is 17.7 meters long and the max of a distance of a 10BaseT net is 500 meters with 4 hubs (20 bit times) that gives a grand total of 105 bit times. Is this the propagation delay of the cable? I've been trying to compare this to the definitive guides method and it is just not making sense in my mind. Seems like I'm over complicating a simple process. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 4:51 AM To: [EMAIL PROTECTED] Subject: RE: Ethernet Slot Time and Delay [7:63581] Some descriptions of Ethernet refer to a segment as one side of a hub, i.e. just one link. The propagation delay information for a hubbed networks takes into account the small amount of time for a repeater to repeat. The repeater doesn't do much, but it does regenerate the preamble and signal. A set of link segments connected via hubs is all one collision domain. Anyway, read my book! Please! :-) It covers all of this in gory detail. An earlier version of the Ethernet chapter is also available at http://www.certificationzone.com/. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Priscilla Oppenheimer wrote: Newell Ryan D SrA 18 CS/SCBT wrote: If two 10 Base T Ethernet stations transmit at the same they receive data on their receive pins. Will both stations send out a 32 bit jam sequence? Yes. If both stations do send a jam signal, why is the slot time closely related to round trip propagation delay? I would think it would be one way. A collision could happen at the other end of the network segment. News of the collision has to travel back to the senders. The signal travels outwards; the collision news travels back. The goal is to make sure that the sender is still sending when the news travels back, even if the news had to come from the far end of the network segment. If the sender weren't still sending, it wouldn't know that its transmission got damaged and wouldn't back off and retransmit. You would lose the feature of the NIC ensuring succussful transmission, which happens in a microsecond time span, and have to depend on an upper layer figuring out that there's a missing ACK, which happens in a millisecond or worse time span. So, slot time is dependent on round trip time because it considers the time for news of the collision to travel back. Both senders transmit a jam signal to busy out the network for another 32 bit times. At least one of them has to do it, but they can't know that the other one did, so they both do it. Your question doesn't make sense, but hopefully there's some info in that which will help you. Ethernet, The Definitive Guide page 182 they have some values to use to figure out propagation delay on 10 MB networks. There is a base value to start with and from there you add delay per meter. Why is the base value not zero? Even light in a vacuum takes some time to travel any distance. It travels 299,792,458 meters per second to be exact, but still, it's not zero. A signal on a network cable travels about 2/3 the speed of light. I don't know what base value you are referring to, but zero times anything is zero, so I doubt they could use a base value of zero regardless. Also between segments the numbers do not make any sense. Going from Base to Max I understand but between segments. A collision domain stops at the boundary between network segments. A network segment is devices connected via hubs or coax cable. In fact, it might help you to remember that Ethernet was originally a long bus, like a link of Christmas tree lights. The signal propagated outwards from the sender in both directions and travelled to the end of the segment, and hopefully not back if the segment was terminated correctly. But if there was a collision, the signal did bounce back. All hubs are is a way to gather this Christmas tree string of lights into a manageable structure. But when first learning CSMA/CD details, it helps to think
CEF on 6500 and ACLs [7:63175]
With CEF (PFC 2) if there is an adjacency for the destination host, to my understanding, that packet will never be routed. It should just be rewritten by the PFC 2 (SP). If this correct then these are my questions. 1. How does an IOS ACL affect the rewrite on the switch? 2. Where on the switch (SP) can I see that it knows an IOS ACL is there? 3. Is changing the flow mask on PFC 2(SP) just for Netflow stats. Applying an IOS ACL had no effect on the flow mask. 4. Do MLS commands have on MSFC change anything? Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63175t=63175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CEF on 6500 and ACLs [7:63175]
Do you have a good link. I would like to know more. Thanks. Why such a change from the PFC1/MSFC1. The concept you describe below seems to be a big change. I knew there were intergrating but I could still define the seperation between router and switch with the PFC1/MSFC1. GOTTA BE ON YOUR Ps and Qs or you get left behind. Thats why I love this job! -Original Message- From: Bob Sinclair [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 9:17 AM To: Newell Ryan D SrA 18 CS/SCBT; [EMAIL PROTECTED] Subject: Re: CEF on 6500 and ACLs [7:63175] Some comments in-line. It is becoming (has become?) very difficult if not impossible to tease out the switch from the router with PFC2/MSFC2. This box has the functions of both, and they are integrated in the hardware. For example, the Layer 2 switching engine, the Qos engine and the ACL engine are combined in the Lyra ASIC. With CEF (PFC 2) if there is an adjacency for the destination host, to my understanding, that packet will never be routed. It should just be rewritten by the PFC 2 (SP). If this correct then these are my questions. The packet is still routed, it just is never seen by the piece of hardware we call the MSFC 1. How does an IOS ACL affect the rewrite on the switch? 2. Where on the switch (SP) can I see that it knows an IOS ACL is there? On that part of the box (which is both switch and router) that we can view through the IOS window 3. Is changing the flow mask on PFC 2(SP) just for Netflow stats. YES, exactly. Applying an IOS ACL had no effect on the flow mask. YES, exactly 4. Do MLS commands have on MSFC change anything? I believe the MSFC2 can act as an RP for a Cat 5000 doing MLS. I believe the MLS commands there are for that purpose. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63193t=63175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CEF on 6500 and ACL?? [7:63136]
Running Hybrid mode SUPII/PFCII/MSFCII To my understanding with MLS (PFC 1), the IOS ACL determines the flow mask. And since it is route once switch many, any packets that match a deny statement will be denied and the enable packet will never make it. The full flow entry will not be in the MLS cache. With CEF (PFC 2) if there is an adjacency for the destination host, to my understanding, that packet will never be routed. It show just be rewritten by the PFC 2 (SP). If all this correct than these are my questions. 1. How does an IOS ACL affect the rewrite on the switch? 2. Where on the switch (SP) can I see that it knows an IOS ACL is there? 3. Is changing the flow mask on PFC 2(SP) just for Netflow stats. Applying an IOS ACL had no effect on the flow mask. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63136t=63136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: CEF on 6500 and ACL?? [7:63138]
Also do MLS commands on the MSFC do anything for CEF? -Original Message- From: Newell Ryan D SrA 18 CS/SCBT Sent: Monday, February 17, 2003 12:42 PM To: '[EMAIL PROTECTED]' Subject: CEF on 6500 and ACL?? Running Hybrid mode SUPII/PFCII/MSFCII To my understanding with MLS (PFC 1), the IOS ACL determines the flow mask. And since it is route once switch many, any packets that match a deny statement will be denied and the enable packet will never make it. The full flow entry will not be in the MLS cache. With CEF (PFC 2) if there is an adjacency for the destination host, to my understanding, that packet will never be routed. It show just be rewritten by the PFC 2 (SP). If all this correct than these are my questions. 1. How does an IOS ACL affect the rewrite on the switch? 2. Where on the switch (SP) can I see that it knows an IOS ACL is there? 3. Is changing the flow mask on PFC 2(SP) just for Netflow stats. Applying an IOS ACL had no effect on the flow mask. Thanks! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63138t=63138 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP Recertification [7:62038]
Yes, and I just reinforced my knowledge of this having just my CCNP expire this past Friday without taking the recert exam. Even though I have my CCDP, I have to take all CCNP tests over again. -Original Message- From: Bolton, Travis D [LTD] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 28, 2003 12:04 PM To: [EMAIL PROTECTED] Subject: CCNP Recertification [7:62038] Team, When you take the recert exam for your CCNP do you have to take it before your cert expires? If your cert expires before you take that test then does that mean you need to retake all 4 exams again? Travis Bolton Web Media CCNP,CCDA Try not to become a man of success, but rather try to become a man of value. - Albert Einstein Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62042t=62038 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet SYN/ACK pkt reply on TCP source port 3-6!!?? [7:61659]
I tried to telnet to a distant end 3660 router. Connection would timeout. I was able to ping the router from my PC. The router could telnet to the router that was between my PC and itself. Ran capture and the data yielded this IP Source 10.0.0.1 Destination 10.0.1.2 TCP SYN destination port 23 source port 2407 IP Source 10.0.1.2 Destination 10.0.0.1 TCP SYN/ACK destination port 2407 source port 6 IP Source 10.0.0.1 Destination 10.0.1.2 TCP RST destination port 6 source port 2407 10.0.0.1 is my PC and 10.0.1.2 is the distant end router. I believe the RST bit is set on the last packet because my PC is not listening to that port. So it closes this connections with the RST bit. We got it working. But the funny thing is. The user's 3660 had two interfaces. One on his LAN and one on my LAN. He was using NAT. He had ip nat outside on both interfaces. The inside interface was suppose to face my LAN. Once we removed NAT from the interface facing my LAN, I could telnet to that interface. The NAT string told the router to overload the interface facing my LAN. I understand that removing the misconfiguration fixed my first problem but why? - Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61659t=61659 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet SYN/ACK pkt reply on TCP source port 3-6!!?? [7:61661]
Never mind. I figured it out. Just had to write the problem out in an email to get my mind working. When I was capturing data the SYN/ACK source port would change from 1-6. That made me thank about how overloading works. The interface was configured as an outside interface. The overload IP was the IP of the interface I was attempting to telnet to. That's why layer 3 looked okay. But layer 4 threw me off. When my reply packets got subjected to the NAT translation process the router would change the source port according to the number of entires it had. That is why it would change from 1-6. Sorry for sending this in. I should of thought about it a little bit more :-( -Original Message- From: Newell Ryan D SrA 18 CS/SCBT Sent: Thursday, January 23, 2003 7:51 PM To: '[EMAIL PROTECTED]' Subject: Telnet SYN/ACK pkt reply on TCP source port 3-6!!?? I tried to telnet to a distant end 3660 router. Connection would timeout. I was able to ping the router from my PC. The router could telnet to the router that was between my PC and itself. Ran capture and the data yielded this IP Source 10.0.0.1 Destination 10.0.1.2 TCP SYN destination port 23 source port 2407 IP Source 10.0.1.2 Destination 10.0.0.1 TCP SYN/ACK destination port 2407 source port 6 IP Source 10.0.0.1 Destination 10.0.1.2 TCP RST destination port 6 source port 2407 10.0.0.1 is my PC and 10.0.1.2 is the distant end router. I believe the RST bit is set on the last packet because my PC is not listening to that port. So it closes this connections with the RST bit. We got it working. But the funny thing is. The user's 3660 had two interfaces. One on his LAN and one on my LAN. He was using NAT. He had ip nat outside on both interfaces. The inside interface was suppose to face my LAN. Once we removed NAT from the interface facing my LAN, I could telnet to that interface. The NAT string told the router to overload the interface facing my LAN. I understand that removing the misconfiguration fixed my first problem but why? - Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61661t=61661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The New CCIE Written [7:61507]
Hello, has anyone taken or passed the 350-001 exam recently? And if so, can you please tell me what books you would recommend for this new exam? Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61507t=61507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
I know the thread is about dead but until you get TACACS+ server there are some commands you could implement to help the situation. The port is being disabled for a reason. You can configure the port to renable after 30 secs. using the command set errdisable-timeout enable all set errdisable-timeout interval 30 'All' would cover all the possible reason. If you knew what was causing the port to disable you could implement certain commands to cease the err-disable all together. For example if collision was the culprit then the following command would stop the error disable. set option errport enable Here is a link the will go into more detail. http://www.cisco.com/warp/public/473/20.html -Original Message- From: Williams, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:33 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] Thanks for everyone's help. What I mean by reset ports is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- Williams, Dave wrote: I've been searching CCO most of the afternoon and can't seem to find the correct URL. I'm looking for a way to allow a technician to reset ports on a switch and look at interface stats, but not allow configuration access. For example, I know that user level 15 is the same as having the enable password and user level 1 is the same as a generic user, but I don't know what the other levels do for me. Thanks in advance for your help. Dave Williams Senior Network Engineer (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61239t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NETBIOS on WAN [7:61237]
IP helper will send NETBIOS broadcast and change the packet to a unicast to the address given. But I not really sure it will solve your problem. I have a few questions before I try to answer your question. 1. Is there a DHCP server involved? 2. Do have Domain Controllers? 3. Do you want the browse list to contain both networks? Last question is for everybody. Can the helper address be a directed broadcast vs a single IP address? -Original Message- From: Amazing [mailto:[EMAIL PROTECTED]] Sent: Friday, January 17, 2003 10:19 AM To: [EMAIL PROTECTED] Subject: Re: NETBIOS on WAN [7:61237] ip helper address on the ethernet interface of the remote router. this will change the nbns broadcast to a unicast directed at the remote lan Frederico Madeira wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hellow, how i configure an 2600 router to permit acess for network neighborhood to computers on the lan, in other words, how i make to see all computers of my WAN in network neighborhood of windows explore ? Fred Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61246t=61237 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3640 Router ATM PVC Problem [7:61077]
I think your right. I know some IOS versions use the 'atm pvc' command. So I agreewhat IOS version he is running is a key component to know to resolve this problem. -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 4:30 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 3640 Router ATM PVC Problem [7:61077] pvc x/y should work, which leads me to wonder about your IOS version. What are you running? what is the image name? I do not see an atm pvc command in the 12.1 command reference. also you mention something about connecting two 3640's back to back via an OC3 card? I'm not sure you can do that. someone smarter than I will provide a definitive answer, I'm sure. Ken Chipps wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am using a sample configuration from cisco that looks like this First command config t Second command ip routing Third command interface atm 1/0 Fourth command no shutdown Fifth command ip address 10.0.2.1 255.255.255.0 Sixth command pvc 1 32 Seventh command protocol ip 10.0.2.2 broadcast The sixth command is where it fails. It does not recognize the pvc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Tuesday, January 14, 2003 11:32 PM To: [EMAIL PROTECTED] Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077] What commands are you typing in? To create a PVC the syntax is int atm 1 atm pvc 6 0 106 aal5snap I think you are missing the 'atm' before pvc. There are several ways to hook the 3640s back to back. If they are within fastethernet distance limitations you could use the fastethernet interfaces. -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: Cisco 3640 Router ATM PVC Problem [7:61077] I am attempting to setup a PVC between two Cisco 3640 Routers connected back to back. The interface is an OC3 card. Whenever I issue the PVC command on the ATM interface it says a PVC is not supported. If I use the ? to see for supported commands for the interface, no PVC command is listed. Is there some software upgrade I need for this? Or is there some other way to conenct two 3640s back to back? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61087t=61077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3640 Router ATM PVC Problem [7:61077]
You said that you got the sample configuration from cisco. Do you have the link? I would like to look at something. My router supports both 'pvc' and 'atm pvc'. But 'pvc' has no vcd and only can operate with qsaal and ilmi. The 'atm pvc' does have a vcd and can support ilmi, qsaal, and all the atm adaptation layer protocols. Something else to look at! -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 5:59 AM To: [EMAIL PROTECTED] Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077] Thanks for the suggestions from everyone. I will check the software version tonight. I assumed this was the most recent version as we purchased these units only a few months ago, but perhaps not. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Amar Sent: Wednesday, January 15, 2003 1:59 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 3640 Router ATM PVC Problem [7:61077] lation_guide_chapter09186a00800e4789.html#xtocid39 http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_ refe rence_chapter09186a00800ca7db.html#xtocid5 check the above links, they have the info u need. rgds Daniel Cotts a icrit dans le message de news: [EMAIL PROTECTED] Here's a config from 11.3. Commands have changed quite a bit. Note that clocking must be provided on one end. If the cards are single-mode fiber he might have to attenuate the signal. interface ATM6/0 description Location no ip address no ip route-cache optimum atm clock INTERNAL ! interface ATM6/0.1 multipoint (could be point-to-point) description pvc to Data Center via XYZ fiber ip address aaa.bbb.7.250 255.255.255.252 secondary ip address 10.1.19.2 255.255.255.0 atm pvc 1 0 35 aal5snap map-group TGN appletalk cable-range 10119-10119 10119.2 appletalk zone ATM ! ! map-list TGN ip 10.1.19.1 atm-vc 1 broadcast ip aaa.bbb.7.249 atm-vc 1 broadcast appletalk 10119.1 atm-vc 1 broadcast -Original Message- From: Newell Ryan D SrA 18 CS/SCBT [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 2:58 AM To: [EMAIL PROTECTED] Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077] I think your right. I know some IOS versions use the 'atm pvc' command. So I agreewhat IOS version he is running is a key component to know to resolve this problem. -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 4:30 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 3640 Router ATM PVC Problem [7:61077] pvc x/y should work, which leads me to wonder about your IOS version. What are you running? what is the image name? I do not see an atm pvc command in the 12.1 command reference. also you mention something about connecting two 3640's back to back via an OC3 card? I'm not sure you can do that. someone smarter than I will provide a definitive answer, I'm sure. Ken Chipps wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am using a sample configuration from cisco that looks like this First command config t Second command ip routing Third command interface atm 1/0 Fourth command no shutdown Fifth command ip address 10.0.2.1 255.255.255.0 Sixth command pvc 1 32 Seventh command protocol ip 10.0.2.2 broadcast The sixth command is where it fails. It does not recognize the pvc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Tuesday, January 14, 2003 11:32 PM To: [EMAIL PROTECTED] Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077] What commands are you typing in? To create a PVC the syntax is int atm 1 atm pvc 6 0 106 aal5snap I think you are missing the 'atm' before pvc. There are several ways to hook the 3640s back to back. If they are within fastethernet distance limitations you could use the fastethernet interfaces. -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: Cisco 3640 Router ATM PVC Problem [7:61077] I am attempting to setup a PVC between two Cisco 3640 Routers connected back to back. The interface is an OC3 card. Whenever I issue the PVC command on the ATM interface it says a PVC is not supported. If I use the ? to see for supported commands for the interface, no PVC command is listed. Is there some software upgrade I need for this? Or is there some other way to conenct two 3640s back to back? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61142t=61077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations t
RE: Cisco 3640 Router ATM PVC Problem [7:61077]
It is amazing that the thread has gone for so long. I think some one has the answer. Angel's router does have a vcd. While the example from Cisco does not. How do you configure AAL protocol for this syntax? 'show version' -Original Message- From: Angel Leiva [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 7:25 AM To: [EMAIL PROTECTED] Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077] Ken, I have two 3660 routers connected back to back via an OC3 link in a lab environment. They are using IOS 12.0(7)T, IP Enterprise Version. You seem to be missing the VCD ( Virtual Channel Descriptor) between the pvc and the vpi/vci command entries. Also, the vpi/vci syntax appears to be incorrect in your configuration: Take a look at the ATM interface configs on my working routers: Router A: ! interface ATM1/0 ip address 10.10.10.2 255.255.255.0 no ip directed-broadcast ip ospf network point-to-point atm clock INTERNAL atm ilmi-keepalive pvc Dallas 1/100 I am using a sample configuration from cisco that looks like this First command config t Second command ip routing Third command interface atm 1/0 Fourth command no shutdown Fifth command ip address 10.0.2.1 255.255.255.0 Sixth command pvc 1 32 Seventh command protocol ip 10.0.2.2 broadcast The sixth command is where it fails. It does not recognize the pvc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Tuesday, January 14, 2003 11:32 PM To: [EMAIL PROTECTED] Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077] What commands are you typing in? To create a PVC the syntax is int atm 1 atm pvc 6 0 106 aal5snap I think you are missing the 'atm' before pvc. There are several ways to hook the 3640s back to back. If they are within fastethernet distance limitations you could use the fastethernet interfaces. -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: Cisco 3640 Router ATM PVC Problem [7:61077] I am attempting to setup a PVC between two Cisco 3640 Routers connected back to back. The interface is an OC3 card. Whenever I issue the PVC command on the ATM interface it says a PVC is not supported. If I use the ? to see for supported commands for the interface, no PVC command is listed. Is there some software upgrade I need for this? Or is there some other way to conenct two 3640s back to back? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61153t=61077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Cisco 3640 Router ATM PVC Problem [7:61077]
What commands are you typing in? To create a PVC the syntax is int atm 1 atm pvc 6 0 106 aal5snap I think you are missing the 'atm' before pvc. There are several ways to hook the 3640s back to back. If they are within fastethernet distance limitations you could use the fastethernet interfaces. -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: Cisco 3640 Router ATM PVC Problem [7:61077] I am attempting to setup a PVC between two Cisco 3640 Routers connected back to back. The interface is an OC3 card. Whenever I issue the PVC command on the ATM interface it says a PVC is not supported. If I use the ? to see for supported commands for the interface, no PVC command is listed. Is there some software upgrade I need for this? Or is there some other way to conenct two 3640s back to back? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61078t=61077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 3640 Router ATM PVC Problem [7:61077]
Try to add atm in front of that. -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 3:23 PM To: 'Newell Ryan D SrA 18 CS/SCBT'; [EMAIL PROTECTED] Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077] I am using a sample configuration from cisco that looks like this First command config t Second command ip routing Third command interface atm 1/0 Fourth command no shutdown Fifth command ip address 10.0.2.1 255.255.255.0 Sixth command pvc 1 32 Seventh command protocol ip 10.0.2.2 broadcast The sixth command is where it fails. It does not recognize the pvc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Tuesday, January 14, 2003 11:32 PM To: [EMAIL PROTECTED] Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077] What commands are you typing in? To create a PVC the syntax is int atm 1 atm pvc 6 0 106 aal5snap I think you are missing the 'atm' before pvc. There are several ways to hook the 3640s back to back. If they are within fastethernet distance limitations you could use the fastethernet interfaces. -Original Message- From: Ken Chipps [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: Cisco 3640 Router ATM PVC Problem [7:61077] I am attempting to setup a PVC between two Cisco 3640 Routers connected back to back. The interface is an OC3 card. Whenever I issue the PVC command on the ATM interface it says a PVC is not supported. If I use the ? to see for supported commands for the interface, no PVC command is listed. Is there some software upgrade I need for this? Or is there some other way to conenct two 3640s back to back? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61080t=61077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Connecting DSL to Synchronous Serial Port [7:60930]
Yes there is. From my experience with this I know that ADC sells a modular SDSL modem. You can use either an ethernet, RS-530, V.35, or RS-449 interface with this modem. The serial card is FLEX module with two data ports and 1 DSX port. The data port interfaces are a mini-SCSI 26 pin port. ADC offers a conversion cable(DB-26RS-530,V.35, or RS-449). The DTE side is female though, so you would need the male adapter of whatever standard you wanted to convert it to. A cisco male RS-530 to DB-60 would suffice if wanted to use RS-530. 'UP AND COMING' -Original Message- From: Mahler David [mailto:[EMAIL PROTECTED]] Sent: Monday, January 13, 2003 11:59 AM To: [EMAIL PROTECTED] Subject: Connecting DSL to Synchronous Serial Port [7:60930] Hi all, I'm trying to figure out if there is a way to connect SDSL service to a 2501 router through the Syncronous Serial port. If so what kind of cable is needed?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60991t=60930 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco PDM and Manual configuration [7:58555]
PDM gets messed up once in a while if command line changes are made. I cannot remember specifics of the scenarios in which this happens, however from the command line under config mode, clear pdm seems to keep things on track. It resets the PDM configuration and the next time PDM is run, it runs as though it has never been run before. -Original Message- From: Brian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 04, 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Cisco PDM and Manual configuration [7:58555] I have a quick question for the group. Normally I configure PIX's by hand, manual, straight forward configs. I seem to remember that it use to be a no-no to mix manual configuration of a PIX with PDM configuration, something about PDM getting confused, or the manual configuration getting hosed by PDM. Is it still that way, or is it safe to use PDM and then from time to time do something manual? Thanks, Brian -- --- Brian Feeny, CCIE #8036e: [EMAIL PROTECTED] Network Engineer p: 318.222.2638x109 ShreveNet Inc. f: 318.221.6612 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58557t=58555 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Programming Language for Network Engingeers. [7:58032]
Perl - Use it to do many things like parsing log files, parsing and even generating config files. Too many uses to list. Once you learn what perl is and what it can do, you WILL find uses for it. Expect - Use it to script things that otherwise would only be able to occur interactively with network devices, such as Telnet to a router, log on, dump the config to a tftp server. Or, create an expect script to log on to a router, copy tftp image to flash and reload, then set this to run via a cron job for an unattended router upgrade (yes, that is risky but some people can get away with it :-). If you run both on unix/linux, learn bash or whatever shell you plan on using because you will find many useful functions built into the shell. It isn't unrealistic to setup a generic unix/linux system with Perl, Expect and a TFTP server to to manage all of your device configs, images and logfiles. -Original Message- From: John Tafasi [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 10:28 AM To: [EMAIL PROTECTED] Subject: Programming Language for Network Engingeers. [7:58032] What programming languages a network engineer MIGHT need to perform his job? What do network engineers or adminiastrators do with a programming language? please elaborate I am looking to learn a couple of programming language that I may need on the job and I need you advice. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58040t=58032 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Programming Language for Network Engingeers. [7:58032]
I don't know of any specific books for Network Engineers, but I would start with the O'Reilly books on Perl and Expect. They are well written but general in nature. go to: http://www.oreilly.com/ And take a look at: Learning Perl, 3rd Edition Programming Perl, 3rd Edition Perl for System Administration Exploring Expect -Original Message- From: John Tafasi [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 12:58 PM To: Moffett, Ryan; [EMAIL PROTECTED] Subject: Re: Programming Language for Network Engingeers. [7:58032] This a nice answer, but do you know any book that specifically deal with programming for network engineers? - Original Message - From: Moffett, Ryan To: 'John Tafasi' ; Sent: Monday, November 25, 2002 10:20 AM Subject: RE: Programming Language for Network Engingeers. [7:58032] Perl - Use it to do many things like parsing log files, parsing and even generating config files. Too many uses to list. Once you learn what perl is and what it can do, you WILL find uses for it. Expect - Use it to script things that otherwise would only be able to occur interactively with network devices, such as Telnet to a router, log on, dump the config to a tftp server. Or, create an expect script to log on to a router, copy tftp image to flash and reload, then set this to run via a cron job for an unattended router upgrade (yes, that is risky but some people can get away with it :-). If you run both on unix/linux, learn bash or whatever shell you plan on using because you will find many useful functions built into the shell. It isn't unrealistic to setup a generic unix/linux system with Perl, Expect and a TFTP server to to manage all of your device configs, images and logfiles. -Original Message- From: John Tafasi [mailto:[EMAIL PROTECTED]] Sent: Monday, November 25, 2002 10:28 AM To: [EMAIL PROTECTED] Subject: Programming Language for Network Engingeers. [7:58032] What programming languages a network engineer MIGHT need to perform his job? What do network engineers or adminiastrators do with a programming language? please elaborate I am looking to learn a couple of programming language that I may need on the job and I need you advice. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58045t=58032 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CSS11800 for content network specialist on ebay $6 [7:57709]
can anyone believe how cheap these are going for? It makes it pretty reasonable to get one for the content network specialist certification. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2070179172 http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2066928817 $665 was the end price for one of these! Can anyone shed some light as to why the market value of these is so low? Ryan Moffett - CCNP, CCDP Senior Network Architect Sterling Commerce 4600 Lakehurst Ct. Dublin, OH 43016 phone: (614) 791-6448 cell: (614) 260-1442 email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57709t=57709 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: VTP modes Server/Client vs Transparent [7:57650]
Presently we run end to end vlans w/LANE. We are going to the gigabit ethernet design with end to end vlans. We plan for a slow migration to local vlans. Once the migration to local vlans is complete then a server/client model might be more efficient. Talking to another network professional, transparent mode seemed to be the only way during the transition period to local vlans. I really prefer transperent over the server/client model. But I don't want my ill advised emotions not to give the other side a fair chance. -Original Message- From: Zim [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 9:01 PM To: [EMAIL PROTECTED] Subject: Re: VTP modes Server/Client vs Transparent [7:57650] Like most networking problems it depends. How large is your switch domain? Are you doing End to End VLANs or Local? How large is your STP domain now? Will it grow larger? Here a link I would start with http://www.cisco.com/warp/customer/473/21.html ( stater for VTP) then hit this one http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm (covers GigE Design) Design solutions are usually need and resource driven...as for standards they change(some daily). JMHO Newell Ryan D SrA 18 CS/SCBT wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Network is migrating from ATM to Gigabit Ethernet. Transparent mode was default VTP for all distribution layer switches. We had hubs for all access layer switches. With the new migration to Gigabit switches would be at all access layer buildings. Would it be beneficial to run transparent abroad or a server/client model. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57736t=57650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VTP modes Server/Client vs Transparent [7:57650]
Network is migrating from ATM to Gigabit Ethernet. Transparent mode was default VTP for all distribution layer switches. We had hubs for all access layer switches. With the new migration to Gigabit switches would be at all access layer buildings. Would it be beneficial to run transparent abroad or a server/client model. Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57650t=57650 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CPU Utilization on Cat3548XL - a mystery.. [7:57494]
-Original Message- From: [EMAIL PROTECTED] [mailto:simonkc;netsol.co.in] Sent: Friday, November 15, 2002 8:51 AM To: [EMAIL PROTECTED] Subject: CPU Utilization on Cat3548XL - a mystery.. [7:57494] I have an out-of-the-box Catalyst3548XL switch .There are no user connections nor trunk connections on the switch...just a plain switch with a power chord But the CPU utilization shows a consistent 50%. Can anybody explain??? Thanks in advance, Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57504t=57494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CPU Utilization on Cat3548XL - a mystery.. [7:57494]
Strange, my sent items shows the URL I pasted, but the URL was cut out on the message to the group...what gives? Anyway, http://www.cisco.com/warp/customer/473/19.html should give you all you need. -Original Message- From: [EMAIL PROTECTED] [mailto:simonkc;netsol.co.in] Sent: Friday, November 15, 2002 8:51 AM To: [EMAIL PROTECTED] Subject: CPU Utilization on Cat3548XL - a mystery.. [7:57494] I have an out-of-the-box Catalyst3548XL switch .There are no user connections nor trunk connections on the switch...just a plain switch with a power chord But the CPU utilization shows a consistent 50%. Can anybody explain??? Thanks in advance, Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57512t=57494 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and USB ports [7:56862]
What would be a good way to manage the IX remotely ? Ryan, Greg Owens wrote: It is for future use. -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of Firesox Sent: Monday, November 04, 2002 8:04 PM To: [EMAIL PROTECTED] Subject: PIX and USB ports [7:56862] I would like to setup and outband connection to the pix 506E/515E thru the USB ports. I have USB modem hooked up to my pixs, but I cannot find the article to setup the USB ports. When dialin to the modem, it wouldn't respond... Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56865t=56862 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
forum.cisco.com ? [7:56734]
Does anyone know if the groups at forum.cisco.com can be access has news groups ? Ryan, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56734t=56734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Questions before tests [7:56452]
The way I interpret this is that the answers you provide will be evaluated against your score and performance for future development of tests, including future scoring mechanisms on exams that are authored. I don't think it is real-time modification of question pools or scoring criteria. I believe they are attempting to gather statistics to make sure the tests are updated properly as time goes on. For example, if someone has 1 year of experience, but can pass all of the CCNP tests, great, good for him. But if a high percentage of candidates with 1 year of experience can pass the CCPN tests, then they must evaluate why the tests are so easy to pass. It would make sense that they would want these kinds of statistics. This is purely my speculation as to the reasoning behind the pre-exam questions.. -Original Message- From: Kaminski, Shawn G [mailto:shawn.kaminski;eds.com] Sent: Tuesday, October 29, 2002 11:42 AM To: [EMAIL PROTECTED] Subject: RE: Questions before tests [7:56452] Although this topic has been discussed in the past, there seems to be disagreement on the correct answer. Personally, I have read the wording before some of the surveys and it actually says that your answers will be used to help determine scoring on the exam. I don't believe it determines what questions you get, only the scoring. Whether it's done on all the exams or just some, I don't know. How it's done, I also don't know. My guess is if you downplay your skills too much, you will be graded harder because your skills should match the certification you're trying to achieve. Regardless, don't downplay your skills too much and make sure you really know the material to be safe! :-) Shawn K. -Original Message- From: Aaron Ajello [mailto:aajello;yahoo.com] Sent: Tuesday, October 29, 2002 9:48 AM To: [EMAIL PROTECTED] Subject: Questions before tests [7:56452] I'm working on my CCNP, just have CIT to go and when I have taken the first three, I just kindof flew through the questions before the test where Cisco asks about your experience level, whether or not you can configure things on your own or need help with a coworker, etc. Is it true that your answers will determine how the test is graded or what types of questions you will get on the actual test? I thought it was merely a survey so Cisco could get an idea of what types of backgrounds people had who were taking their tests. But recently I read where someone says those questions will actually determine how Cisco tests you and which questions from the pool you will receive. This seems ridiculous to me, but I have to ask. thanks, Aaron Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56469t=56452 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATT MPLS netwo rk ? [7:56186]
Is anyone using ATT MPLS ( it is also called eVPN or IP-enabled Frame Relay )network to link offices and also running VoIP ? If so any problems ? I am looking to link office in India, Mexico New York and also Boston. Ryan. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56186t=56186 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATT MPLS netwo rk ? [7:56187]
Is anyone using ATT MPLS ( it is also called eVPN or IP-enabled Frame Relay )network to link offices and also running VoIP ? If so any problems ? I am looking to link office in India, Mexico New York and also Boston. Ryan. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56187t=56187 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NetIQ VoIP Manager Suite [7:56258]
Is anyone using VoIP Manager Suite to monitor VoIP ? Ryan, Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56258t=56258 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATT MPLS netwo rk ? [7:56047]
Is anyone using ATT MPLS ( it is also called eVPN or IP-enabled Frame Relay )network to link offices and also running VoIP ? If so any problems ? I am looking to link office in India, Mexico New York and also Boston. Ryan. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56047t=56047 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Three 24 Gbps Switching Engines at 18 Mpps (Layer2)!?! [7:54833]
What does this mean. I was looking at table 21-112. The difference between supervisor engine I and supervisor engine II is that the I has 24 Gbps switching engine and the II has three 24 Gbps. Yet the pps remains the same(18Mpps). Is there a direct correlation between the switching fabric and the switching throughput. If there is reading online that would be great. Here is the link I was referring to. http://www.cisco.com/univercd/cc/td/doc/pcat/ca4000.htm Ryan Newell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54833t=54833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AAA in console [7:54282]
How can I configure authorization on the console port? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54282t=54282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: AAA in console [7:54282]
I think the link is missing? Thanks btw -Original Message- From: Duncan Wallace [mailto:[EMAIL PROTECTED]] Sent: Friday, September 27, 2002 7:49 AM To: [EMAIL PROTECTED] Subject: RE: AAA in console [7:54282] Ryan - This is a great link for that, and a great overall document to have... Thanks, Duncan Wallace 12835 SW Thunderhead Way Beaverton, Or. 97008 503-646-5707 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Newell Ryan D SrA 18 CS/SCBT Sent: Thursday, September 26, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: AAA in console [7:54282] How can I configure authorization on the console port? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54289t=54282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: AAA in console [7:54282]
Nigel, Your first question I think is very key to my situation. I wanted local administrators to have minimal control via telnet and console. I was able to tailor these commands on the vty ports. I tried to apply the same commands to console and it did not work. I was informed that there was a hidden command,aaa authorization console, only in implemanted certian IOS images. Answering your first question, I think they should not have access to the console. The reason why I pose this question is for general knowledge. Is the aaa authorization console command what I'm missing. -Original Message- From: Nigel Taylor [mailto:[EMAIL PROTECTED]] Sent: Friday, September 27, 2002 8:33 AM To: [EMAIL PROTECTED] Subject: Re: AAA in console [7:54282] Ryan, I noted your earlier post on this topic and my first question is..What's the problem you're trying to solve? Configuring AAA on the console should be very straight forward, however this could very easily change based on your identified or outlined requirements. A couple of question; 1. who will be typically accesing the console? 2. What will be authenticating the user? TACACS+/RADIUS/the Router etc.. 3. Do you plan on using the local database should tacacs fail? 4. Will you have redundant/secondary tacacs/radius device? I've seen some enterprises where they prefered not to have any passwords configured on the local device short of the enable secret, which should survive a password checker like Getpass. Of course the console password was left outside the scope of AAA, as it provided the only way to access the device if the tacacs/radius server(s) were unreachable. HTH Nigel - Original Message - From: Newell Ryan D SrA 18 CS/SCBT To: Sent: Thursday, September 26, 2002 5:53 PM Subject: AAA in console [7:54282] How can I configure authorization on the console port? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54292t=54282 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ACS 2.6 dictionary [7:54043]
hi all, anybody know how i can update the dictionary files for Cisco ACS 2.6 running on windows NT or 2000 server ? any suggestion is apprecited. thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54043t=54043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Routed interfaces vs. Switched interfaces on 6500 [7:54170]
Referencing LAN Switching I have a question concerning routed vs. switched interfaces on the 6500 running in native IOS mode. If the diagram on page 832 is correct I'm confused about MLS. Does the PFC/NFFC have the ability of caching flows between an interface configured as a switched/routed interface?? Ryan Newell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54170t=54170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Routed interfaces vs. Switched interfaces on 6500 [7:54170]
Sort ofThe 6500 has two modes it can operate in. Hybrid Mode or Native IOS Mode. The Hybrid Mode allows the user to interface with the switch side using the catalyst XDI/CatOS image. So all ports are switched ports. I think this allows the caching method you speak of to take place. The Native IOS mode gives the user an all IOS feel. The interfaces default to routed interfaces. You have issue the switch mode access command to turn the interface into a port. The diagram in the book and I think something else I read before leads me to believe that MLS will not work between switched and routed interface on a 6500 running in Native IOS Mode. Just trying to clarify. Thanks for ANY input. Ryan -Original Message- From: Robert Edmonds [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 1:59 PM To: [EMAIL PROTECTED] Subject: Re: Routed interfaces vs. Switched interfaces on 6500 [7:54170] Ryan, If I understand your question, then I think I may be able to help. I believe what it means when it talks about caching flows, is that it caches the information about the flow -- particularly the path the flow will take. This makes it so the layer 2 portion of the switch doesn't have to send every packet to the router to make the layer 3 decision to route the packet. The basic process for MLS is like this. A stream of data comes into the router interface that is destined for a network other than the one it came in on, another VLAN. The switch sends the first packet in the flow to the MSFC (in the case of the 6500) to determine the path that should be taken to the remote network. The MSFC figures out how it should get to the remote network, sends the information to the switch, and the rest of the packets are switched using the information provided by the MSFC. Depending on the flow mask used, the next flow that comes through with the same destination address, may be able to be fast-switched (hope I used the right term) directly to the destination in question. Did I answer your question? Hope I have helped. Newell Ryan D SrA 18 CS/SCBT wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Referencing LAN Switching I have a question concerning routed vs. switched interfaces on the 6500 running in native IOS mode. If the diagram on page 832 is correct I'm confused about MLS. Does the PFC/NFFC have the ability of caching flows between an interface configured as a switched/routed interface?? Ryan Newell Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=54185t=54170 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Recall: Exec shell+console+AAA [7:53601]
Newell Ryan D SrA 18 CS/SCBT would like to recall the message, Exec shell+console+AAA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53601t=53601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Exec shell+console+AAA [7:53602]
Evening group, What I have a TACACS server and the setup we are trying to achieve goes as follows: I want the LAN admins to have minimal control on there switches in there area. We have accomplished that one the vty ports. Here is the config: Server user=test password=test12 service-shell set priv-level=15 service=shell default cmd=(permit/deny)And the commands we want are here. prohibit cmd=x cmd=y{ Switch aaa new-model aaa authentication login telnet group tacacs+ line none aaa authorization exec privilege group tacacs+ none aaa authorization commands 15 cmd group tacacs+ none line con 0 exec-timeout 5 0 password 7 x authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet stopbits 1 line vty 0 4 exec-timeout 5 0 authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet It works great for vty but not for console. I read somewhere about a hidden authorization command for console but it is not working. Here is a debug. xxx#debug aaa authorization *Mar 1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1 *Mar 1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0 *Mar 1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:37: AAA/AUTHOR: authenticated console user is permitted *Mar 1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 *Mar 1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 Failed attempts for console *Mar 1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1 *Mar 1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0 *Mar 1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser='' port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2' list='privilege' service=EXEC *Mar 1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test' *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd* *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+ (tacacs+) *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd* *Mar 1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status = PASS_ADD *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd* *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15 *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful Passed attempts for console I think my understanding of exec shell is what's hurting me. Any comments or advice would be greatly appreciated. SrA Ryan Newell 18th Communications Squadron Infrastructure Engineer CCNA, SCP 634-7999 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53602t=53602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Exec Shell + Console [7:53661]
Evening group, What I have a TACACS server and the setup we are trying to achieve goes as follows: I want the LAN admins to have minimal control on there switches in there area. We have accomplished that one the vty ports. Here is the config: Server user=test password=test12 service-shell set priv-level=15 service=shell default cmd=(permit/deny)And the commands we want are here. prohibit cmd=x cmd=y{ Switch aaa new-model aaa authentication login telnet group tacacs+ line none aaa authorization exec privilege group tacacs+ none aaa authorization commands 15 cmd group tacacs+ none line con 0 exec-timeout 5 0 password 7 x authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet stopbits 1 line vty 0 4 exec-timeout 5 0 authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet It works great for vty but not for console. I read somewhere about a hidden authorization command for console but it is not working. Here is a debug. xxx#debug aaa authorization *Mar 1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1 *Mar 1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0 *Mar 1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:37: AAA/AUTHOR: authenticated console user is permitted *Mar 1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 *Mar 1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 Failed attempts for console *Mar 1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1 *Mar 1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0 *Mar 1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser='' port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2' list='privilege' service=EXEC *Mar 1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test' *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd* *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+ (tacacs+) *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd* *Mar 1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status = PASS_ADD *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd* *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15 *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful Passed attempts for console I think my understanding of exec shell is what's hurting me. Any comments or advice would be greatly appreciated. Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53661t=53661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Exec Shell + Console [7:53661]
That would be nice but we have over 400 switches any several LAN admins who could t'shoot hubs but know they need minimal configuration control for t'shooting. -Original Message- From: nettable_walker [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Exec Shell + Console [7:53661] 9/19/2002 9:40pm Thursday You could just tell your LAN admins not to change anything on the switches. Newell Ryan D SrA 18 CS/SCBT wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Evening group, What I have a TACACS server and the setup we are trying to achieve goes as follows: I want the LAN admins to have minimal control on there switches in there area. We have accomplished that one the vty ports. Here is the config: Server user=test password=test12 service-shell set priv-level=15 service=shell default cmd=(permit/deny)And the commands we want are here. prohibit cmd=x cmd=y{ Switch aaa new-model aaa authentication login telnet group tacacs+ line none aaa authorization exec privilege group tacacs+ none aaa authorization commands 15 cmd group tacacs+ none line con 0 exec-timeout 5 0 password 7 x authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet stopbits 1 line vty 0 4 exec-timeout 5 0 authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet It works great for vty but not for console. I read somewhere about a hidden authorization command for console but it is not working. Here is a debug. xxx#debug aaa authorization *Mar 1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1 *Mar 1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0 *Mar 1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:37: AAA/AUTHOR: authenticated console user is permitted *Mar 1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 *Mar 1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 Failed attempts for console *Mar 1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1 *Mar 1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0 *Mar 1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser='' port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2' list='privilege' service=EXEC *Mar 1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test' *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd* *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+ (tacacs+) *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd* *Mar 1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status = PASS_ADD *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd* *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15 *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful Passed attempts for console I think my understanding of exec shell is what's hurting me. Any comments or advice would be greatly appreciated. Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53684t=53661 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IOS upgrade/Strange services [7:53492]
...an inbound ACL on the interfaces you want to protect would effectively kill access to these ports, but some of the ports you have mentioned are difficult to explain and lack command-line parameters to control, like biff for instance. Biff happens to run on UDP port 512. Can you duplicate your scan results with another tool such as nmap? Sometimes tools that use various techniques to detect open ports, especially UDP ports sometimes result in false positives. TCP connection attempts to detect open TCP ports are usually very accurate. Some of the services below appear to be TCP and UDP. Can you specify if they are TCP or UDP ports? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 2:15 PM To: [EMAIL PROTECTED] Subject: RE: IOS upgrade/Strange services [7:53492] I'm running 12.2(11)T ip/fw/ids/3DES. The scan came back with Cu-seeme, talk, tftp, rpc-nfs, rwho, biff, name, rpc-portmapper, rwho, snmp-agent, syslog, dhcp, dns, etc... Since the router is fundamentally a unix box I can see this happening... How the heck do ya shutdown the services? Also tried shutting down the VoIP stuff... No go! I didn't think an ACL would be useful given the services appear to be running on the router itself. Kinda like stopping a service on a *nix or windoz computer. Plz lemme know your thoughts version 12.2 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Lhotse no logging console aaa new-model ! aaa authentication login ops line aaa session-id common enable secret enable password ! ip subnet-zero no ip source-route ! no ip domain lookup ip domain name abnamrousa.com ! no ip bootp server ip audit notify log ip audit po max-events 100 ! mta receive maximum-recipients 0 ! interface Ethernet0/0 ip address x.x.x.x 255.255.255.0 ip access-group 2 out ip nat inside half-duplex no cdp enable ! interface Serial0/0 bandwidth 1536 no ip address no ip redirects no ip unreachables encapsulation frame-relay IETF no ip route-cache no ip mroute-cache no fair-queue service-module t1 timeslots 1-24 frame-relay lmi-type ansi ! interface Serial0/0.1 point-to-point bandwidth 1536 ip address y.y.y.y 255.255.255.252 ip access-group 1 in no ip redirects no ip unreachables ip nat outside no ip route-cache no ip mroute-cache no cdp enable frame-relay interface-dlci 501 IETF ! interface Ethernet0/1 no ip address shutdown half-duplex no cdp enable ! interface Serial0/1 no ip address no keepalive shutdown no cdp enable ! ip classless no ip http server ! access-list 1 deny 65.204.141.10 access-list 1 deny 65.204.68.194 access-list 1 deny 65.204.132.5 access-list 1 deny 65.3.0.83 access-list 1 deny 65.204.176.42 access-list 1 deny 80.132.79.133 access-list 1 deny 65.5.36.66 access-list 1 deny 65.0.13.111 access-list 1 deny 65.204.21.189 access-list 1 deny 65.204.103.194 access-list 1 deny 65.204.95.250 access-list 1 deny 65.204.103.196 access-list 1 deny 65.204.39.133 access-list 1 deny 65.204.232.83 access-list 1 deny 65.204.212.31 access-list 1 deny 65.196.200.11 access-list 1 deny 65.115.13.98 access-list 1 deny 65.204.39.244 access-list 1 deny 65.204.222.51 access-list 1 deny 65.204.219.50 access-list 1 deny 65.195.0.229 access-list 1 deny 65.204.176.77 access-list 1 deny 65.204.135.120 access-list 1 deny 65.204.57.200 access-list 1 deny 64.168.217.182 access-list 1 deny 65.204.38.59 access-list 1 deny 65.204.73.87 access-list 1 deny 65.204.0.30 access-list 1 deny 65.204.118.100 access-list 1 deny 65.204.220.227 access-list 1 deny 65.204.61.3 access-list 1 deny 65.204.29.36 access-list 1 deny 65.204.135.200 access-list 1 deny 65.204.135.205 access-list 1 deny 65.204.240.181 access-list 1 deny 65.204.135.209 access-list 1 deny 65.204.135.214 access-list 1 deny 65.204.160.201 access-list 1 deny 65.204.160.200 access-list 1 deny 65.204.103.2 access-list 1 deny 65.204.160.199 access-list 1 deny 65.204.160.198 access-list 1 deny 65.204.160.195 access-list 1 deny 65.204.202.180 access-list 1 deny 65.204.202.179 access-list 1 deny 65.204.49.67 access-list 1 deny 65.204.125.0 0.0.0.255 access-list 1 permit any access-list 2 deny 199.172.158.0 0.0.0.255 access-list 2 deny 128.242.104.0 0.0.0.255 access-list 2 permit any access-list 13 permit x.x.x.x no cdp run ! no call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 access-class 13 in password login authentication ops transport input ssh ! end -Original Message- From: Mark W. Odette II [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 11:14 AM To: [EMAIL PROTECTED] Subject: RE: IOS upgrade/Strange services [7:53492] What's the version of IOS? What's your Access-lists look like?? Truthfully, AFAIK, the only way that all of those
Exec shell+console+AAA [7:53590]
Evening group, What I have a TACACS server and the setup we are trying to achieve goes as follows: I want the LAN admins to have minimal control on there switches in there area. We have accomplished that one the vty ports. Here is the config: Server user=test password=test12 service-shell set priv-level=15 service=shell default cmd=(permit/deny)And the commands we want are here. prohibit cmd=x cmd=y{ Switch aaa new-model aaa authentication login telnet group tacacs+ line none aaa authorization exec privilege group tacacs+ none aaa authorization commands 15 cmd group tacacs+ none line con 0 exec-timeout 5 0 password 7 x authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet stopbits 1 line vty 0 4 exec-timeout 5 0 authorization commands 15 cmd authorization exec privilege login authentication telnet transport input telnet It works great for vty but not for console. I read somewhere about a hidden authorization command for console but it is not working. Here is a debug. KAD-UE-1474-D#debug aaa authorization *Mar 1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1 *Mar 1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0 *Mar 1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:15:37: AAA/AUTHOR: authenticated console user is permitted *Mar 1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 *Mar 1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser='' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 Failed attempts for console *Mar 1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1 *Mar 1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0 *Mar 1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser='' port='tty2' rem_addr='132.15.64.27' authen_type=ASCII service=LOGIN priv=1 *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2' list='privilege' service=EXEC *Mar 1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test' *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd* *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege *Mar 1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+ (tacacs+) *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd* *Mar 1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status = PASS_ADD *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd* *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15 *Mar 1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful Passed attempts for console I think my understanding of exec shell is what's hurting me. Any comments or advice would be greatly appreciated. SrA Ryan Newell 18th Communications Squadron Infrastructure Engineer CCNA, SCP 634-7999 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=53590t=53590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Duplicate packets with same SEQ #'s... [7:53024]
Is it possible that you are doing a dump on a link that the packet must transverse to and fro to get to the destination. You stated that you did this dump off of one of your core switches. I'm assuming your spanning or port mirroring the port or vlan possibly. If these PC's are on separate networks..see what I'm saying. Well if you don't here goes. If you have a switch connected to a router using some kind of trunking capability(or internal router) and the user's are on separate VLAN/subnets. They must cross the router to get to each other. Thus when you do a dump you will see the same packet come across twice. If you have a protocol analyzer you should see the mac address change as it crosses the router. I only believe my theory to be true if the PC's are on separate sub networks. Hope this helps D -Original Message- From: Neil Desai [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 11:59 AM To: [EMAIL PROTECTED] Subject: Re: Duplicate packets with same SEQ #'s... [7:53024] We have a similar situation in our network. We have proxy arp turned on and it is causing the same thing. Neil r34rv13wm1rr0r wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This is from a tcpdump off of one of my core switches. It appears that it is logging a duplicate packet with the same SEQ #. Does any one have any idea why this is occuring? Thanks, A 11:18:04.688408 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 1:65(64) ack 49 win 8320NBT Packet (DF) 11:18:04.688409 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 1:65(64) ack 49 win 8320NBT Packet (DF) 11:18:04.688643 172.X.103.10.netbios-ssn 172.X.15.15.1503: P 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF) 11:18:04.688644 172.X.103.10.netbios-ssn 172.X.15.15.1503: P 0:107(107) ack 1 win 8608NBT Packet (DF) 11:18:04.688645 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 65:119(54) ack 98 win 8271NBT Packet (DF) 11:18:04.688646 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 65:119(54) ack 98 win 8271NBT Packet (DF) 11:18:04.63 X.X.6.3.http 172.X.14.50.1123: . ack 4294967295 win 8155 (DF) 11:18:04.65 X.X.6.3.http 172.X.14.50.1123: . ack 4294967295 win 8155 (DF) 11:18:04.66 172.23.27.10.3021 172.X.15.10.netbios-ssn: P 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF) 11:18:04.67 172.23.27.10.3021 172.X.15.10.netbios-ssn: P 0:160(160) ack 1 win 7515NBT Packet (DF) 11:18:04.68 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 119:173(54) ack 147 win 8222NBT Packet (DF) 11:18:04.69 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 119:173(54) ack 147 win 8222NBT Packet (DF) 11:18:04.688890 172.X.15.15.1503 172.X.103.10.netbios-ssn: P 1:161(160) ack 107 win 7996NBT Packet (DF) 11:18:04.688891 172.X.15.15.1503 172.X.103.10.netbios-ssn: P 1:161(160) ack 107 win 7996NBT Packet (DF) 11:18:04.689183 172.X.15.10.netbios-ssn 172.23.27.10.3021: P 1:129(128) ack 160 win 8138NBT Packet (DF) 11:18:04.689185 172.X.15.10.netbios-ssn 172.23.27.10.3021: P 1:129(128) ack 160 win 8138NBT Packet (DF) 11:18:04.689186 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 173:255(82) ack 196 win 8173NBT Packet (DF) 11:18:04.689187 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 173:255(82) ack 196 win 8173NBT Packet (DF) 11:18:04.689188 172.X.15.151.ssh 172.X.53.186.1219: P 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos 0x10] 11:18:04.689189 172.X.15.151.ssh 172.X.53.186.1219: P 0:92(92) ack 1 win 9648 (DF) [tos 0x10] 11:18:04.689192 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 255:309(54) ack 245 win 8124NBT Packet (DF) 11:18:04.689193 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 255:309(54) ack 245 win 8124NBT Packet (DF) 11:18:04.689608 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 309:363(54) ack 294 win 8075NBT Packet (DF) 11:18:04.689609 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 309:363(54) ack 294 win 8075NBT Packet (DF) 11:18:04.689610 172.X.243.6.printer 172.X.240.10.723: . ack 4096314569 win 2144 11:18:04.689610 172.X.243.6.printer 172.X.240.10.723: . ack 1 win 2144 11:18:04.689611 172.X.53.186.1219 172.X.15.151.ssh: P 1:45(44) ack 92 win 16724 (DF) 11:18:04.689612 172.X.53.186.1219 172.X.15.151.ssh: P 1:45(44) ack 92 win 16724 (DF) 11:18:04.689614 172.X.61.103.1066 172.X.15.49.netbios-ssn: P 294:343(49) ack 363 win 7380NBT Packet (DF) [tos 0x4] 11:18:04.718183 172.X.61.103.1066 172.X.15.49.netbios-ssn: P 6762:6811(49) ack 8223 win 8397NBT Packet (DF) [tos 0x4] 11:18:04.718187 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 8223:8287(64) ack 6811 win 7438NBT Packet (DF) 11:18:04.718188 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 8223:8287(64) ack 6811 win 7438NBT Packet (DF) 11:18:04.718423 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 8287:8341(54) ack 6860 win 7389NBT Packet (DF) 11:18:04.718424 172.X.15.49.netbios-ssn 172.X.61.103.1066: P 8287:8341(54) ack 6860 win 7389NBT
Re: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52165]
Actually, I thought/read/heard that CCIE #1025 (aka the first CCIE) was/is Jeff Buddemeier, technical lead for Cisco. This is the first time I ever heard the name Stewart Biggs mentioned as CCIE #1025. - Original Message - From: Daniel Cotts To: Sent: Tuesday, August 27, 2002 4:01 PM Subject: RE: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52159] In my previous post I quoted a post from Terry Slattery regarding the first CCIEs. In it he did not recall the name of CCIE# 1025. In the quoted post below he does provide a name. snip The first CCIE, #1025, is/was Stewart Biggs. My understanding is that his certification has lapsed and he's off doing something else. I took the test from him in August, 1993 and became the second CCIE, #1026. The lab itself had a plaque outside the door labeling it as #1024 (a power of two - kind of an inside joke for networking/compuer jocks). unsnip -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 27, 2002 1:57 PM To: [EMAIL PROTECTED] Subject: Re: No longer 4 digits [7:52146] CCIE 1040 sits next to me and I asked him if Imran (sp?) was his proctor and it was. Imran designed the orgianal program and it's our guess he was the proctor for the 1st CCIE. Imran was pretty tough, I remember talking to him at networkers in Denver when the CCIE recert first came out and about 100 of us took the test and only 2 passed. He chuckled stating his intention was to make it difficult so as to require studying. Dave Chuck's Long Road wrote: this topic of fascination for many often leads to a bit of confusion as well http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_pr esent.html shows the number of CCIE's world wide as of 7/31/02 The first CCIE number issued was 1025. Over the years, some have retired, some have neglected to recertify ( including Jeff Doyle, last time I looked ) So according to Cisco's numbers, on July 31 2002 there were 8031 active CCIE's. As a sidebar, Terry Slattery, CCIE 1026, tells how he was tested by CCIE 1025 ( sorry, I can't remember the name ) The theory was / remains that only CCIE's should test candidates. No one seems to know who tested #1025, nor the criteria used. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52165t=52165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52169]
Well, the online verification system says that Stuart Biggs is CCIE 1025, though the current status is Inactive. -Original Message- From: Chuck Ryan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 27, 2002 5:22 PM To: [EMAIL PROTECTED] Subject: Re: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52165] Actually, I thought/read/heard that CCIE #1025 (aka the first CCIE) was/is Jeff Buddemeier, technical lead for Cisco. This is the first time I ever heard the name Stewart Biggs mentioned as CCIE #1025. - Original Message - From: Daniel Cotts To: Sent: Tuesday, August 27, 2002 4:01 PM Subject: RE: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52159] In my previous post I quoted a post from Terry Slattery regarding the first CCIEs. In it he did not recall the name of CCIE# 1025. In the quoted post below he does provide a name. snip The first CCIE, #1025, is/was Stewart Biggs. My understanding is that his certification has lapsed and he's off doing something else. I took the test from him in August, 1993 and became the second CCIE, #1026. The lab itself had a plaque outside the door labeling it as #1024 (a power of two - kind of an inside joke for networking/compuer jocks). unsnip -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 27, 2002 1:57 PM To: [EMAIL PROTECTED] Subject: Re: No longer 4 digits [7:52146] CCIE 1040 sits next to me and I asked him if Imran (sp?) was his proctor and it was. Imran designed the orgianal program and it's our guess he was the proctor for the 1st CCIE. Imran was pretty tough, I remember talking to him at networkers in Denver when the CCIE recert first came out and about 100 of us took the test and only 2 passed. He chuckled stating his intention was to make it difficult so as to require studying. Dave Chuck's Long Road wrote: this topic of fascination for many often leads to a bit of confusion as well http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_pr esent.html shows the number of CCIE's world wide as of 7/31/02 The first CCIE number issued was 1025. Over the years, some have retired, some have neglected to recertify ( including Jeff Doyle, last time I looked ) So according to Cisco's numbers, on July 31 2002 there were 8031 active CCIE's. As a sidebar, Terry Slattery, CCIE 1026, tells how he was tested by CCIE 1025 ( sorry, I can't remember the name ) The theory was / remains that only CCIE's should test candidates. No one seems to know who tested #1025, nor the criteria used. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=52169t=52169 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
test [7:51328]
Test Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51328t=51328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP okinawa japan [7:51329]
Are there any people in the Okinawa area going for CCNP? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=51329t=51329 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Press OSPF? [7:50567]
The Cisco Press OSPF book by Tom Thomas would go great with Dr. Parkhurst's book as well. - Original Message - From: Chuck To: Sent: Friday, August 02, 2002 10:04 PM Subject: Re: Cisco Press OSPF? [7:50567] Might consider this one: Cisco OSPF Command and Configuration Handbook by William R. Parkhurst I haven't read this one myself, but according to the reviews it is written in the same vein as his BGP book, which I believe is a far better way to learn the knobs. HTH Robert D. Cluett wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All, Looking for a book that will cover OSPF in detail outside of the BSCN book. I recently purchased Internet Routing Architectures to give me more detailed knowledge of BGP, but need to round out the OSPF with another book. Any advice? Thanks Rob Cluett, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50571t=50567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3550 EMI [7:50103]
The 3550 EMI sold for $500 from Ingram Micro and Tech Data, unfortunately both companies are out of stock and the promotion is over. Ryan -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 2:11 PM To: [EMAIL PROTECTED] Subject: RE: 3550 EMI [7:50103] I think you forgot a zero. Everything thinks you typed 500$ -Original Message- From: Cisco Nuts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 30, 2002 4:13 PM To: [EMAIL PROTECTED] Subject: Re: 3550 EMI [7:50103] Where can I buy this switch for $500.00 as someone posted this a few days ago?? Thank you. From: Chuck Reply-To: Chuck To: [EMAIL PROTECTED] Subject: Re: 3550 EMI [7:50103] Date: Tue, 30 Jul 2002 14:28:31 GMT just getting into it. 1500 pages of documentation to read :-O They do IGRP, EIGRP, RIPv1, RIPv2, and OSPF. Don't believe the output of the router ? BGP is expected to be released real soon now, but according to Cisco people I've spoken to, it will not be a full featured release. Limitations as to the number of routes processed and stored, for example ( due to the physical limitations of the switch ) I.e. don't expect to get full BGP routes over your DSL connection. Chuck Symon Thurlow wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Anyone played with the new 3550 EMI switches? They report layer 3 routing etc. Symon _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=50196t=50103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Check this new command out [7:49717]
I have the do command in config mode (in c3640-i-mz.122-5d.bin), but the output is only: router(config)#do ? . Version number -Original Message- From: Dan Penn [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 11:19 AM To: [EMAIL PROTECTED] Subject: RE: Check this new command out [7:49717] Yes, I'm not sure what platforms it does work on, I tried it on 2500's, 2600's and 4500's with no luck Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MADMAN Sent: Friday, July 26, 2002 8:16 AM To: [EMAIL PROTECTED] Subject: Re: Check this new command out [7:49717] Priscilla Oppenheimer wrote: MADMAN wrote: Thought this was pretty cool!! c7304(config)#do sh ver Cool! Can you do stuff other than show version while in config mode?? Yes it appears you can do most anything, I tried a sh mem, sh config | inclu, sh ip route, they all work. I don't know when/if this will be available in released IOS, I tried it on a 7200 running the latest 12.2.10a, no cigar. Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49782t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Check this new command out [7:49717]
What code rev is this in? I have some 12.2(5)+ and I don't see it. Is this just in specific 12.1 Development Test images? -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 10:40 AM To: [EMAIL PROTECTED] Subject: Re: Check this new command out [7:49717] Ya but you don't need the do command. Dave Juan Blanco wrote: Please, correct me if I am wrong, but you can execute any command on the pix's box while you are in config mode as well -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of MADMAN Sent: Thursday, July 25, 2002 6:01 PM To: [EMAIL PROTECTED] Subject: Check this new command out [7:49717] Thought this was pretty cool!! c7304(config)#do sh ver Cisco Internetwork Operating System Software IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO DEVELOPME NT TEST VERSION Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 16-Jul-02 03:26 by Image text-base: 0x40008970, data-base: 0x41B32000... Dave -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49781t=49717 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to keep multiple switch ports on the same VLAN from [7:49521]
The 2924XL platform does support PVLANs if it can be upgraded to 12.0(5)XU or higher code which is based on a number of factors including memory. The XL-EN is questionable. 4MB 2924XL switches cannot run the 12.0(5)XU and higher code. For what you are trying to do, PVLANs are the only way to do it that I know of ( I was even trying to come up with a kludge scenario involving using a router and trunking the VLANs up to the router that is doing IRB and filtering at the MAC layer). Especially useful in a DMZ scenario, PVLANs allow you to have a single DMZ for multiple applications, such as WWW and SMTP, and prevent them from seeing each other, yet allow them to talk to firewalls and routers (some people asked why you would do such a thing). It is a recommended part of the Cisco SAFE architecture. http://www.cisco.com/warp/public/473/90.shtml http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm -Original Message- From: Don Claybrook [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 6:17 PM To: [EMAIL PROTECTED] Subject: How to keep multiple switch ports on the same VLAN from [7:49410] I have a customer who needs to have several ports on a 2924XL-EN in the same VLAN. The customer does not want these ports to be able to communicate with one another, but would like all of them to be able to go to/through another port. E.g., ports 1 to 5 would be on VLAN 50, they'd all be able to access port 6, on VLAN 60, but not each other. I did find something on CCO about Private VLANs, but I see that the 2924 is not on the list of hardware that supports PVLAN's. Does anyone know of a way to accomplish this segregation within the same VLAN, short of PVLAN's? Any help is much appreciated. Thanks, Don Claybrook Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49521t=49521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Off Topic - Whither IS-IS - Cisco's vision going forward [7:49061]
I attended Networkers 2002 in San Diego and got the impression to look out for more IS-IS in the future. Specifically, Cisco is working to achieve feature parity between OSPF and IS-IS, plus comments were made in the Router Architecture Power Session that IS-IS is getting a stronger Enterprise following, especially in Europe. -Original Message- From: Chuck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 17, 2002 4:48 PM To: [EMAIL PROTECTED] Subject: Off Topic - Whither IS-IS - Cisco's vision going forward [7:49057] I have now seen and heard this from several sources within Cisco - IS-IS is not being considered in the L3 switches other than those we would call core I.e. the 4cxxx and the 3550-xx L3 switches do not support IS-IS, nor are there plans to do so on those boxes. Recognizing that things can always change, I'm wondering what might be the reason? Lack of customer interest? Recognition of IS-IS as a specialized protocol less suitable for normal enterprise type stuff? Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49061t=49061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT: CCIE Lab Intelligence [7:47973]
Chuck is correct... My 3550 came back with Unknown routing protocol only after I entered router bgp 100. If you leave off the AS number you get incomplete command. Switch(config)#router ? bgp Border Gateway Protocol (BGP) egp Exterior Gateway Protocol (EGP) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO IS-IS iso-igrp IGRP for OSI networks mobileMobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) staticStatic routes Ryan -Original Message- From: Chuck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 03, 2002 6:18 AM To: [EMAIL PROTECTED] Subject: Re: OT: CCIE Lab Intelligence [7:47973] Let's see - I said I was reading the config guide on CCO I provided the link.. maybe that's where I got the idea. I have also been told off line by a couple of different people now that BGP is expected to be released later this year. Got a question for you - are you sure that after you enter the command you don't get an error saying unknown protocol Chuck Kris Keen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... What makes you think it doesnt do BGP? I have one right next to me.. Sure has hell does bgp Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(8)EA1c, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Fri 15-Feb-02 10:50 by antonino Image text-base: 0x3000, data-base: 0x006675E0 ROM: Bootstrap program is C3550 boot loader WS-C3550-12T_A uptime is 1 week, 2 hours, 24 minutes System returned to ROM by power-on System image file is flash:/c3550-i5q3l2-mz.121-8.EA1c/c3550-i5q3l2-mz.121-8.E 1c.bin cisco WS-C3550-12T (PowerPC) processor (revision G0) with 65526K/8192K bytes of memory. WS-C3550-12T_A#conf t Enter configuration commands, one per line. End with CNTL/Z. WS-C3550-12T_A(config)#router bgp ? Autonomous system number WS-C3550-12T_A(config)#router bgp Looks BGPish to me :) I'm trying to get one for my Lab at home.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=48019t=47973 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: InfoWorld article on Routing SOAP [7:46577]
There are a number of vendors creating XML switches, see: http://www.nwfusion.com/news/2002/132046_04-29-2002.html. From my perspective, I think of these Content Aware Switches specializing in XML. These have some things in common with Cisco Content Service Switches, but are tailored to XML and have code running at the application level to even translate XML documents. -Original Message- From: Tom Scott [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 10:25 AM To: [EMAIL PROTECTED] Subject: InfoWorld article on Routing SOAP [7:46577] From the hardcopy issue of InfoWorld (June 10, 2002, Issue 23, p. 43): Routing, the core technology of the Internet, is emerging as a way to coordinate interaction among SOAP actors on a global scale. SOAP routing is described in two of Microsoft's Global XML Architecture specifications. WS-Routing defines how to specify the route a SOAP messae takes through a chain of intermediaries. WS-Referral empowers those intermediaries to modify the route. These proposals are thus far just trial balloons, but early products such as KnowNow's Event Router ... anticipate a trend toward increasingly active intermediaries. How might this be implemented in Cisco routers and switches? Whether it's Microsoft's .Net or the Java Consortium's J2EE web services, this seems like a new area that may impact how we design and configure networks. -- TT Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46586t=46577 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Lab Changes..Updated [7:46623]
Do you have the link for this change? I've just searched CCO, the CCIE what's new area specifically, and I see no mention of this anywhere. - Original Message - From: Frank Merrill To: Sent: Friday, June 14, 2002 3:43 PM Subject: Cisco Lab Changes..Updated [7:46623] It would appear that the changes to the Lab have been clarified and updated, and it looks like the removal of the indicated topics won't actually happen until Nov 4th now: Lab Exam Content and Equipment Changes CCIE Candidates should note the following changes to the technical content and equipment for the CCIE Lab exam. The content changes affect the CCIE Routing and Switching Lab exam, while the equipment changes affect all CCIE certification tracks. The CCIE program continually monitors the topics and technologies covered in the CCIE certification tracks. The end result of this process is that a topic may be removed from the exam to allow greater emphasis on features or technologies that are more current in the industry. Therefore, effective November 4th, 2002, the following topics will no longer be tested on the CCIE Routing and Switching exam: IGRP Token Ring Token Ring Switching IPX Please note that DLSw+ will remain as a valid topic on the exam. Between September 1, 2002 and November 4th, 2002 all CCIE labs will replace the current Catalyst 5000 switches with Catalyst 3550 switches. However, the only switching features tested during this time will be those common to both devices - additional features on the Catalyst 3550 will only be tested after November 4th, 2002. Please note that except for the change in switches, no new topics are being added to the content covered by the Routing and Switching exam. However, many features currently tested will now be able to receive more weight on the exam after November 4th. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46647t=46623 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Exam Changes - Token Ring [7:46481]
DLSW can still be configured and tested without Token Ring. -Original Message- From: Khalsa Singh [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 2:58 PM To: [EMAIL PROTECTED] Subject: CCIE Lab Exam Changes - Token Ring [7:46481] I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE lab, my question is, do I still have to buy cisco routers with Token Ring interface to practise DLSW since it is going to be in the lab after Token Ring is completely out thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46488t=46481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Exam Changes - Token Ring [7:46481]
The following links deal with DLSw and Ethernet, and DLSw topics in general http://www.cisco.com/warp/customer/697/3.html http://www.cisco.com/warp/public/697/3.html http://www.cisco.com/warp/customer/697/index.shtml http://www.cisco.com/warp/public/697/index.shtml -Original Message- From: Khalsa Singh [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 3:37 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Lab Exam Changes - Token Ring [7:46481] How is that possible, do you have a link to a url that explains how to do it, if that's possible then I can exclude all the routers that have token ring interface, I really wanted to know, since I have made a commitment to somebody to buy the whole CCIE Lab this saturday thanks in advance Khalsa Singh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE lab, my question is, do I still have to buy cisco routers with Token Ring interface to practise DLSW since it is going to be in the lab after Token Ring is completely out thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46498t=46481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Exam Changes - Token Ring [7:46481]
My take is that while Token Ring will not be there, Ethernet will. And as such, DLSw is still a subject that can be tested. If they are removing Token Ring, then the SRB facets of DLSw are going to be dropped. -Original Message- From: Khalsa Singh [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 5:12 PM To: [EMAIL PROTECTED] Subject: Re: CCIE Lab Exam Changes - Token Ring [7:46481] Thanks Ryan, I'm confused, so when cisco says, no token ring in the CCIE lab from oct 2002 but DLSW will be there, what does that mean. Should we expect to configure DLSW on TR-to-TR network or Eth-to-Eth network or WAN or both in the Lab Khalsa Singh wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE lab, my question is, do I still have to buy cisco routers with Token Ring interface to practise DLSW since it is going to be in the lab after Token Ring is completely out thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46505t=46481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Question Mark [7:45980]
That's absolutely not true. In order to do something like that, they would have to custom compile IOS code specific to the CCIE Lab to have that removed. Believe me, the ? is an integral part of working with Cisco devices from the command line. -Original Message- From: Robert McBride [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 8:19 PM To: [EMAIL PROTECTED] Subject: CCIE Lab Question Mark [7:45980] Hey, I just heard that there is no question mark availability on the lab. Can anyone give me there experience on this ?? -Thanks- -Robert- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46004t=45980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Lab Question Mark [7:45980]
I attempted the lab back in August of 2000. Granted that was the 2day format, but the ? was available then. To remove it would be absurd. -Original Message- From: Roberts, Larry [mailto:[EMAIL PROTECTED]] Sent: Friday, June 07, 2002 5:23 PM To: Moffett, Ryan; [EMAIL PROTECTED] Subject: RE: CCIE Lab Question Mark [7:45980] Engineering code doesn't have the ? Available. I had heard the same thing though Thanks Larry -Original Message- From: Moffett, Ryan [mailto:[EMAIL PROTECTED]] Sent: Friday, June 07, 2002 9:08 AM To: [EMAIL PROTECTED] Subject: RE: CCIE Lab Question Mark [7:45980] That's absolutely not true. In order to do something like that, they would have to custom compile IOS code specific to the CCIE Lab to have that removed. Believe me, the ? is an integral part of working with Cisco devices from the command line. -Original Message- From: Robert McBride [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 8:19 PM To: [EMAIL PROTECTED] Subject: CCIE Lab Question Mark [7:45980] Hey, I just heard that there is no question mark availability on the lab. Can anyone give me there experience on this ?? -Thanks- -Robert- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46072t=45980 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Provider Backbone Engineering and CCIEs [7:44876]
Really? So I shouldn't being doing a show mem and looking at the data contained in specific memory addresses labeled *packet data* to turn my router into a sniffer? :-) -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, May 24, 2002 1:20 PM To: [EMAIL PROTECTED] Subject: Re: Provider Backbone Engineering and CCIEs [7:44876] At 07:32 AM 5/24/02, dre wrote: Cisco router to solve any problem, even those that shouldn't be solved with a router! And how about all the people who try to turn the router into a troubleshooting tool? You wouldn't believe how many times I've had to convince people that the debug commands aren't a replacement for a sniffer. Not only are there issues with eating CPU resources to display the debug info, but a lot of the commands don't show packets (which they shouldn't). Also, regardless of whether they show events or packets, they don't display the information in English (in many cases). In fact, many of the debug commands were written to help Cisco software and hardware developers do some debugging on flaky code/hardware. They weren't written to help a network administrator or engineer. I know this is a tangent from the real discussion, but I just wanted to make that additional point about a Cisco router not being the solution to every problem. Priscilla Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44978t=44876 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Doyle on Lab Rats [7:44611]
I think that everyone agrees that in order to pass the CCIE lab, you have to spend a decent amount of time in a lab playing with scenarios and technologies you might otherwise have never experienced in a real life network, or experienced it so long ago that you don't have any where else to test and learn it. No matter who you are, you are going to have to get some of your experience for the CCIE lab in a lab on your own, not a production network. Perhaps some people do get all of their experience in a production network..or several production networks and I am not going to dispute that, but it is certainly the exception, not the rule. I think the problem here is with people who get all of their experience in a lab network. Today, it is possible to pass the CCIE written and lab with little to no real world experience and that is not what the CCIE is about. I can hardly fault someone who has the time, money and desire to sit down and attempt the CCIE without much real world experience because I am seeing more and more employers looking for entry to mid-level network engineers with CCIE's required or highly desired. I don't think that was the original intent of the CCIE either. The CISSP already does, or is going to require that you send your resume in with your application to be a CISSP. In fact, they audit them to make sure that people aren't lying on their applications. I don't claim to know all the details of the CISSP certification process, but what would something like this do for the CCIE program? It appears to keep the CISSP relavent. Does it really? -Original Message- From: Johnny Routin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 21, 2002 10:11 AM To: [EMAIL PROTECTED] Subject: Re: Doyle on Lab Rats [7:44611] Nice of you to take Jeff's words and use them out of context. I believe what Jeff meant is that as we are experienced network engineers pursuing CCIE certification, we should set up a lab for practice as we cannot perform the necessary configurations on our production networks. The thing you forgot to mention while taking liberities with his words is that lab rats do not know what a production network looks like. JR -- Johnny Routin The Routin One cebuano wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Excerpt from Doyle's Vol.2 page 792. Labs also provide an area of the network where you can just play around with the commands, testing the effect of misconfigurations and practicing troubleshooting. The lab can be used in this way for training and CCIE preparation. Only with a lab can you THOROUGHLY experiment with configurations, break things to see what happens, and determine what symptoms identify misconfigurations. This is exactly how we are all educated in colleges and universities. Remember the labs in Physics, Chemistry, Biology, Human Anatomy... So for those of you that have no respect for lab rats, you might need to rethink your opinions. I say more swiss cheese to lab rats! Elmer P.S. Don't forget the wine. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44620t=44611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Bridge and switch [7:44649]
John and Mike are both right. As a matter of fact, there are several definitions. In my opinion, the whole topic is adequately described in Interconnections, by Radia Perlman. Her take (in a nutshell) is that they are technically one in the same and that the difference is marketing terminology. Ethernet switches are essentially multi-port transparent bridges (but what bridge isn't 2 ports or more?). A Ethernet switch or bridge with only 2 ports could be called a switch or bridge depending on which one is a better market term. As time has evolved, new functionality has been introduced into Ethernet switches, but at their base functionality, it's all pretty much the same. -Original Message- From: Michael L. Williams [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 21, 2002 3:20 PM To: [EMAIL PROTECTED] Subject: Re: Bridge and switch [7:44649] A switch is a multiport bridge. Think of a bridge that bridges together 2 networks (i.e. has two interfaces, one in each network). Then supposed you upgrade to a 3 port bridge, that can connect 3 networks. keep adding ports up to 4, 8, 12, 24, or even 48 and that's a switch. The switch operates pretty much like a bridge where it watches the source MAC addresses in frames, builds a table of MAC addresses and corresponding ports (the CAM table), and forwards broadcasts or traffic destined for a MAC address not in it's CAM table out all ports (except the one it received the frame on) Mike W. rtiwari wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could somebody will please describe me the difference in between bridge and switch. Thanks Ravi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44660t=44649 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 100Mbit cable can't shorter than 6 feets????? [7:41448]
I found this info on the Krone web site, the page was titled Length Matters Patch cords are an integral - and often overlooked - part of your network's cabling. Transmission protocols on today's networks run at specified frequencies. When those frequencies are interrupted or compromised with patch cords of random or unspecified lengths, the disturbance created causes signal loss and corrupted data flow. TrueNet patch cords are designed and manufactured at specified lengths - 4, 7, 10, and 15 feet - to correspond to the critical wavelengths of transmission frequencies. An average of all the key frequencies - 10, 100, Gigabit Ethernet, and ATM 155/622- was used to determine the optimal lengths for data transmission. Ryan -Original Message- From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 14, 2002 7:46 PM To: [EMAIL PROTECTED] Subject: 100Mbit cable can't shorter than 6 feets? [7:41448] Hi.. everyone, My friend told me that 100Mbit cable can't SHORTER than 6 feets. Have everyone heard that this theory ? If yes, what is the reason or he is bull shitting. Tong == De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren. == The information contained in this message may be confidential and is intended to be exclusively for the addressee. Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail. == Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=41625t=41448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Router question.. [7:39788]
ISL or 802.1q trunk is an option if the interface hardware supports it. You configure 3 VLANs on the 2900. Trunk those 3 VLANs up to the 2600 and configure that Ethernet interface for ISL or 802.1q encapsulation with 3 subinterfaces, 1 for each VLAN. Another option also works on just one interfacesecondary IP addresses. It's not the best solution, but it would work as well. -Original Message- From: Ricky Chan [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 12:43 PM To: [EMAIL PROTECTED] Subject: Router question.. [7:39788] Hi all, My boss just come up and give me a senario question like this. He told me that I owned a company which uses 3 different LANs, for example, 172.27.10.x, 172.27.11.x, 172.27.12.x. But I only have one cisco 2600 series router and 2900 series switch. I can't use the serial ports from the router. Just the two ethernet ports (by default). My question is, is it possible? Please advice. Thanks Ricky Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39821t=39788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP to CCDP [7:39448]
You can still pursue the CCDP. If you look at the certification tracking website, it should show you started your CCDP back when you started passing exams related to the CCNP or CCDA. I just did exactly the same thing. I passed my CCNP about 2 years ago and just got my CCDP with the CID test last month. It wasn't clear to me either based on what I could dig up on Cisco's website, however I scheduled the exam anyway and followed up on the tracking website to make sure it showed me as completing my CCDP. -Original Message- From: Daniel Ma [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: CCNP to CCDP [7:39448] Well, I got my CCNP two years ago with old exam track. What if I want to get CCDP certification, do I need to take all the exams again, or I could just take the CID. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39456t=39448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP to CCDP [7:39448]
My CCNP will expire in about a year unless I re-certify. My CCDP lasts 3 years from that date that I passed the CID. -Original Message- From: Daniel Ma [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 3:05 PM To: Moffett, Ryan; [EMAIL PROTECTED] Subject: Re: CCNP to CCDP [7:39448] Does this mean your CCDP will be valid for three years from now on? or it will expire when your CCNP expires. Thanks, - Original Message - From: Moffett, Ryan To: 'Daniel Ma' ; Sent: Monday, March 25, 2002 2:59 PM Subject: RE: CCNP to CCDP [7:39448] You can still pursue the CCDP. If you look at the certification tracking website, it should show you started your CCDP back when you started passing exams related to the CCNP or CCDA. I just did exactly the same thing. I passed my CCNP about 2 years ago and just got my CCDP with the CID test last month. It wasn't clear to me either based on what I could dig up on Cisco's website, however I scheduled the exam anyway and followed up on the tracking website to make sure it showed me as completing my CCDP. -Original Message- From: Daniel Ma [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: CCNP to CCDP [7:39448] Well, I got my CCNP two years ago with old exam track. What if I want to get CCDP certification, do I need to take all the exams again, or I could just take the CID. Thanks, Daniel _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39460t=39448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNP to CCDP [7:39448]
CCDA is a pre-req. -Original Message- From: Brian Zeitz [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 3:27 PM To: [EMAIL PROTECTED] Subject: RE: CCNP to CCDP [7:39448] Don't take my word for it, but don't you need the CCDA too for CCDP? Or is CCNA good enough? -Original Message- From: Daniel Ma [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: CCNP to CCDP [7:39448] Well, I got my CCNP two years ago with old exam track. What if I want to get CCDP certification, do I need to take all the exams again, or I could just take the CID. Thanks, Daniel Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39473t=39448 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ATM for CCIE [7:38772]
Cisco ATM Solutions, Cisco Press, by Galina Pildush. She also contributed to CCIE Practical Studies, Volume 1 by Cisco Press. ATM Theory and Applications by Spohn and McDysan is also a good reference. -Original Message- From: Matthew Meiers [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 9:26 AM To: [EMAIL PROTECTED] Subject: RE: ATM for CCIE [7:38772] Anyone know any good ATM books? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Persio Pucci Sent: Tuesday, March 19, 2002 6:57 AM To: [EMAIL PROTECTED] Subject: ATM for CCIE [7:38772] Folks, I'm reading the CCIE Resource Kit 2001 Ed., and I think that the amount of information about ATM that the book covers is just insufficient for the test. Anybody feels like this? Or is it just enough? Any recommendation for ATM? Regards, Persio Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38789t=38772 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT/ Pass one Lab and hold two CCIE certs ? [7:38402]
CCIE = Hexadecimal CC1E = Decimal 52254. Took me a while too. :-) -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 2:28 PM To: [EMAIL PROTECTED] Subject: Re: OT/ Pass one Lab and hold two CCIE certs ? [7:38402] I'm slow guys and gals, what with all these numbers after the CCIE? What CCIE #52254 summposed to mean? -- RFC 1149 Compliant. Dennis Laganiere wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... That's cute, but I think I'll wait for ccie #12648430 --- Dennis -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 10:35 AM To: [EMAIL PROTECTED] Subject: Re: OT/ Pass one Lab and hold two CCIE certs ? [7:38402] I get it! ;-) Priscilla CNX 01CCDD At 11:49 AM 3/15/02, Phil Barker wrote: What about the one who passes out as CCIE #52254 ? Phil. --- John Neiberger wrote: Change your last name to Ccie? :-) Or, include both the written and lab exam, e.g. John Neiberger, CCIE Written, CCIE RS #12005. Nah, because only one of those is a cert. I give up, what's the trick? John Phil Barker 3/15/02 8:44:23 AM How can you get CCIE after your name twice by only passing 1 CCIE Lab exam ? PS : Lateral thinking may be required Phil. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com [EMAIL PROTECTED] __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38469t=38402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: basic OSPF questions [7:37142]
Someone else has tackled the others, I go after #1): As you probably already know, in a lab setting, loopbacks are great for building up fictional stub networks to be used in reachability testing and summarization/filtering scenarios. For example, you can create interface loopback0 with an ip address of 10.1.1.1/24. By default, in OSPF, this loopback interface's network would be advertised as 10.1.1.1/32 even though you have specified the /24 mask. This makes for some confusion. If you specify on the loopback interface OSPF network type as point-to-point, it will force the /24 advertisement to be made instead of the /32. This makes the loopback interfaces appear to be just another stub network (not to be confused with OSPF stub area). Ryan -Original Message- From: bergenpeak [mailto:[EMAIL PROTECTED]] Sent: Monday, March 04, 2002 9:00 AM To: [EMAIL PROTECTED] Subject: basic OSPF questions [7:37142] 1) A loopback address is normally advertised by OSPF as a host route. The command ip ospf network point-to-point enables one to specify that the interface should be advertised as a subnet route. What are the benefits for doing this? 2) Must a link cost be the same on for all routers that share the link? Is there a protocol reason for this? Some other reason? 3) In the Exstart phase, how is the master selected? Chappel's book says RID while Doyle's say highest interface IP address. Which is it? 4) I'm somewhat unclear on the Exchange and the Loading states. When a router goes into Exchange state, does it send all DDPs it knows about before processing any DDPs received from other adjancent neighbors? Thus, a router goes into Exchange state, sends all DDPs it knows about, then goes into Loading state, where it issues LSRs for LSAs it wants more details on? Is this the process? 5) Is there a difference between DBD and DDP packets? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37162t=37142 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]