Re: 802.1x authentication - minimal requirements? [7:74563]

[Jeff Ryan]

Use the Doc CD online... it has a wealth of information:
http://www.cisco.com/univercd/home/home.htm

2950:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12114ea1/2950scg/sw8021x.htm

3550:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550scg/sw8021x.htm

Cheers,
Jeff

Jsnatan ^. Jsnasson  wrote in message
news:[EMAIL PROTECTED]
 Hi,

 Im new to this list(first post, been watching it for a while though)
 I'm having a hard time trying to find the minimal requirements for 802.1x
 authentication.

 Like what version of Cisco Secure ACS do I need (is 3.0 enough?)
 Are all switches supported (like 3500XL for example)
 And what would be the minimal iso requirements for the 3500 (if supported)
 and 2950...

 Does anyone of you know this?


 Thanks in Advance
 -
 Jsnatan ^sr Jsnasson
 Net Admin
 [EMAIL PROTECTED]
 -
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74576t=74563
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: GroupStudy Server [7:74437]

[Ryan Finnesey]

Paul


We would be happy to host the list for you if you would like.


Ryan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul
Borghese
Sent: Thursday, August 28, 2003 11:58 AM
To: [EMAIL PROTECTED]
Subject: GroupStudy Server [7:74437]

The server circuit breakers fired do to the continuous internet worm
outbreaks.  Please resend if you sent a message that did not appear on the
list.

Also, any recommendations for a LOW COST 1u server we may use to replace the
current GroupStudy server?

Thanks!

Paul
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7t=74437
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: DSL over Dry Copper [7:74117]

[Ryan Finnesey]

How do you order dry copper?


Ryan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 18, 2003 8:44 PM
To: [EMAIL PROTECTED]
Subject: Re: DSL over Dry Copper [7:74117]

Dain Deutschman  wrote in message
news:[EMAIL PROTECTED]
 Hi All,

 Does anyone know if Cisco makes a product similar to the Pairgain Campus
HRS
 or Celsian G250 LAN Extenders? I want to create a dsl connection over dry
 copper between two sites. Cisco reseller helpline was mildly helpfull.
What
 are some of you using for this type of situation?


I have heard it said that all you need to do is connect a couple of 827's
and you are done. I don't know the specifics.. :-

http://www.pbs.org/cringely/pulpit/pulpit20010823.html

http://www.isp-planet.com/technology/homebrew_dsl.html

one place I saw said to check out what alarm companies order - they use dry
copper.

or you can use the Long Reach ethernet product from Cisco at each end. I'm
sure there are competitors.



 Thanks,

 -- 
 Dain Deutschman
 ccnp, css-1, cnss infosec, mcp, cna
 Data Communications Manager
 New Star Sales and Service, Inc.
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74146t=74117
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: VPN Best Hardware to use? [7:73793]

[Ryan Finnesey]

You are right it is a service offering.   Right now, we are using ISDN
dial-up and would like to move to a full time connection.  We would not be
using the customerbs connection but will be installing a 144K IDSL or 192K
SDSL line.  What I am going to do on Friday in the lab ( If we get the lines
from Covad on time) is use a 7200 at the head end and a 1700 on the other
end run the IPSec and NAT on the 1700 and see how that goes.  The only
problem is I cannot find an IDSL WIC on CCO I only see an ADSL and SDSL.

 

 

Ryan

 
 
Message- 
From: [EMAIL PROTECTED] on behalf of Reimer, Fred 
Sent: Mon 8/11/2003 10:02 AM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: RE: VPN Best Hardware to use? [7:73793]



I would certainly hope that the remotes wouldn't use different platforms. 
I
don't know the business model, but it sounds to me like it's some kind of 
service offering or something.  Maybe they have a 2000 site Frame Relay 
network used to offer a service or something, and they want to switch to 
something more economical.  Instead of paying monthly circuit fees, pay a 
one-time hardware cost (assuming they don't own the FR routers at the 
customer end) and use the customer's Internet connection.  Why in the world 
would you want different hardware at each customer site in that situation? 
Standardize on one hardware platform, and build the cost of that hardware 
into the business model... 

If that's the case then the cost of a 3005 can be justified in a small 
number of months, depending on your FR cost.  Certainly you would recoup 
your cost and start making more money, due to less operating cost, 
relatively quickly. 

Now, if this is something else, like a company with 2000 offices throughout 
the world, then I can see your point and you may end up with different 
requirements.  But, that's not how it sounds so far. 

Fred Reimer - CCNA 


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050 


NOTICE; This email contains confidential or proprietary information which 
may be legally privileged. It is intended only for the named recipient(s). 
If an addressing or transmission error has misdirected the email, please 
notify the author by replying to this message. If you are not the named 
recipient, you are not authorized to use, disclose, distribute, copy, print 
or rely on this email, and should immediately delete it from your computer. 


-Original Message- 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 11, 2003 6:57 AM 
To: [EMAIL PROTECTED] 
Subject: RE: VPN Best Hardware to use? [7:73793] 

Despite all hw issues, you really need to 
- describe the business req's first 
- translate to technical req's 

(you are talking 2000+ sites) 

And you will see that you'll need more than one platform for de Remotes. 

Dependig on your hierarchy concerning 
- messaging 
- authentication 
- client-server 
- webapps 
- desktop/register maintenance/management 
- security man 

You will need to or may want to build an hierarchical design. Keep in mind 
that differen platfroms use different (HQ) fail-over or 2nd ip techniques. 

Martijn 


-Oorspronkelijk bericht- 
Van: Ryan Finnesey [mailto:[EMAIL PROTECTED] 
Verzonden: zondag 10 augustus 2003 4:36 
Aan: [EMAIL PROTECTED] 
Onderwerp: VPN Best Hardware to use? [7:73793] 


I need to setup VPNs to about 2000 sites.  Each site will have an IDSL line 
installed that will be used to connect to monitor network devices and 
servers.  Some of the remote networks will be using the same network block. 
I am looking to know what the best hardware to use on each end is.  On my 
end, would it be better to use a PIX or a 3030?  On the remote end, I was 
looking at a PIX 501, SOHO 91 or the 831? 


Thank you 


Ryan 
**Please support GroupStudy by purchasing from the GroupStudy Store: 
http://shop.groupstudy.com 
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html 
**Please support GroupStudy by purchasing from the GroupStudy Store: 
http://shop.groupstudy.com 
FAQ, list archives, and subscription info: 
http://www.groupstudy.com/list/cisco.html 
**Please support GroupStudy by purchasing from the GroupStudy Store: 
http://shop.groupstudy.com 
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form

RE: VPN Best Hardware to use? [7:73793]

[Ryan Finnesey]

That is a ADSL WIC or am I missing something?  We are looking to use IDSL
but can not find a router that supports 3DES and IDSL
 
 
Ryan

-Original Message- 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Wed 8/13/2003 1:40 AM 
To: Ryan Finnesey; [EMAIL PROTECTED] 
Cc: 
Subject: RE: VPN Best Hardware to use? [7:73793]



You mean? newest:

DSL WAN Interface Cards
WIC-1ADSL-I-DG 1-port ADSLoISDN WAN Interface Card

cco partner login:

http://www.cisco.com/en/US/partner/products/hw/routers/ps221/products_data_s
heet09186a0080088713.html


Martijn


-Oorspronkelijk bericht-
Van: Ryan Finnesey [mailto:[EMAIL PROTECTED]
Verzonden: woensdag 13 augustus 2003 3:57
Aan: [EMAIL PROTECTED]
Onderwerp: RE: VPN Best Hardware to use? [7:73793]


You are right it is a service offering.   Right now, we are using ISDN
dial-up and would like to move to a full time connection.  We would not be
using the customerbs connection but will be installing a 144K IDSL or 192K
SDSL line.  What I am going to do on Friday in the lab ( If we get the lines
from Covad on time) is use a 7200 at the head end and a 1700 on the other
end run the IPSec and NAT on the 1700 and see how that goes.  The only
problem is I cannot find an IDSL WIC on CCO I only see an ADSL and SDSL.





Ryan



Message-
From: [EMAIL PROTECTED] on behalf of Reimer, Fred
Sent: Mon 8/11/2003 10:02 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: VPN Best Hardware to use? [7:73793]



I would certainly hope that the remotes wouldn't use different
platforms.
I
don't know the business model, but it sounds to me like it's some
kind of
service offering or something.  Maybe they have a 2000 site Frame
Relay
network used to offer a service or something, and they want to
switch to
something more economical.  Instead of paying monthly circuit fees,
pay a
one-time hardware cost (assuming they don't own the FR routers at
the
customer end) and use the customer's Internet connection.  Why in
the world
would you want different hardware at each customer site in that
situation?
Standardize on one hardware platform, and build the cost of that
hardware
into the business model...

If that's the case then the cost of a 3005 can be justified in a
small
number of months, depending on your FR cost.  Certainly you would
recoup
your cost and start making more money, due to less operating cost,
relatively quickly.

Now, if this is something else, like a company with 2000 offices
throughout
the world, then I can see your point and you may end up with
different
requirements.  But, that's not how it sounds so far.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information
which
may be legally privileged. It is intended only for the named
recipient(s).
If an addressing or transmission error has misdirected the email,
please
notify the author by replying to this message. If you are not the
named
recipient, you are not authorized to use, disclose, distribute,
copy, print
or rely on this email, and should immediately delete it from your
computer.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 6:57 AM
To: [EMAIL PROTECTED]
Subject: RE: VPN Best Hardware to use? [7:73793]

Despite all hw issues, you really need to
- describe the business req's first
- translate to technical req's

(you are talking 2000+ sites)

And you will see that you'll need more than one platform for de
Remotes.

Dependig on your hierarchy concerning
- messaging
- authentication

ISDN and SDS? [7:73940]

[Ryan Finnesey]

I need to make LD calls with an ISDN BRI line for a frame rely back up.  I
was told by ATT that I need to use SDS to make an LD call with an ISDN BRI
line.  The price per min per B ch is .27 but we can make and LD call on a
56K pots line for .3 are they right or just looking for $$?
 
 
Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73940t=73940
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

VPN Best Hardware to use? [7:73793]

[Ryan Finnesey]

I need to setup VPNs to about 2000 sites.  Each site will have an IDSL line
installed that will be used to connect to monitor network devices and
servers.  Some of the remote networks will be using the same network block. 
I am looking to know what the best hardware to use on each end is.  On my
end, would it be better to use a PIX or a 3030?  On the remote end, I was
looking at a PIX 501, SOHO 91 or the 831?


Thank you


Ryan



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73793t=73793
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Interface Vlan 'x' is up, line protocol is down [7:73428]

[Newell Ryan D SrA 18 CS/SCBT]

If I enable any vlan interface other than vlan 1 it will not enter an
protocol up state 
unless a physical interface that has vlan 'x' assigned to it. Why is that?

vlan database
vlan 2
!
interface FastEthernet0/1
 switchport access vlan 2
 no shutdown
!
interface Vlan2
 ip address 2.2.2.2 255.0.0.0
 no shutdown

If I were to plug a device into interface f0/1, interface vlan 2 will come
up/protocol up. I change the access vlan to another vlan, interface vlan  2
will go down.
I would appreciate any comments.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73428t=73428
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: TACACS - Cheap or Free [7:70764]

[Moffett, Ryan]

how about tac_plus from Cisco, also found on several other places around the
'net?  It's free, and open source.   

-Original Message-
From: Vance Krier [mailto:[EMAIL PROTECTED]
Sent: Monday, June 16, 2003 9:23 PM
To: [EMAIL PROTECTED]
Subject: TACACS - Cheap or Free [7:70764]


Hey Group,

I'm just looking for a cheap or free TACACS+ server.  This doesn't need to
be real powerful, just something I can use for playing around and possibly
to put on customer sites for real quick and easy outbound http auth
authentication purposes off a PIX.

Thanks,
Vance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70770t=70764
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Sprint Internet Backbone and VoIP? [7:70665]

[Ryan Finnesey]

Is anyone using the Sprint Internet backbone for VoIP?  If so how is it
working and are you running the VoIP just in the states or outside of
the states?


Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70665t=70665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sprint Internet Backbone and VoIP? [7:70665]

[Ryan Finnesey]

Yea that's what I have been told by Sprint but I can not find anyone
that is running it.   Also I need to find away to run VoIP in India and
from what I can see they do not have a POP in India.


Ryan

-Original Message-
From: Cisco Nuts [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 15, 2003 7:54 AM
To: Ryan Finnesey
Subject: Re: Sprint Internet Backbone and VoIP? [7:70665]

Don't know of any customers actually using VOIP across the Sprintlink
Backbone but should be no problem if one needed to !!
From: Ryan Finnesey
Reply-To: Ryan Finnesey
To: [EMAIL PROTECTED]
Subject: Sprint Internet Backbone and VoIP? [7:70665]
Date: Sun, 15 Jun 2003 05:47:32 GMT

Is anyone using the Sprint Internet backbone for VoIP? If so how is it
working and are you running the VoIP just in the states or outside of
the states?


Ryan
  _

MSN 8 with e-mail virus protection 
service: 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70668t=70665
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

remote management of routers? [7:70349]

[Ryan Finnesey]

Can anyone recommend a unit that I can rack mount and that would let me
dial into a router via the AUX port?


Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70349t=70349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: remote management of routers? [7:70349]

[Ryan Finnesey]

I am looking to manage routers when the DS1 or DS3 goes down so the only
away I can get to the router is a POTTS line.

-Original Message- 
From: Andrew Dorsett [mailto:[EMAIL PROTECTED] 
Sent: Sun 6/8/2003 1:38 PM 
To: Ryan Finnesey 
Cc: 
Subject: Re: remote management of routers? [7:70349]



On Sun, 8 Jun 2003, Ryan Finnesey wrote: 

 Can anyone recommend a unit that I can rack mount and that would let me 
 dial into a router via the AUX port? 

Are you looking for just one or more ports?  Perle makes a greatone that 
has SSH support for remote access. If you are looking for modem access 
just plug up an external modem to the port using the cisco adapters and 
console cable. Then configure the router to init the modem and answer it. 

Andrew 
--- 
 
http://www.andrewsworld.net/ 
ICQ: 2895251 
Cisco Certified Network Associate 

Learn from the mistakes of others. You won't live long enough to make all
of them yourself.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70358t=70349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: remote management of routers? [7:70349]

[Ryan Finnesey]

(AS2509-RJ-CH) we would be looking at $1600 each a bit high to manage one
router but a nice setup if I have more then one.  We are looking at offering
a manageed router service for some ISP's in the states.



Ryan
- Original Message - 
From: Nathan
To: [EMAIL PROTECTED]
Sent: Sunday, June 08, 2003 6:39 PM
Subject: RE: remote management of routers? [7:70349]


What you can use is what's called a OOB switch.
http://www.cisco.com/en/US/products/hw/iad/ps492/index.html
I think that's what you might be looking for.
-Nate
-Original Message- 
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Ryan Finnesey
Sent: Sunday, June 08, 2003 1:53 PM
To: [EMAIL PROTECTED]
Subject: RE: remote management of routers? [7:70349]


I am looking to manage routers when the DS1 or DS3 goes down so the only
away I can get to the router is a POTTS line.
-Original Message- 
From: Andrew Dorsett [mailto:[EMAIL PROTECTED]
Sent: Sun 6/8/2003 1:38 PM
To: Ryan Finnesey
Cc:
Subject: Re: remote management of routers? [7:70349]


On Sun, 8 Jun 2003, Ryan Finnesey wrote:
 Can anyone recommend a unit that I can rack mount and that
would let me
 dial into a router via the AUX port?
Are you looking for just one or more ports?  Perle makes a
greatone that
has SSH support for remote access. If you are looking for modem
access
just plug up an external modem to the port using the cisco
adapters and
console cable. Then configure the router to init the modem and
answer it.
Andrew
--- 

http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate
Learn from the mistakes of others. You won't live long enough
to make all of them yourself.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70371t=70349
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Is 'troubleshooting campus netwroks' enough for CIT?? [7:66017]

[Newell Ryan D SrA 18 CS/SCBT]

I have read a part of this book. It seems to line up with the CIT. Will this
be enough reading material to pass the CIT?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66017t=66017
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Is 'troubleshooting campus networks' enough for CIT [7:66045]

[Newell Ryan D SrA 18 CS/SCBT]

Yes, it is a retransmit. I have already taken the test and passed by the
way! I have also used the book
to pass a couple of Sniffer Test. I think it is great.



___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66045t=66045
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Is 'troubleshooting campus netwroks' enough for CIT?? [7:65732]

[Newell Ryan D SrA 18 CS/SCBT]

I have read a part of this book. It seems to line up with the CIT. Will this
be enough reading material to pass the CIT?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65732t=65732
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Is 'troubleshooting campus netwroks' enough for CIT?? [7:65780]

[Newell Ryan D SrA 18 CS/SCBT]

Let me clear up the last statement. I always read at least two books before
taking any exam. So if there is a subject I don't feel confident in I can
pop open another book and see how this author views the subject matter. I am
just wondering has any one else used this book to study for the exam.


-Original Message-
From: Newell Ryan D SrA 18 CS/SCBT [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 19, 2003 7:11 PM
To: [EMAIL PROTECTED]
Subject: Is 'troubleshooting campus netwroks' enough for CIT?? [7:65732]

I have read a part of this book. It seems to line up with the CIT. Will this
be enough reading material to pass the CIT?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65780t=65780
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65379]

[Newell Ryan D SrA 18 CS/SCBT]

Reading the CDP vulnerability link, I cannot determine how a hacker can
trigger the attack. Reading the email trail
it seems that you are worried about the info displayed in the frame. If that
is what your company 
is trying to avoid, here is an idea. Why not disable it on a per port basis.
That is a lot of work 
but every one gets what they want. On the links between network devices
enable it and on the links to host 
disable it. That why a hacker jus cant 'plug in' and get the info. I know
cisco has a the 'set port host' macro commands 
for CATOS that disables a lot of stuff. I wish that it encompassed disabling
cdp.

D

-Original Message-
From: Pistone, Mike [mailto:[EMAIL PROTECTED]
Sent: Friday, March 14, 2003 3:54 AM
To: [EMAIL PROTECTED]
Subject: RE: OT - CDP: Is it treated as a 'vulnerability' in yo
[7:65347]


The NSA has an un-classified Securing Cisco Networks document that I found
last year.  I think it is linked off of www.nsa.gov somewhere.   It is an
excellent document dealing with all aspects of securing your network,
including CDP I believe.  

From what I remember, it was developed for their use, but decided to release
it to increase the security of the countries infrastructure.

I just looked up the link -- it's at http://www.nsa.gov/snac/index.html


Mike


___
Mike Pistone
NASA - Russian Services Group
Marshall Space Flight Center
Huntsville, AL 35806
Ph: (256) 544-2915
Em: [EMAIL PROTECTED]



-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 13, 2003 12:17 AM
To: [EMAIL PROTECTED]
Subject: RE: OT - CDP: Is it treated as a 'vulnerability' in yo [7:65251]


chris kane wrote:
 
 It recently came to my attention that my company may plan to disable 
 all CDP in our network. The current vibe is that they see it as a
 security risk. My
 intent is to research this and provide a paper arguing for the
 use of CDP.
 The purpose for my post is to see if my opinions of the
 benefits of CDP are
 realistic (sanity check) and to see how others view CDP,
 weighing it's
 usefulness vs. any possible risk.
 
 I have already begun researching any security releases on CCO in 
 regards to CDP. Initial scan shows a 'vulnerability' notice that Cisco
 most recently
 updated on Feb 12, 2003. This information can be found at this
 link:

http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09
 186a0080093ef0.shtml
 
 Looking at CDP from a troubleshooting tool perspective, I am all for 
 it. I've personally been saved unknown hours tracing down a problem
 because CDP
 allowed me to bounce around the network quickly. Our network is
 not small.
 And as most people would agree, documentation is never what we
 all would
 like it to be. Therefore, I find that CDP's ability to display
 the network
 below Layer 3 is appreciated.

So will a hacker appreciate CDP's ability to display information about the
internetwork.

I think that's the reasoning behind the security experts saying to turn it
off. That is indeed the current vibe.

I took a Cisco security class at the Usenix Security Symposium in August
2002. The instructor said to turn it off.

Have you looked at the documents at the Center for Internet Security? They
have benchmarks for Cisco security. They have 2 levels. Even with the less
severe level, they say to turn off CDP.

The Center for Internet Security tries to develop consensus on security
measures. Their partners include The SANS Institute, the DoD Computer
Emergency Response Team, NASA, National Institute of Standards and
Technology, etc.

Their Web site is here:

http://www.cisecurity.org/

On the other hand, I think you could certainly make a good case for not
disabling CDP. Being able to troubleshoot efficiently is just as important
as security when considering network availability. A network that's broken
and due to typical network problems is experiencing a denial of service just
as bad as if a hacker had broken in. Good troubleshooting tools mean a more
available network, there's no question.

I hope others answer too. I know that all the security people say to turn it
off and most people who actually work in the trenches say, Hunh?

Priscilla
 
 
 
 Also from a tool perspective, I know CiscoWorks has tools to offer 
 that utilize CDP. And I've seen software from other companies that
 does as well.
 Think Layer 2 traceroute capability.
 
 Looking at CDP from a multi-vendor platform perspective, I realize 
 that it's often beneficial to turn off CDP on interfaces that connect 
 to non-Cisco
 devices. No point in bothering a non-Cisco device with traffic
 that it can't
 process. But note, this is not turning off CDP globally per
 router/switch,
 but rather, disabling on an as-needed basis per interface.
 
 I'd like to hear other views and I'd appreciate feedback and opinions 
 about this.
 
 Thanks,
 -chris




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=65379t=65379

How to initiate a ssh from CATOS? [7:64556]

[Newell Ryan D SrA 18 CS/SCBT]

Trying to connect to another Cisco device via secure shell. I can do it from
the IOS to CATOS. But I do not know the command to go from CATOS to any
other device.
Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64556t=64556
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: FW: Ethernet Slot Time and Delay [7:63659]

[Newell Ryan D SrA 18 CS/SCBT]

Ms. Oppenheimer

A Collegue of my pointed out to me that my wording my have seemed harsh. And
that is why you slammed me for it. 

I did'nt think of it as a slamming just an expercience tech answering the
newbie's questions. But if I offended you in any way, I apologize. I will
also try and watch the way I word my questions. I know sometimes it seems I
am being argrumentive. Its just when I have an understanding of a certain
technology I tend to defend and back what I understand. I geuss I will work
on that. Well thank you any way for answering by question! 

Thanks you too B.A.




-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 25, 2003 9:21 AM
To: [EMAIL PROTECTED]
Subject: RE: FW: Ethernet Slot Time and Delay [7:63659]

Newell Ryan D SrA 18 CS/SCBT wrote:
 
  500 Meters?? It's 2500 meters. In one example of such a
 network, there can
  be 5 segments, 4 repeaters (hubs), but only 3 segments can
 have end
  systems. That's the infamous 5-4-3 rule. It makes a lot of 
  assumptions. Really, the
  size of the network depends on round-trip propagation delay
 for the
  particular equipment, cables, and cable lengths.
 
 Maybe I was wrong for thinking that. If my net was all 10 Base
 T, then with
 max 5 segments...500 meters. That's were I got that number
 from. Measuring
 the size of the collision domain is well under slot time. So I
 could
 technically extend the size of the network. 

The segment from the hub to the end station might be 100 meters, as that's
how structured cabling is usually done. Between hubs probably isn't 100
meters, for what it's worth. In fact, it might be fiber-optic cabling.

 
 One of the things I ran into was the formula to use to
 calculate the round
 trip delay. With the formula in your book I came up with 210
 bit times round
 trip for 500 meter 4 hub network. But with the definitive
 guide's method I
 got 362 bit times. When I was going back and forth between
 books I think I
 got lost somewhere. For a 100 meter cable they suggest 11.3 bit
 times. While
 you suggest 5 one-way or 10 round trip...very close. But they
 start with a
 base value.
 Example First segment would be 26.55 bit times instead of 11.3.
 The base
 value is 15.25. 15.25+11.3=26.55 bit times for the first
 segment.

Technically, IEEE does say to add some DTE delay time, i.e. time at the
stations themselves, both the sender and receiver. This is all documented in
IEEE 802.3 documents, which are available for free from IEEE. It's not worth
reading though (for this purpose I mean.)

 
 I think I understand the theory behind slot time. It takes a
 station 51.2
 micro seconds to transmit the smallest frame. So station a
 needs to be
 notified by any other station if a collision was to happen
 while it was
 still transmitting. 

That's it.

 So when the first bit of station a's
 preamble hits
 station z (at the other side of the network) rx pins while
 station z was
 transmitting, it's first bit hits the repeater. The repeater is
 going to use
 collision enforcement to make all  stations including station a
 is aware of
 the collision. This must happen before station a finishes
 transmitting the
 smallest Ethernet frame. I think that is it.
 
 So should bit time be the time it takes to transmit the
 preamble and 512
 bits?

The preamble doesn't count. It's used to recover timing. A station or
repeater might not catch all of the preamble. It just has to see the pattern
and the start of frame delimiter. A repeater regenerates the preamble, by
the way.

 
 One more thing...
 
 A proper preamble should look like 10101010 or AA. I'm sure I
 read somewhere
 that a collision would appear with all 5's or C's.

We used to see 55s on old coax networks. Never saw Cs though.

 How would
 that be
 possible if as soon as the repeater detects a collision it
 sends out a jam
 signal out all its ports? 

Then you would see alternating ones and zeros on the end of a frame. I have
seen this, but not recently. My current NIC won't give me bad frames so even
a sniffer doesn't give them to me.

 Also a frame with a bad CRC is
 suspect of a
 collision. 

The frame got damaged when the collision occured.

 How? If you know where I could get more reading on
 this that
 would be great! 

IEEE 802.3.

 
 Thanks for answering my questions!  
 
 
 
 We are what we repeatedly do. Excellence, then, is not an act,
 but a
 habit.--Aristotle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63853t=63659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Ethernet Slot Time and Delay [7:63659]

[Newell Ryan D SrA 18 CS/SCBT]

 500 Meters?? It's 2500 meters. In one example of such a network, there can
 be 5 segments, 4 repeaters (hubs), but only 3 segments can have end
 systems. That's the infamous 5-4-3 rule. It makes a lot of 
 assumptions. Really, the
 size of the network depends on round-trip propagation delay for the
 particular equipment, cables, and cable lengths.

Maybe I was wrong for thinking that. If my net was all 10 Base T, then with
max 5 segments...500 meters. That's were I got that number from. Measuring
the size of the collision domain is well under slot time. So I could
technically extend the size of the network. 

One of the things I ran into was the formula to use to calculate the round
trip delay. With the formula in your book I came up with 210 bit times round
trip for 500 meter 4 hub network. But with the definitive guide's method I
got 362 bit times. When I was going back and forth between books I think I
got lost somewhere. For a 100 meter cable they suggest 11.3 bit times. While
you suggest 5 one-way or 10 round trip...very close. But they start with a
base value.
Example First segment would be 26.55 bit times instead of 11.3. The base
value is 15.25. 15.25+11.3=26.55 bit times for the first segment. 

I think I understand the theory behind slot time. It takes a station 51.2
micro seconds to transmit the smallest frame. So station a needs to be
notified by any other station if a collision was to happen while it was
still transmitting. So when the first bit of station a's preamble hits
station z (at the other side of the network) rx pins while station z was
transmitting, it's first bit hits the repeater. The repeater is going to use
collision enforcement to make all  stations including station a is aware of
the collision. This must happen before station a finishes transmitting the
smallest Ethernet frame. I think that is it.

So should bit time be the time it takes to transmit the preamble and 512
bits?

One more thing...

A proper preamble should look like 10101010 or AA. I'm sure I read somewhere
that a collision would appear with all 5's or C's. How would that be
possible if as soon as the repeater detects a collision it sends out a jam
signal out all its ports? Also a frame with a bad CRC is suspect of a
collision. How? If you know where I could get more reading on this that
would be great! 

Thanks for answering my questions!  



We are what we repeatedly do. Excellence, then, is not an act, but a
habit.--Aristotle




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63659t=63659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Cant establish reverse telnet [7:63660]

[Newell Ryan D SrA 18 CS/SCBT]

Are you reverse telneting to the line the routers are connected to? 

-Original Message-
From: McHugh Randy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 7:55 AM
To: [EMAIL PROTECTED]
Subject: Cant establish reverse telnet [7:63660]


It appears that I cannot establish a telnet session to my routers from the
term server. How can I clear the line
TS#sh ses
% No connections open
TS#r1
Translating r1
Trying r1 (1.1.1.1, 2097)... 
% Connection refused by remote host

TS#r2
Translating r2
Trying r2 (1.1.1.1, 2098)... 
% Connection refused by remote host

TS#clear line ?
Line number
  aux  Auxiliary line
  console  Primary terminal line
  tty  Terminal controller
  vty  Virtual terminal

TS#clear line 
thanks
Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63665t=63660
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cant establish reverse telnet [7:63660]

[Newell Ryan D SrA 18 CS/SCBT]

Show users would have displayed the line. I think you piped in 'show
session'. I think show session shows outgoing telnet connections. And show
user shows
connections on the lines...vty,aux,con and tty.

-Original Message-
From: McHugh Randy [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 25, 2003 7:59 AM
To: [EMAIL PROTECTED]
Subject: RE: Cant establish reverse telnet [7:63660]


I figured it out but dont really understand it. This is what I did
line con 0
 exec-timeout 0 0
 logging synchronous
line 97 112
 no exec  
 transport input all
line aux 0
line vty 0 4
 exec-timeout 0 0
 password 7 060506324F41
 login
!
end

TS#clear line 97
[confirm]
 [OK]
Was it just the line 97 that was stuck?
thx
Randy




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63666t=63660
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Ethernet Slot Time and Delay [7:63581]

[Newell Ryan D SrA 18 CS/SCBT]

If two 10 Base T Ethernet stations transmit at the same they receive data on
there receive pins. Will both stations send out a 32 bit jam sequence?
If both stations do send a jam signal, why is the slot time closely related
to round trip propagation delay? I would think it would be one way.

Ethernet, The Definitive Guide page 182 they have some values to use to
figure out propagation delay on 10 MB networks. There is a base value to
start with and from there you add delay per meter. Why is the base value not
zero? Also between segments the numbers do not make any sense. Going from
Base to Max I understand but between segments.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63581t=63581
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Ethernet Slot Time and Delay [7:63581]

[Newell Ryan D SrA 18 CS/SCBT]

 A collision could happen at the other end of the network segment.

I thought on 10BaseT net a NIC was notified of a collision by its RX pin
getting data. So if Station A was transmitting and it was on bit 27 and
station B
started TX and by the time it got Station As first bit and was on bit 2. Is
the collision said to happen at the location the data crossed on the 'bus'
or at the NIC? Back to exampleNow that Station B knows of the collision
it will finish its preamble and will send a jam signal. So will Station A. I
can see how round trip would make sense.  

 News of the collision has to travel back to the senders.

Would it be one of the senders sending jam signals? 

The signal travels outwards; the collision news travels back.

Not really sure what you mean.

I have been reading your book and the Ethernet book. I have been trying to
figure this out all weekend. If a bit is 17.7 meters long and the max of a
distance of a 10BaseT net is 500 meters with 4 hubs (20 bit times) that
gives a grand total of 105 bit times. Is this the propagation delay of the
cable? I've been trying to compare this to the definitive guides method and
it is just not making sense in my mind. Seems like I'm over complicating a
simple process.


-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Monday, February 24, 2003 4:51 AM
To: [EMAIL PROTECTED]
Subject: RE: Ethernet Slot Time and Delay [7:63581]


Some descriptions of Ethernet refer to a segment as one side of a hub, i.e.
just one link. The propagation delay information for a hubbed networks takes
into account the small amount of time for a repeater to repeat. The repeater
doesn't do much, but it does regenerate the preamble and signal. A set of
link segments connected via hubs is all one collision domain.

Anyway, read my book! Please! :-) It covers all of this in gory detail.

An earlier version of the Ethernet chapter is also available at
http://www.certificationzone.com/.

___

Priscilla Oppenheimer
www.troubleshootingnetworks.com
www.priscilla.com


Priscilla Oppenheimer wrote:
 
 Newell Ryan D SrA 18 CS/SCBT wrote:
  
  If two 10 Base T Ethernet stations transmit at the same they
  receive data on
  their receive pins. Will both stations send out a 32 bit jam
  sequence?
 
 Yes.
 
  If both stations do send a jam signal, why is the slot time
  closely related
  to round trip propagation delay? I would think it would be one
  way.
 
 A collision could happen at the other end of the network
 segment. News of the collision has to travel back to the
 senders. The signal travels outwards; the collision news
 travels back.
 
 The goal is to make sure that the sender is still sending when
 the news travels back, even if the news had to come from the
 far end of the network segment. If the sender weren't still
 sending, it wouldn't know that its transmission got damaged and
 wouldn't back off and retransmit. You would lose the feature of
 the NIC ensuring succussful transmission, which happens in a
 microsecond time span, and have to depend on an upper layer
 figuring out that there's a missing ACK, which happens in a
 millisecond or worse time span. So, slot time is dependent on
 round trip time because it considers the time for news of the
 collision to travel back.
 
 Both senders transmit a jam signal to busy out the network for
 another 32 bit times. At least one of them has to do it, but
 they can't know that the other one did, so they both do it.
 
 Your question doesn't make sense, but hopefully there's some
 info in that which will help you.
 
  
  Ethernet, The Definitive Guide page 182 they have some values
  to use to
  figure out propagation delay on 10 MB networks. There is a
 base
  value to
  start with and from there you add delay per meter. Why is the
  base value not
  zero? 
 
 Even light in a vacuum takes some time to travel any distance.
 It travels 299,792,458 meters per second to be exact, but
 still, it's not zero. A signal on a network cable travels about
 2/3 the speed of light.
 
 I don't know what base value you are referring to, but zero
 times anything is zero, so I doubt they could use a base value
 of zero regardless.
 
  Also between segments the numbers do not make any sense.
  Going from
  Base to Max I understand but between segments.
 
 A collision domain stops at the boundary between network
 segments. A network segment is devices connected via hubs or
 coax cable. In fact, it might help you to remember that
 Ethernet was originally a long bus, like a link of Christmas
 tree lights. The signal propagated outwards from the sender in
 both directions and travelled to the end of the segment, and
 hopefully not back if the segment was terminated correctly. But
 if there was a collision, the signal did bounce back.
 
 All hubs are is a way to gather this Christmas tree string of
 lights into a manageable structure. But when first learning
 CSMA/CD details, it helps to think

CEF on 6500 and ACLs [7:63175]

[Newell Ryan D SrA 18 CS/SCBT]

With CEF (PFC 2) if there is an adjacency for the destination host, to my
understanding, that packet will never be routed. It should just be rewritten
by the PFC 2 (SP). If this correct then these are my questions. 

1.  How does an IOS ACL affect the rewrite on the switch? 
2.  Where on the switch (SP) can I see that it knows an IOS ACL is
there?
3.  Is changing the flow mask on PFC 2(SP) just for Netflow stats.
Applying an IOS ACL had no effect on the flow mask.
4. Do MLS commands have on MSFC change anything?

Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63175t=63175
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CEF on 6500 and ACLs [7:63175]

[Newell Ryan D SrA 18 CS/SCBT]

Do you have a good link. I would like to know more. Thanks.

Why such a change from the PFC1/MSFC1. The concept you describe
below seems to be a big change. I knew there were intergrating but I could 
still define the seperation between router and switch with the PFC1/MSFC1.
GOTTA BE ON YOUR Ps and Qs or you get left behind.

Thats why I love this job! 

-Original Message-
From: Bob Sinclair [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 9:17 AM
To: Newell Ryan D SrA 18 CS/SCBT; [EMAIL PROTECTED]
Subject: Re: CEF on 6500 and ACLs [7:63175]


Some comments in-line.  It is becoming (has become?)  very difficult if  not
impossible to tease out the switch from the router  with PFC2/MSFC2.
This box has the functions of both, and they are integrated in the hardware.
For example,  the Layer 2 switching engine, the Qos engine and the ACL
engine are combined in the Lyra ASIC.


 With CEF (PFC 2) if there is an adjacency for the destination host, to my
 understanding, that packet will never be routed. It should just be
rewritten
 by the PFC 2 (SP). If this correct then these are my questions.

The packet is still routed, it just is never seen by the piece of hardware
we call the MSFC


 1. How does an IOS ACL affect the rewrite on the switch?
 2. Where on the switch (SP) can I see that it knows an IOS ACL is
 there?

On that part of the box (which is both switch and router) that we can view
through the IOS window

 3. Is changing the flow mask on PFC 2(SP) just for Netflow stats.

YES, exactly.

 Applying an IOS ACL had no effect on the flow mask.

YES, exactly

 4. Do MLS commands have on MSFC change anything?

I believe the MSFC2 can act as an RP for a Cat 5000 doing MLS.  I believe
the MLS commands there are for that purpose.


 Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63193t=63175
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CEF on 6500 and ACL?? [7:63136]

[Newell Ryan D SrA 18 CS/SCBT]

Running Hybrid mode SUPII/PFCII/MSFCII

To my understanding with MLS (PFC 1), the IOS ACL determines the flow mask.
And since it is route once switch many, any packets that match a deny
statement will be denied and the enable packet will never make it. The full
flow entry will not be in the MLS cache.

With CEF (PFC 2) if there is an adjacency for the destination host, to my
understanding, that packet will never be routed. It show just be rewritten
by the PFC 2 (SP). If all this correct than these are my questions. 

1.  How does an IOS ACL affect the rewrite on the switch? 
2.  Where on the switch (SP) can I see that it knows an IOS ACL is
there? 
3.  Is changing the flow mask on PFC 2(SP) just for Netflow stats.
Applying an IOS ACL had no effect on the flow mask.

Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63136t=63136
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: CEF on 6500 and ACL?? [7:63138]

[Newell Ryan D SrA 18 CS/SCBT]

Also do MLS commands on the MSFC do anything for CEF?


-Original Message-
From: Newell Ryan D SrA 18 CS/SCBT 
Sent: Monday, February 17, 2003 12:42 PM
To: '[EMAIL PROTECTED]'
Subject: CEF on 6500 and ACL?? 

Running Hybrid mode SUPII/PFCII/MSFCII

To my understanding with MLS (PFC 1), the IOS ACL determines the flow mask.
And since it is route once switch many, any packets that match a deny
statement will be denied and the enable packet will never make it. The full
flow entry will not be in the MLS cache.

With CEF (PFC 2) if there is an adjacency for the destination host, to my
understanding, that packet will never be routed. It show just be rewritten
by the PFC 2 (SP). If all this correct than these are my questions. 

1.  How does an IOS ACL affect the rewrite on the switch? 
2.  Where on the switch (SP) can I see that it knows an IOS ACL is
there? 
3.  Is changing the flow mask on PFC 2(SP) just for Netflow stats.
Applying an IOS ACL had no effect on the flow mask.

Thanks!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=63138t=63138
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP Recertification [7:62038]

[Moffett, Ryan]

Yes, and I just reinforced my knowledge of this having just my CCNP expire
this past Friday without taking the recert exam.   Even though I have my
CCDP, I have to take all CCNP tests over again.

-Original Message-
From: Bolton, Travis D [LTD] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 28, 2003 12:04 PM
To: [EMAIL PROTECTED]
Subject: CCNP Recertification [7:62038]


Team,

When you take the recert exam for your CCNP do you have to take it before
your cert expires?  If your cert expires before you take that test then does
that mean you need to retake all 4 exams again?

Travis Bolton 
Web Media
CCNP,CCDA

Try not to become a man of success, but rather try to become a man of
value. 
- Albert Einstein




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62042t=62038
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Telnet SYN/ACK pkt reply on TCP source port 3-6!!?? [7:61659]

[Newell Ryan D SrA 18 CS/SCBT]

I tried to telnet to a distant end 3660 router. Connection would timeout. I
was able to ping the router from my PC. The router 
could telnet to the router that was between my PC and itself. Ran capture
and the data yielded this

IP Source 10.0.0.1 Destination 10.0.1.2 TCP SYN destination port 23 source
port 2407  
IP Source 10.0.1.2 Destination 10.0.0.1 TCP SYN/ACK destination port 2407
source port 6 
IP Source 10.0.0.1 Destination 10.0.1.2 TCP RST destination port 6 source
port 2407

10.0.0.1 is my PC and 10.0.1.2 is the distant end router. I believe the RST
bit is set on the last packet because my PC is not listening to that port.
So it closes this connections with the RST bit.  

We got it working. But the funny thing is.

The user's 3660 had two interfaces. One on his LAN and one on my LAN. He was
using NAT. He had ip nat outside on both interfaces. The inside interface
was suppose to face my LAN. Once we removed NAT from the interface facing my
LAN, I could telnet to that interface. The NAT string told the router to
overload the interface facing my LAN. 

I understand that removing the misconfiguration fixed my first problem but
why? 

-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61659t=61659
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Telnet SYN/ACK pkt reply on TCP source port 3-6!!?? [7:61661]

[Newell Ryan D SrA 18 CS/SCBT]

Never mind. I figured it out. Just had to write the problem out in an email
to get my mind working.
When I was capturing data the SYN/ACK source port would change from 1-6.
That made me thank about how overloading works. The interface was configured
as an outside interface. The overload IP was the IP of the interface I was
attempting to telnet to. That's why layer 3 looked okay. But layer 4 threw
me off. When my reply packets got subjected to the NAT translation process
the router would change the source port according to the number of entires
it had. That is why it would change from 1-6. Sorry for sending this in. I
should of thought about it a little bit more :-(


-Original Message-
From: Newell Ryan D SrA 18 CS/SCBT 
Sent: Thursday, January 23, 2003 7:51 PM
To: '[EMAIL PROTECTED]'
Subject: Telnet SYN/ACK pkt reply on TCP source port 3-6!!??

I tried to telnet to a distant end 3660 router. Connection
would timeout. I was able to ping the router from my PC. The router 
could telnet to the router that was between my PC and
itself. Ran capture and the data yielded this

IP Source 10.0.0.1 Destination 10.0.1.2 TCP SYN destination
port 23 source port 2407  
IP Source 10.0.1.2 Destination 10.0.0.1 TCP SYN/ACK
destination port 2407 source port 6 
IP Source 10.0.0.1 Destination 10.0.1.2 TCP RST destination
port 6 source port 2407

10.0.0.1 is my PC and 10.0.1.2 is the distant end router. I
believe the RST bit is set on the last packet because my PC is not listening
to that port. So it closes this connections with the RST bit.  

We got it working. But the funny thing is.

The user's 3660 had two interfaces. One on his LAN and one
on my LAN. He was using NAT. He had ip nat outside on both interfaces. The
inside interface was suppose to face my LAN. Once we removed NAT from the
interface facing my LAN, I could telnet to that interface. The NAT string
told the router to overload the interface facing my LAN. 

I understand that removing the misconfiguration fixed my
first problem but why? 

-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61661t=61661
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

The New CCIE Written [7:61507]

[Ryan Ohagen]

Hello, has anyone taken or passed the 350-001 exam recently?  And if so, can
you please tell me what books you would recommend for this new exam?

Thanx


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61507t=61507
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: User Privilege Level [7:60469]

[Newell Ryan D SrA 18 CS/SCBT]

I know the thread is about dead but until you get TACACS+ server there are
some commands
you could implement to help the situation. The port is being disabled for a
reason.
You can configure the port to renable after 30 secs. using the command

set errdisable-timeout enable all
set errdisable-timeout interval 30

'All' would cover all the possible reason. If you knew what was causing 
the port to disable you could implement certain commands to cease 
the err-disable all together. For example if collision was the culprit 
then the following command would stop the error disable.

set option errport enable

Here is a link the will go into more detail.
http://www.cisco.com/warp/public/473/20.html

 



-Original Message-
From: Williams, Dave [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 08, 2003 11:33 PM
To: [EMAIL PROTECTED]
Subject: RE: User Privilege Level [7:60469]


Thanks for everyone's help.

What I mean by reset ports is to re-enable the switch ports after they
were err-disabled. These are Cisco 6500 series switches w/layer 3 blades.
The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b).

Since our technicians are in remote locations, if I can give them the
ability to re-enable the ports without getting into config mode, they don't
have to wait on one of our engineers to do it for them (which may take
hours).

I'll try to re-assign some set commands and see what happens.


Dave Williams, CCDA, CCNA, CCSA
Senior Network Engineer
(402) 661-2143


-Original Message-
From: Erick B. [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 06, 2003 9:37 PM
To: Williams, Dave; [EMAIL PROTECTED]
Subject: Re: User Privilege Level [7:60469]


Dave,

Priv. level 1 gives you basic show commands, etc. 

level 15 is full access like you mentioned.

levels 2-14 don't have any special commands , but you
re-assign commands to these levels for different users
for example. 

Theres also a priv level 0 which gives you close to no
commands on router IOS and you need to reduce the
level 1 (default level) to 0 if you make the priv
level 0 for line vty for example. I'm not sure if you
can go to 0 on the switches. 

When you say reset ports, do you mean clean counters
or shut/no shut the port? the latter would be config
access. What type of switch is this and version of
code? Awhile back when I was doing this for a client
there was a minor bug with the priv commands and
config mode for setting speed and duplex where the
commands weren't saved properly. haven't checked that
in quite awhile though.

Erick


--- Williams, Dave 
wrote:
 I've been searching CCO most of the afternoon and
 can't seem to find the
 correct URL.  I'm looking for a way to allow a
 technician to reset ports on
 a switch and look at interface stats, but not allow
 configuration access. 
 
 For example, I know that user level 15 is the same
 as having the enable
 password and user level 1 is the same as a generic
 user, but I don't know
 what the other levels do for me.
 
 Thanks in advance for your help.
 
 Dave Williams
 Senior Network Engineer
 (402) 661-2143
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61239t=60469
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: NETBIOS on WAN [7:61237]

[Newell Ryan D SrA 18 CS/SCBT]

IP helper will send NETBIOS broadcast and change the packet to a unicast to
the address given. But I not
really sure it will solve your problem. I have a few questions before I try
to answer your question.
1. Is there a DHCP server involved?
2. Do have Domain Controllers?
3. Do you want the browse list to contain both networks?

Last question is for everybody. Can the helper address be a directed
broadcast vs a single IP address? 

-Original Message-
From: Amazing [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 17, 2003 10:19 AM
To: [EMAIL PROTECTED]
Subject: Re: NETBIOS on WAN [7:61237]


ip helper address on the ethernet interface of the remote router.

this will change the nbns broadcast to a unicast directed at the remote lan


Frederico Madeira  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hellow,

 how i configure an 2600 router to permit acess for network neighborhood to
 computers on the lan, in other words, how i make to see all computers of
 my WAN in network neighborhood of windows explore ?

 Fred




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61246t=61237
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 3640 Router ATM PVC Problem [7:61077]

[Newell Ryan D SrA 18 CS/SCBT]

I think your right. I know some IOS versions use the 'atm pvc' command.
So I agreewhat IOS version he is running is a key component to know
to resolve this problem. 

-Original Message-
From: The Long and Winding Road
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 4:30 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 3640 Router ATM PVC Problem [7:61077]


pvc x/y should work, which leads me to wonder about your IOS version. What
are you running? what is the image name?

I do not see an atm pvc command in the 12.1 command reference.

also you mention something about connecting two 3640's back to back via an
OC3 card? I'm not sure you can do that. someone smarter than I will provide
a definitive answer, I'm sure.



Ken Chipps  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I am using a sample configuration from cisco that looks like this

 First command config t
 Second command ip routing
 Third command interface atm 1/0
 Fourth command no shutdown
 Fifth command ip address 10.0.2.1 255.255.255.0
 Sixth command pvc 1 32
 Seventh command protocol ip 10.0.2.2 broadcast

 The sixth command is where it fails. It does not recognize the pvc.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
 Newell Ryan D SrA 18 CS/SCBT
 Sent: Tuesday, January 14, 2003 11:32 PM
 To: [EMAIL PROTECTED]
 Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077]

 What commands are you typing in? To create a PVC the syntax is
 int atm 1
 atm pvc 6 0 106 aal5snap
 I think you are missing the 'atm' before pvc.

 There are several ways to hook the 3640s back to back. If they are
 within
 fastethernet distance limitations you could use the fastethernet
 interfaces.

 -Original Message-
 From: Ken Chipps [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, January 15, 2003 1:40 PM
 To: [EMAIL PROTECTED]
 Subject: Cisco 3640 Router ATM PVC Problem [7:61077]


 I am attempting to setup a PVC between two Cisco 3640 Routers connected
 back
 to back. The interface is an OC3 card. Whenever I issue the PVC command
 on
 the ATM interface it says a PVC is not supported. If I use the ? to see
 for
 supported commands for the interface, no PVC command is listed. Is there
 some software upgrade I need for this? Or is there some other way to
 conenct
 two 3640s back to back?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61087t=61077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 3640 Router ATM PVC Problem [7:61077]

[Newell Ryan D SrA 18 CS/SCBT]

You said that you got the sample configuration from cisco. Do you have the
link?
I would like to look at something. My router supports both 'pvc' and 'atm
pvc'.
But 'pvc' has no vcd and only can operate with qsaal and ilmi. The 'atm pvc'
does 
have a vcd and can support ilmi, qsaal, and all the atm adaptation layer
protocols.
Something else to look at!

-Original Message-
From: Ken Chipps [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 5:59 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077]


Thanks for the suggestions from everyone. I will check the software
version tonight. I assumed this was the most recent version as we
purchased these units only a few months ago, but perhaps not.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Amar
Sent: Wednesday, January 15, 2003 1:59 PM
To: [EMAIL PROTECTED]
Subject: Re: Cisco 3640 Router ATM PVC Problem [7:61077]

lation_guide_chapter09186a00800e4789.html#xtocid39

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_command_
refe
rence_chapter09186a00800ca7db.html#xtocid5

check the  above links, they have the info u need.
rgds

Daniel Cotts  a icrit dans le message de news:
[EMAIL PROTECTED]
 Here's a config from 11.3. Commands have changed quite a bit.
 Note that clocking must be provided on one end.
 If the cards are single-mode fiber he might have to attenuate the
signal.

 interface ATM6/0
  description Location
  no ip address
  no ip route-cache optimum
  atm clock INTERNAL
 !
 interface ATM6/0.1 multipoint (could be point-to-point)
  description pvc to Data Center via XYZ fiber
  ip address aaa.bbb.7.250 255.255.255.252 secondary
  ip address 10.1.19.2 255.255.255.0
  atm pvc 1 0 35 aal5snap
  map-group TGN
  appletalk cable-range 10119-10119 10119.2
  appletalk zone ATM
 !

 !
 map-list TGN
  ip 10.1.19.1 atm-vc 1 broadcast
  ip aaa.bbb.7.249 atm-vc 1 broadcast
  appletalk 10119.1 atm-vc 1 broadcast

  -Original Message-
  From: Newell Ryan D SrA 18 CS/SCBT
[mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, January 15, 2003 2:58 AM
  To: [EMAIL PROTECTED]
  Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077]
 
 
  I think your right. I know some IOS versions use the 'atm
  pvc' command.
  So I agreewhat IOS version he is running is a key
  component to know
  to resolve this problem.
 
  -Original Message-
  From: The Long and Winding Road
  [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, January 15, 2003 4:30 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Cisco 3640 Router ATM PVC Problem [7:61077]
 
 
  pvc x/y should work, which leads me to wonder about your
  IOS version. What
  are you running? what is the image name?
 
  I do not see an atm pvc command in the 12.1 command reference.
 
  also you mention something about connecting two 3640's back
  to back via an
  OC3 card? I'm not sure you can do that. someone smarter than
  I will provide
  a definitive answer, I'm sure.
 
 
 
  Ken Chipps  wrote in message
  [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
   I am using a sample configuration from cisco that looks like this
  
   First command config t
   Second command ip routing
   Third command interface atm 1/0
   Fourth command no shutdown
   Fifth command ip address 10.0.2.1 255.255.255.0
   Sixth command pvc 1 32
   Seventh command protocol ip 10.0.2.2 broadcast
  
   The sixth command is where it fails. It does not recognize the
pvc.
  
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
  On Behalf Of
   Newell Ryan D SrA 18 CS/SCBT
   Sent: Tuesday, January 14, 2003 11:32 PM
   To: [EMAIL PROTECTED]
   Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077]
  
   What commands are you typing in? To create a PVC the syntax is
   int atm 1
   atm pvc 6 0 106 aal5snap
   I think you are missing the 'atm' before pvc.
  
   There are several ways to hook the 3640s back to back. If they are
   within
   fastethernet distance limitations you could use the fastethernet
   interfaces.
  
   -Original Message-
   From: Ken Chipps [mailto:[EMAIL PROTECTED]]
   Sent: Wednesday, January 15, 2003 1:40 PM
   To: [EMAIL PROTECTED]
   Subject: Cisco 3640 Router ATM PVC Problem [7:61077]
  
  
   I am attempting to setup a PVC between two Cisco 3640
  Routers connected
   back
   to back. The interface is an OC3 card. Whenever I issue the
  PVC command
   on
   the ATM interface it says a PVC is not supported. If I use
  the ? to see
   for
   supported commands for the interface, no PVC command is
  listed. Is there
   some software upgrade I need for this? Or is there some other way
to
   conenct
   two 3640s back to back?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61142t=61077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations t

RE: Cisco 3640 Router ATM PVC Problem [7:61077]

[Newell Ryan D SrA 18 CS/SCBT]

It is amazing that the thread has gone for so long. I think some one has the
answer. Angel's router does have a vcd. While 
the example from Cisco does not. How do you configure AAL protocol for this
syntax?

'show version'

-Original Message-
From: Angel Leiva [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 7:25 AM
To: [EMAIL PROTECTED]
Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077]


Ken,

I have two 3660 routers connected back to back via an OC3 link in a lab
environment. They are using IOS 12.0(7)T, IP Enterprise Version. 

You seem to be missing the VCD ( Virtual Channel Descriptor) between the pvc
and the vpi/vci command entries. Also, the vpi/vci syntax appears to be
incorrect in your configuration:

Take a look at the ATM interface configs on my working routers:

Router A:

!
interface ATM1/0
 ip address 10.10.10.2 255.255.255.0
 no ip directed-broadcast
 ip ospf network point-to-point
 atm clock INTERNAL
 atm ilmi-keepalive
 pvc Dallas 1/100   I am using a sample configuration from cisco that
looks like this

 First command config t
 Second command ip routing
 Third command interface atm 1/0
 Fourth command no shutdown
 Fifth command ip address 10.0.2.1 255.255.255.0
 Sixth command pvc 1 32
 Seventh command protocol ip 10.0.2.2 broadcast

 The sixth command is where it fails. It does not recognize the pvc.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
 Newell Ryan D SrA 18 CS/SCBT
 Sent: Tuesday, January 14, 2003 11:32 PM
 To: [EMAIL PROTECTED]
 Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077]

 What commands are you typing in? To create a PVC the syntax is
 int atm 1
 atm pvc 6 0 106 aal5snap
 I think you are missing the 'atm' before pvc.

 There are several ways to hook the 3640s back to back. If they are
 within
 fastethernet distance limitations you could use the fastethernet
 interfaces.

 -Original Message-
 From: Ken Chipps [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, January 15, 2003 1:40 PM
 To: [EMAIL PROTECTED]
 Subject: Cisco 3640 Router ATM PVC Problem [7:61077]


 I am attempting to setup a PVC between two Cisco 3640 Routers connected
 back
 to back. The interface is an OC3 card. Whenever I issue the PVC command
 on
 the ATM interface it says a PVC is not supported. If I use the ? to see
 for
 supported commands for the interface, no PVC command is listed. Is there
 some software upgrade I need for this? Or is there some other way to
 conenct
 two 3640s back to back?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61153t=61077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Cisco 3640 Router ATM PVC Problem [7:61077]

[Newell Ryan D SrA 18 CS/SCBT]

What commands are you typing in? To create a PVC the syntax is
int atm 1
atm pvc 6 0 106 aal5snap
I think you are missing the 'atm' before pvc.

There are several ways to hook the 3640s back to back. If they are within 
fastethernet distance limitations you could use the fastethernet interfaces.

-Original Message-
From: Ken Chipps [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 1:40 PM
To: [EMAIL PROTECTED]
Subject: Cisco 3640 Router ATM PVC Problem [7:61077]


I am attempting to setup a PVC between two Cisco 3640 Routers connected back
to back. The interface is an OC3 card. Whenever I issue the PVC command on
the ATM interface it says a PVC is not supported. If I use the ? to see for
supported commands for the interface, no PVC command is listed. Is there
some software upgrade I need for this? Or is there some other way to conenct
two 3640s back to back?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61078t=61077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco 3640 Router ATM PVC Problem [7:61077]

[Newell Ryan D SrA 18 CS/SCBT]

Try to add atm in front of that.

-Original Message-
From: Ken Chipps [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 3:23 PM
To: 'Newell Ryan D SrA 18 CS/SCBT'; [EMAIL PROTECTED]
Subject: RE: Cisco 3640 Router ATM PVC Problem [7:61077]


I am using a sample configuration from cisco that looks like this

First command config t
Second command ip routing
Third command interface atm 1/0
Fourth command no shutdown
Fifth command ip address 10.0.2.1 255.255.255.0
Sixth command pvc 1 32
Seventh command protocol ip 10.0.2.2 broadcast

The sixth command is where it fails. It does not recognize the pvc.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Newell Ryan D SrA 18 CS/SCBT
Sent: Tuesday, January 14, 2003 11:32 PM
To: [EMAIL PROTECTED]
Subject: FW: Cisco 3640 Router ATM PVC Problem [7:61077]

What commands are you typing in? To create a PVC the syntax is
int atm 1
atm pvc 6 0 106 aal5snap
I think you are missing the 'atm' before pvc.

There are several ways to hook the 3640s back to back. If they are
within 
fastethernet distance limitations you could use the fastethernet
interfaces.

-Original Message-
From: Ken Chipps [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 15, 2003 1:40 PM
To: [EMAIL PROTECTED]
Subject: Cisco 3640 Router ATM PVC Problem [7:61077]


I am attempting to setup a PVC between two Cisco 3640 Routers connected
back
to back. The interface is an OC3 card. Whenever I issue the PVC command
on
the ATM interface it says a PVC is not supported. If I use the ? to see
for
supported commands for the interface, no PVC command is listed. Is there
some software upgrade I need for this? Or is there some other way to
conenct
two 3640s back to back?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61080t=61077
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Connecting DSL to Synchronous Serial Port [7:60930]

[Newell Ryan D SrA 18 CS/SCBT]

Yes there is. From my experience with this I know that ADC sells a modular
SDSL modem. You can use either an ethernet,
RS-530, V.35, or RS-449 interface with this modem. The serial card is FLEX
module with two data ports and 1 DSX port. 
The data port interfaces are a mini-SCSI 26 pin port. ADC offers a
conversion cable(DB-26RS-530,V.35, or RS-449). 
The DTE side is female though, so you would need the male adapter of
whatever standard you wanted to convert it to. 
A cisco male RS-530 to DB-60 would suffice if wanted to use RS-530.

'UP AND COMING'

-Original Message-
From: Mahler David [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 13, 2003 11:59 AM
To: [EMAIL PROTECTED]
Subject: Connecting DSL to Synchronous Serial Port [7:60930]


Hi all,

I'm trying to figure out if there is a way to connect SDSL service to a 2501
router through the Syncronous Serial port.  If so what kind of cable is
needed??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=60991t=60930
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco PDM and Manual configuration [7:58555]

[Moffett, Ryan]

PDM gets messed up once in a while if command line changes are made.   I
cannot remember specifics of the scenarios in which this happens, however
from the command line under config mode, clear pdm seems to keep things on
track.   It resets the PDM configuration and the next time PDM is run, it
runs as though it has never been run before.   

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 04, 2002 12:27 PM
To: [EMAIL PROTECTED]
Subject: Cisco PDM and Manual configuration [7:58555]


I have a quick question for the group.  Normally I configure
PIX's by hand, manual, straight forward configs.  I seem to 
remember that it use to be a no-no to mix manual configuration
of a PIX with PDM configuration, something about PDM 
getting confused, or the manual configuration getting hosed
by PDM.  Is it still that way, or is it safe to use PDM and then
from time to time do something manual?

Thanks,

Brian
-- 
---
Brian Feeny, CCIE #8036e: [EMAIL PROTECTED]
Network Engineer   p: 318.222.2638x109  
ShreveNet Inc. f: 318.221.6612




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58557t=58555
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Programming Language for Network Engingeers. [7:58032]

[Moffett, Ryan]

Perl - Use it to do many things like parsing log files, parsing and even
generating config files.   Too many uses to list.  Once you learn what perl
is and what it can do, you WILL find uses for it.  

Expect - Use it to script things that otherwise would only be able to occur
interactively with network devices, such as Telnet to a router, log on, dump
the config to a tftp server.  Or, create an expect script to log on to a
router, copy tftp image to flash and reload, then set this to run via a cron
job for an unattended router upgrade (yes, that is risky but some people can
get away with it :-).  

If you run both on unix/linux, learn bash or whatever shell you plan on
using because you will find many useful functions built into the shell.

It isn't unrealistic to setup a generic unix/linux system with Perl, Expect
and a TFTP server to to manage all of your device configs, images and
logfiles.   

-Original Message-
From: John Tafasi [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 25, 2002 10:28 AM
To: [EMAIL PROTECTED]
Subject: Programming Language for Network Engingeers. [7:58032]


What programming languages a network engineer MIGHT need to perform his job?

What do network engineers or adminiastrators do with a programming language?
please elaborate

I am looking to learn a couple of programming language that I may need on
the job and I need you advice.

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58040t=58032
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Programming Language for Network Engingeers. [7:58032]

[Moffett, Ryan]

I don't know of any specific books for Network Engineers, but I would start
with the O'Reilly books on Perl and Expect.   They are well written but
general in nature.

go to: http://www.oreilly.com/

And take a look at:
Learning Perl, 3rd Edition
Programming Perl, 3rd Edition
Perl for System Administration
Exploring Expect


-Original Message-
From: John Tafasi [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 25, 2002 12:58 PM
To: Moffett, Ryan; [EMAIL PROTECTED]
Subject: Re: Programming Language for Network Engingeers. [7:58032]


This a nice answer, but do you know any book that specifically deal with
programming for network engineers?

- Original Message -
From: Moffett, Ryan 
To: 'John Tafasi' ; 
Sent: Monday, November 25, 2002 10:20 AM
Subject: RE: Programming Language for Network Engingeers. [7:58032]


 Perl - Use it to do many things like parsing log files, parsing and even
 generating config files.   Too many uses to list.  Once you learn what
perl
 is and what it can do, you WILL find uses for it.

 Expect - Use it to script things that otherwise would only be able to
occur
 interactively with network devices, such as Telnet to a router, log on,
dump
 the config to a tftp server.  Or, create an expect script to log on to a
 router, copy tftp image to flash and reload, then set this to run via a
cron
 job for an unattended router upgrade (yes, that is risky but some people
can
 get away with it :-).

 If you run both on unix/linux, learn bash or whatever shell you plan on
 using because you will find many useful functions built into the shell.

 It isn't unrealistic to setup a generic unix/linux system with Perl,
Expect
 and a TFTP server to to manage all of your device configs, images and
 logfiles.

 -Original Message-
 From: John Tafasi [mailto:[EMAIL PROTECTED]]
 Sent: Monday, November 25, 2002 10:28 AM
 To: [EMAIL PROTECTED]
 Subject: Programming Language for Network Engingeers. [7:58032]


 What programming languages a network engineer MIGHT need to perform his
job?

 What do network engineers or adminiastrators do with a programming
language?
 please elaborate

 I am looking to learn a couple of programming language that I may need on
 the job and I need you advice.

 Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58045t=58032
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CSS11800 for content network specialist on ebay $6 [7:57709]

[Moffett, Ryan]

can anyone believe how cheap these are going for?   It makes it pretty
reasonable to get one for the content network specialist certification.  

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2070179172
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemitem=2066928817

$665 was the end price for one of these!   Can anyone shed some light as to
why the market value of these is so low?

Ryan Moffett - CCNP, CCDP 
Senior Network Architect 
Sterling Commerce 
4600 Lakehurst Ct. 
Dublin, OH 43016 
phone: (614) 791-6448 
cell: (614) 260-1442 
email: [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57709t=57709
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: VTP modes Server/Client vs Transparent [7:57650]

[Newell Ryan D SrA 18 CS/SCBT]

Presently we run end to end vlans w/LANE. We are going to the gigabit
ethernet design with end to end vlans. We plan for a slow migration to local
vlans. Once the migration to local vlans is complete then a server/client
model might be more efficient. Talking to another network professional,
transparent mode seemed to be the only way during the transition period to
local vlans. I really prefer transperent over the server/client model. But I
don't want my ill advised emotions not to give the other side a fair chance.

-Original Message-
From: Zim [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 19, 2002 9:01 PM
To: [EMAIL PROTECTED]
Subject: Re: VTP modes Server/Client vs Transparent [7:57650]


Like most networking problems it depends.  How large is your switch domain?
Are you doing End to End VLANs or Local?  How large is your STP domain now?
Will it grow larger?  Here a link I would start with
http://www.cisco.com/warp/customer/473/21.html ( stater for VTP)
then hit this one
http://www.cisco.com/warp/public/cc/so/neso/lnso/cpso/gcnd_wp.htm (covers
GigE Design)
Design solutions are usually need and resource driven...as for standards
they change(some daily).  JMHO


Newell Ryan D SrA 18 CS/SCBT  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Network is migrating from ATM to Gigabit Ethernet. Transparent mode was
 default VTP for all distribution layer switches. We had hubs for all
access
 layer switches. With the new migration to Gigabit switches would be at all
 access layer buildings. Would it be beneficial to run transparent abroad
or
 a server/client model.


 Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57736t=57650
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

VTP modes Server/Client vs Transparent [7:57650]

[Newell Ryan D SrA 18 CS/SCBT]

Network is migrating from ATM to Gigabit Ethernet. Transparent mode was
default VTP for all distribution layer switches. We had hubs for all access
layer switches. With the new migration to Gigabit switches would be at all
access layer buildings. Would it be beneficial to run transparent abroad or
a server/client model.


Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57650t=57650
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CPU Utilization on Cat3548XL - a mystery.. [7:57494]

[Moffett, Ryan]

-Original Message-
From: [EMAIL PROTECTED] [mailto:simonkc;netsol.co.in]
Sent: Friday, November 15, 2002 8:51 AM
To: [EMAIL PROTECTED]
Subject: CPU Utilization on Cat3548XL - a mystery.. [7:57494]


I have an out-of-the-box Catalyst3548XL switch .There are no user
connections nor trunk connections on the switch...just a plain switch with a
power chord But the CPU utilization shows a consistent 50%. Can anybody
explain???  



Thanks in advance, 
Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57504t=57494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CPU Utilization on Cat3548XL - a mystery.. [7:57494]

[Moffett, Ryan]

Strange, my sent items shows the URL I pasted, but the URL was cut out on
the message to the group...what gives?

Anyway, http://www.cisco.com/warp/customer/473/19.html should give you all
you need.

-Original Message-
From: [EMAIL PROTECTED] [mailto:simonkc;netsol.co.in]
Sent: Friday, November 15, 2002 8:51 AM
To: [EMAIL PROTECTED]
Subject: CPU Utilization on Cat3548XL - a mystery.. [7:57494]


I have an out-of-the-box Catalyst3548XL switch .There are no user
connections nor trunk connections on the switch...just a plain switch with a
power chord But the CPU utilization shows a consistent 50%. Can anybody
explain???  



Thanks in advance, 
Simon




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57512t=57494
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: PIX and USB ports [7:56862]

[Ryan Finnesey]

What would be a good way to manage the IX remotely ?


Ryan,


Greg Owens wrote:

It is for future use.

-Original Message-
From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com] On Behalf Of
Firesox
Sent: Monday, November 04, 2002 8:04 PM
To: [EMAIL PROTECTED]
Subject: PIX and USB ports [7:56862]

I would like to setup and outband connection to the pix 506E/515E thru
the
USB ports.
I have USB modem hooked up to my pixs, but I cannot find the article to
setup the USB ports.
When dialin to the modem, it wouldn't respond...

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56865t=56862
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

forum.cisco.com ? [7:56734]

[Ryan Finnesey]

Does anyone know if the groups at forum.cisco.com can be access has news
groups ?


Ryan,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56734t=56734
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Questions before tests [7:56452]

[Moffett, Ryan]

The way I interpret this is that the answers you provide will be evaluated
against your score and performance for future development of tests,
including future scoring mechanisms on exams that are authored.   I don't
think it is real-time modification of question pools or scoring criteria.
I believe they are attempting to gather statistics to make sure the tests
are updated properly as time goes on.  For example, if someone has 1 year of
experience, but can pass all of the CCNP tests, great, good for him.  But if
a high percentage of candidates with 1 year of experience can pass the CCPN
tests, then they must evaluate why the tests are so easy to pass.   It would
make sense that they would want these kinds of statistics.  This is purely
my speculation as to the reasoning behind the pre-exam questions..

-Original Message-
From: Kaminski, Shawn G [mailto:shawn.kaminski;eds.com]
Sent: Tuesday, October 29, 2002 11:42 AM
To: [EMAIL PROTECTED]
Subject: RE: Questions before tests [7:56452]


Although this topic has been discussed in the past, there seems to be
disagreement on the correct answer. Personally, I have read the wording
before some of the surveys and it actually says that your answers will be
used to help determine scoring on the exam. I don't believe it determines
what questions you get, only the scoring. Whether it's done on all the exams
or just some, I don't know. How it's done, I also don't know. My guess is if
you downplay your skills too much, you will be graded harder because your
skills should match the certification you're trying to achieve. Regardless,
don't downplay your skills too much and make sure you really know the
material to be safe! :-)

Shawn K.

-Original Message-
From: Aaron Ajello [mailto:aajello;yahoo.com]
Sent: Tuesday, October 29, 2002 9:48 AM
To: [EMAIL PROTECTED]
Subject: Questions before tests [7:56452]


I'm working on my CCNP, just have CIT to go and when I have taken the first
three, I just kindof flew through the questions before the test where Cisco
asks about your experience level, whether or not you can configure things on
your own or need help with a coworker, etc.

Is it true that your answers will determine how the test is graded or what
types of questions you will get on the actual test?  I thought it was merely
a survey so Cisco could get an idea of what types of backgrounds people had
who were taking their tests.  But recently I read where someone says those
questions will actually determine how Cisco tests you and which questions
from the pool you will receive.

This seems ridiculous to me, but I have to ask.

thanks,
Aaron




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56469t=56452
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATT MPLS netwo rk ? [7:56186]

[Ryan Finnesey]

Is anyone using ATT MPLS ( it is also called eVPN or IP-enabled Frame
Relay )network to link offices and also running VoIP ?  If so any
problems ?  I am looking to link office in India, Mexico New York and
also Boston.



Ryan.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56186t=56186
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATT MPLS netwo rk ? [7:56187]

[Ryan Finnesey]

Is anyone using ATT MPLS ( it is also called eVPN or IP-enabled Frame
Relay )network to link offices and also running VoIP ?  If so any
problems ?  I am looking to link office in India, Mexico New York and
also Boston.



Ryan.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56187t=56187
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NetIQ VoIP Manager Suite [7:56258]

[Ryan Finnesey]

Is anyone using VoIP Manager Suite to monitor VoIP ?



Ryan,




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56258t=56258
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ATT MPLS netwo rk ? [7:56047]

[Ryan Finnesey]

Is anyone using ATT MPLS ( it is also called eVPN or IP-enabled Frame 
Relay )network to link offices and also running VoIP ?  If so any 
problems ?  I am looking to link office in India, Mexico New York and 
also Boston.  



Ryan.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=56047t=56047
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Three 24 Gbps Switching Engines at 18 Mpps (Layer2)!?! [7:54833]

[Newell Ryan D SrA 18 CS/SCBT]

What does this mean. I was looking at table 21-112. The difference between
supervisor engine I and supervisor engine II is that the I has 24 Gbps
switching engine and the
II has three 24 Gbps. Yet the pps remains the same(18Mpps). Is there a
direct correlation between the switching fabric and the switching
throughput. If there is reading online that would be great.
Here is the link I was referring to. 

http://www.cisco.com/univercd/cc/td/doc/pcat/ca4000.htm

Ryan Newell




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54833t=54833
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

AAA in console [7:54282]

[Newell Ryan D SrA 18 CS/SCBT]

How can I configure authorization on the console port?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54282t=54282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: AAA in console [7:54282]

[Newell Ryan D SrA 18 CS/SCBT]

I think the link is missing? 
Thanks btw

-Original Message-
From: Duncan Wallace [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 7:49 AM
To: [EMAIL PROTECTED]
Subject: RE: AAA in console [7:54282]


Ryan - This is a great link for that, and a great overall document to
have...

Thanks,
 
Duncan Wallace
12835 SW Thunderhead Way
Beaverton, Or. 97008
503-646-5707
[EMAIL PROTECTED]
 
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Newell Ryan D SrA 18 CS/SCBT
Sent: Thursday, September 26, 2002 2:54 PM
To: [EMAIL PROTECTED]
Subject: AAA in console [7:54282]

How can I configure authorization on the console port?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54289t=54282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: AAA in console [7:54282]

[Newell Ryan D SrA 18 CS/SCBT]

Nigel,

 Your first question I think is very key to my situation. I wanted
local administrators to have minimal control via telnet and console.
I was able to tailor these commands on the vty ports. I tried to apply
the same commands to console and it did not work. I was informed that 
there was a hidden command,aaa authorization console, only in implemanted 
certian IOS images. Answering your first question, I think they should not 
have access to the console. The reason why I pose this question is for 
general knowledge. Is the aaa authorization console command what I'm
missing.
-Original Message-
From: Nigel Taylor [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 27, 2002 8:33 AM
To: [EMAIL PROTECTED]
Subject: Re: AAA in console [7:54282]


Ryan,
 I noted your earlier post on this topic and my first question
is..What's the problem you're trying to solve?  Configuring AAA on the
console should be very straight forward, however this could very easily
change based on your identified or outlined requirements.   A couple of
question;

1.  who will be typically accesing the console?
2.  What will be authenticating the user? TACACS+/RADIUS/the Router etc..
3.  Do you plan on using the local database should tacacs fail?
4.  Will you have redundant/secondary tacacs/radius device?

I've seen some enterprises where they  prefered not to have any passwords
configured on the local device short of the enable secret, which should
survive a password checker like Getpass.  Of course the console password
was left outside the scope of AAA, as it provided the only way to access the
device if the tacacs/radius server(s) were unreachable.

HTH

Nigel

- Original Message -
From: Newell Ryan D SrA 18 CS/SCBT 
To: 
Sent: Thursday, September 26, 2002 5:53 PM
Subject: AAA in console [7:54282]


 How can I configure authorization on the console port?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54292t=54282
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ACS 2.6 dictionary [7:54043]

[Ryan]

hi all,

anybody know how i can update the dictionary files for Cisco ACS 2.6 running
on windows NT or 2000 server ?

any suggestion is apprecited.

thanks in advance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54043t=54043
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Routed interfaces vs. Switched interfaces on 6500 [7:54170]

[Newell Ryan D SrA 18 CS/SCBT]

Referencing LAN Switching I have a question concerning routed vs. switched
interfaces on the 6500 running in native IOS mode.
If the diagram on page 832 is correct I'm confused about MLS. Does the
PFC/NFFC have the ability of caching flows between 
an interface configured as a switched/routed interface??
 

Ryan Newell




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54170t=54170
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Routed interfaces vs. Switched interfaces on 6500 [7:54170]

[Newell Ryan D SrA 18 CS/SCBT]

Sort ofThe 6500 has two modes it can operate in. Hybrid
Mode or Native IOS Mode. The Hybrid Mode allows the user to interface
with the switch side using the catalyst XDI/CatOS image. So all 
ports are switched ports. I think this allows the caching method 
you speak of to take place. The Native IOS mode gives the user an 
all IOS feel. The interfaces default to routed interfaces. You have 
issue the switch mode access command to turn the interface into a 
port. The diagram in the book and I think something else I read before
leads me to believe that MLS will not work between switched and routed 
interface on a 6500 running in Native IOS Mode. Just trying to clarify.
Thanks for ANY input.
Ryan
-Original Message-
From: Robert Edmonds [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 26, 2002 1:59 PM
To: [EMAIL PROTECTED]
Subject: Re: Routed interfaces vs. Switched interfaces on 6500 [7:54170]


Ryan,
If I understand your question, then I think I may be able to help.
I believe what it means when it talks about caching flows, is that it caches
the information about the flow -- particularly the path the flow will take.
This makes it so the layer 2 portion of the switch doesn't have to send
every packet to the router to make the layer 3 decision to route the packet.
The basic process for MLS is like this.  A stream of data comes into the
router interface that is destined for a network other than the one it came
in on, another VLAN.  The switch sends the first packet in the flow to the
MSFC (in the case of the 6500) to determine the path that should be taken to
the remote network.  The MSFC figures out how it should get to the remote
network, sends the information to the switch, and the rest of the packets
are switched using the information provided by the MSFC.  Depending on the
flow mask used, the next flow that comes through with the same destination
address, may be able to be fast-switched (hope I used the right term)
directly to the destination in question.
Did I answer your question?  Hope I have helped.

Newell Ryan D SrA 18 CS/SCBT  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Referencing LAN Switching I have a question concerning routed vs. switched
 interfaces on the 6500 running in native IOS mode.
 If the diagram on page 832 is correct I'm confused about MLS. Does the
 PFC/NFFC have the ability of caching flows between
 an interface configured as a switched/routed interface??


 Ryan Newell




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54185t=54170
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Recall: Exec shell+console+AAA [7:53601]

[Newell Ryan D SrA 18 CS/SCBT]

Newell Ryan D SrA 18 CS/SCBT would like to recall the message, Exec
shell+console+AAA.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53601t=53601
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Exec shell+console+AAA [7:53602]

[Newell Ryan D SrA 18 CS/SCBT]

Evening group,

What I have a TACACS server and the setup we are trying to achieve goes as
follows:
I want the LAN admins to have minimal control on there switches in there
area. We have
accomplished that one the vty ports. Here is the config:

Server
user=test 
password=test12
service-shell 
set priv-level=15
service=shell 
default cmd=(permit/deny)And the commands we want are here.
prohibit cmd=x
cmd=y{

Switch

aaa new-model
aaa authentication login telnet group tacacs+ line none
aaa authorization exec privilege group tacacs+ none
aaa authorization commands 15 cmd group tacacs+ none
line con 0
 exec-timeout 5 0
 password 7 x
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet

It works great for vty but not for console. I read somewhere about a hidden
authorization command for console but it is not working. Here is a debug.
xxx#debug aaa authorization
*Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
*Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0
port=0 channel=0
*Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
*Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
*Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
Failed attempts for console
*Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
*Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0
port=2 channel=0
*Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
list='privilege' service=EXEC
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
(tacacs+)
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
PASS_ADD
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
Passed attempts for console
I think my understanding of exec shell is what's hurting me. Any comments or
advice would be greatly appreciated.

































SrA Ryan Newell
18th Communications Squadron
Infrastructure Engineer
CCNA, SCP
634-7999
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53602t=53602
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Exec Shell + Console [7:53661]

[Newell Ryan D SrA 18 CS/SCBT]

Evening group,

What I have a TACACS server and the setup we are trying to achieve goes as
follows:
I want the LAN admins to have minimal control on there switches in there
area. We have
accomplished that one the vty ports. Here is the config:

Server
user=test 
password=test12
service-shell 
set priv-level=15
service=shell 
default cmd=(permit/deny)And the commands we want are here.
prohibit cmd=x
cmd=y{

Switch

aaa new-model
aaa authentication login telnet group tacacs+ line none
aaa authorization exec privilege group tacacs+ none
aaa authorization commands 15 cmd group tacacs+ none
line con 0
 exec-timeout 5 0
 password 7 x
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet

It works great for vty but not for console. I read somewhere about a hidden
authorization command for console but it is not working. Here is a debug.
xxx#debug aaa authorization
*Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
*Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0
port=0 channel=0
*Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
*Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
*Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
Failed attempts for console
*Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
*Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0
port=2 channel=0
*Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
list='privilege' service=EXEC
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
(tacacs+)
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
PASS_ADD
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
Passed attempts for console
I think my understanding of exec shell is what's hurting me. Any comments or
advice would be greatly appreciated.






Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53661t=53661
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Exec Shell + Console [7:53661]

[Newell Ryan D SrA 18 CS/SCBT]

That would be nice but we have over 400 switches any several LAN admins who
could t'shoot hubs
but know they need minimal configuration control for t'shooting.

-Original Message-
From: nettable_walker [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Exec Shell + Console [7:53661]


9/19/2002   9:40pm  Thursday

You could just tell your LAN admins not to change anything on the switches.


Newell Ryan D SrA 18 CS/SCBT  wrote in
message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Evening group,

 What I have a TACACS server and the setup we are trying to achieve goes as
 follows:
 I want the LAN admins to have minimal control on there switches in there
 area. We have
 accomplished that one the vty ports. Here is the config:

 Server
 user=test
 password=test12
 service-shell
 set priv-level=15
 service=shell
 default cmd=(permit/deny)And the commands we want are here.
 prohibit cmd=x
 cmd=y{

 Switch

 aaa new-model
 aaa authentication login telnet group tacacs+ line none
 aaa authorization exec privilege group tacacs+ none
 aaa authorization commands 15 cmd group tacacs+ none
 line con 0
  exec-timeout 5 0
  password 7 x
  authorization commands 15 cmd
  authorization exec privilege
  login authentication telnet
  transport input telnet
  stopbits 1
 line vty 0 4
  exec-timeout 5 0
  authorization commands 15 cmd
  authorization exec privilege
  login authentication telnet
  transport input telnet

 It works great for vty but not for console. I read somewhere about a
hidden
 authorization command for console but it is not working. Here is a debug.
 xxx#debug aaa authorization
 *Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
 *Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
 *Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0
adapter=0
 port=0 channel=0
 *Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
 *Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
 *Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
 *Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
 Failed attempts for console
 *Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
 *Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0
adapter=0
 port=2 channel=0
 *Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
 port='tty2' rem_addr='1x.1x.6x.2x' authen_type=ASCII service=LOGIN priv=1
 *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
 list='privilege' service=EXEC
 *Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
 *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
 *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
 *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list
privilege
 *Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
 (tacacs+)
 *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
 *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
 *Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
 *Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
 PASS_ADD
 *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
 *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
 *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
 *Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
 Passed attempts for console
 I think my understanding of exec shell is what's hurting me. Any comments
or
 advice would be greatly appreciated.






 Ryan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53684t=53661
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IOS upgrade/Strange services [7:53492]

[Moffett, Ryan]

...an inbound ACL on the interfaces you want to protect would effectively
kill access to these ports, but some of the ports you have mentioned are
difficult to explain and lack command-line parameters to control, like biff
for instance.   Biff happens to run on UDP port 512.

Can you duplicate your scan results with another tool such as nmap?
Sometimes tools that use various techniques to detect open ports, especially
UDP ports sometimes result in false positives.   TCP connection attempts to
detect open TCP ports are usually very accurate.   Some of the services
below appear to be TCP and UDP.   Can you specify if they are TCP or UDP
ports?





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 2:15 PM
To: [EMAIL PROTECTED]
Subject: RE: IOS upgrade/Strange services [7:53492]


I'm running 12.2(11)T ip/fw/ids/3DES. The scan came back with Cu-seeme,
talk, tftp, rpc-nfs, rwho, biff, name, rpc-portmapper, rwho, snmp-agent,
syslog, dhcp, dns, etc...  Since the router is fundamentally a unix box I
can see this happening...  How the heck do ya shutdown the services?  Also
tried shutting down the VoIP stuff... No go!  I didn't think an ACL would be
useful given the services appear to be running on the router itself.  Kinda
like stopping a service on a *nix or windoz computer.  Plz lemme know your
thoughts

version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Lhotse
no logging console
aaa new-model
!
aaa authentication login ops line
aaa session-id common
enable secret 
enable password
!
ip subnet-zero
no ip source-route
!
no ip domain lookup
ip domain name abnamrousa.com
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
!
mta receive maximum-recipients 0
!
interface Ethernet0/0
 ip address x.x.x.x 255.255.255.0
 ip access-group 2 out
 ip nat inside
 half-duplex
 no cdp enable
!
interface Serial0/0
 bandwidth 1536
 no ip address
 no ip redirects
 no ip unreachables
 encapsulation frame-relay IETF
 no ip route-cache
 no ip mroute-cache
 no fair-queue
 service-module t1 timeslots 1-24
 frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
 bandwidth 1536
 ip address y.y.y.y 255.255.255.252
 ip access-group 1 in
 no ip redirects
 no ip unreachables
 ip nat outside
 no ip route-cache
 no ip mroute-cache
 no cdp enable
 frame-relay interface-dlci 501 IETF   
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
 no cdp enable
!
interface Serial0/1
 no ip address
 no keepalive
 shutdown
 no cdp enable
!
ip classless
no ip http server
!
access-list 1 deny   65.204.141.10
access-list 1 deny   65.204.68.194
access-list 1 deny   65.204.132.5
access-list 1 deny   65.3.0.83
access-list 1 deny   65.204.176.42
access-list 1 deny   80.132.79.133
access-list 1 deny   65.5.36.66
access-list 1 deny   65.0.13.111
access-list 1 deny   65.204.21.189
access-list 1 deny   65.204.103.194
access-list 1 deny   65.204.95.250
access-list 1 deny   65.204.103.196
access-list 1 deny   65.204.39.133
access-list 1 deny   65.204.232.83
access-list 1 deny   65.204.212.31
access-list 1 deny   65.196.200.11
access-list 1 deny   65.115.13.98
access-list 1 deny   65.204.39.244
access-list 1 deny   65.204.222.51
access-list 1 deny   65.204.219.50
access-list 1 deny   65.195.0.229
access-list 1 deny   65.204.176.77
access-list 1 deny   65.204.135.120
access-list 1 deny   65.204.57.200
access-list 1 deny   64.168.217.182
access-list 1 deny   65.204.38.59
access-list 1 deny   65.204.73.87
access-list 1 deny   65.204.0.30
access-list 1 deny   65.204.118.100
access-list 1 deny   65.204.220.227
access-list 1 deny   65.204.61.3
access-list 1 deny   65.204.29.36
access-list 1 deny   65.204.135.200
access-list 1 deny   65.204.135.205
access-list 1 deny   65.204.240.181
access-list 1 deny   65.204.135.209
access-list 1 deny   65.204.135.214
access-list 1 deny   65.204.160.201
access-list 1 deny   65.204.160.200
access-list 1 deny   65.204.103.2
access-list 1 deny   65.204.160.199
access-list 1 deny   65.204.160.198
access-list 1 deny   65.204.160.195
access-list 1 deny   65.204.202.180
access-list 1 deny   65.204.202.179
access-list 1 deny   65.204.49.67
access-list 1 deny   65.204.125.0 0.0.0.255
access-list 1 permit any
access-list 2 deny   199.172.158.0 0.0.0.255
access-list 2 deny   128.242.104.0 0.0.0.255
access-list 2 permit any
access-list 13 permit x.x.x.x
no cdp run
!
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 access-class 13 in
 password
 login authentication ops
 transport input ssh
!
end

-Original Message-
From: Mark W. Odette II [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, September 18, 2002 11:14 AM
To: [EMAIL PROTECTED]
Subject: RE: IOS upgrade/Strange services [7:53492]


What's the version of IOS?

What's your Access-lists look like??

Truthfully, AFAIK, the only way that all of those 

Exec shell+console+AAA [7:53590]

[Newell Ryan D SrA 18 CS/SCBT]

Evening group,

What I have a TACACS server and the setup we are trying to achieve goes as
follows:
I want the LAN admins to have minimal control on there switches in there
area. We have
accomplished that one the vty ports. Here is the config:

Server
user=test 
password=test12
service-shell 
set priv-level=15
service=shell 
default cmd=(permit/deny)And the commands we want are here.
prohibit cmd=x
cmd=y{

Switch

aaa new-model
aaa authentication login telnet group tacacs+ line none
aaa authorization exec privilege group tacacs+ none
aaa authorization commands 15 cmd group tacacs+ none
line con 0
 exec-timeout 5 0
 password 7 x
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 authorization commands 15 cmd
 authorization exec privilege
 login authentication telnet
 transport input telnet

It works great for vty but not for console. I read somewhere about a hidden
authorization command for console but it is not working. Here is a debug.
KAD-UE-1474-D#debug aaa authorization
*Mar  1 00:15:22: AAA/MEMORY: free_user (0x6B451C) user='test' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:24: AAA: parse name=tty0 idb type=-1 tty=-1
*Mar  1 00:15:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0
port=0 channel=0
*Mar  1 00:15:24: AAA/MEMORY: create_user (0x69BC24) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:15:37: AAA/AUTHOR: authenticated console user is permitted
*Mar  1 00:15:50: AAA/MEMORY: free_user (0x528F70) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
*Mar  1 00:16:05: AAA/MEMORY: free_user (0x6B4478) user='' ruser=''
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15
Failed attempts for console
*Mar  1 00:16:27: AAA: parse name=tty2 idb type=-1 tty=-1
*Mar  1 00:16:27: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0
port=2 channel=0
*Mar  1 00:16:27: AAA/MEMORY: create_user (0x4D4CE4) user='' ruser=''
port='tty2' rem_addr='132.15.64.27' authen_type=ASCII service=LOGIN priv=1
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Port='tty2'
list='privilege' service=EXEC
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: tty2 (3125102166) user='test'
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV service=shell
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): send AV cmd*
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): found list privilege
*Mar  1 00:16:35: tty2 AAA/AUTHOR/EXEC (3125102166): Method=tacacs+
(tacacs+)
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): user=test
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/TAC+: (3125102166): send AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR (3125102166): Post authorization status =
PASS_ADD
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV service=shell
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV cmd*
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Processing AV priv-lvl=15
*Mar  1 00:16:35: AAA/AUTHOR/EXEC: Authorization successful
Passed attempts for console
I think my understanding of exec shell is what's hurting me. Any comments or
advice would be greatly appreciated.

































SrA Ryan Newell
18th Communications Squadron
Infrastructure Engineer
CCNA, SCP
634-7999
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53590t=53590
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Duplicate packets with same SEQ #'s... [7:53024]

[Newell Ryan D SrA 18 CS/SCBT]

Is it possible that you are doing a dump on a link that the packet must 
transverse to and fro to get to the destination. You stated that you did
this
dump off of one of your core switches. I'm assuming your spanning or port
mirroring
the port or vlan possibly. If these PC's are on separate networks..see
what I'm saying.
Well if you don't here goes. If you have a switch connected to a router
using some kind
of trunking capability(or internal router) and the user's are on separate
VLAN/subnets. They must cross the
router to get to each other. Thus when you do a dump you will see the same
packet come 
across twice. If you have a protocol analyzer you should see the mac address
change as it
crosses the router. I only believe my theory to be true if the PC's are on
separate sub networks.
Hope this helps
D 

-Original Message-
From: Neil Desai [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 11, 2002 11:59 AM
To: [EMAIL PROTECTED]
Subject: Re: Duplicate packets with same SEQ #'s... [7:53024]


We have a similar situation in our network. We have proxy arp turned on and
it is causing the same thing.


Neil
r34rv13wm1rr0r  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 This is from a tcpdump off of one of my core switches.  It appears that it
is
 logging a duplicate packet with the same SEQ #.  Does any one have any
idea
 why this is occuring?

 Thanks,

 A

 11:18:04.688408 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 1:65(64)
ack
 49
 win 8320NBT Packet (DF)
 11:18:04.688409 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 1:65(64)
ack
 49
 win 8320NBT Packet (DF)

 11:18:04.688643 172.X.103.10.netbios-ssn  172.X.15.15.1503: P
 158405518:158405625(107) ack 1210141117 win 8608NBT Packet (DF)
 11:18:04.688644 172.X.103.10.netbios-ssn  172.X.15.15.1503: P 0:107(107)
ack
 1 win 8608NBT Packet (DF)

 11:18:04.688645 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 65:119(54)
ack
 98 win 8271NBT Packet (DF)
 11:18:04.688646 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 65:119(54)
ack
 98 win 8271NBT Packet (DF)

 11:18:04.63 X.X.6.3.http  172.X.14.50.1123: . ack 4294967295 win 8155
 (DF)
 11:18:04.65 X.X.6.3.http  172.X.14.50.1123: . ack 4294967295 win 8155
 (DF)

 11:18:04.66 172.23.27.10.3021  172.X.15.10.netbios-ssn: P
 3194256684:3194256844(160) ack 95965178 win 7515NBT Packet (DF)
 11:18:04.67 172.23.27.10.3021  172.X.15.10.netbios-ssn: P 0:160(160)
ack
 1 win 7515NBT Packet (DF)

 11:18:04.68 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 119:173(54)
 ack
 147 win 8222NBT Packet (DF)
 11:18:04.69 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 119:173(54)
 ack
 147 win 8222NBT Packet (DF)

 11:18:04.688890 172.X.15.15.1503  172.X.103.10.netbios-ssn: P 1:161(160)
ack
 107 win 7996NBT Packet (DF)
 11:18:04.688891 172.X.15.15.1503  172.X.103.10.netbios-ssn: P 1:161(160)
ack
 107 win 7996NBT Packet (DF)

 11:18:04.689183 172.X.15.10.netbios-ssn  172.23.27.10.3021: P 1:129(128)
ack
 160 win 8138NBT Packet (DF)
 11:18:04.689185 172.X.15.10.netbios-ssn  172.23.27.10.3021: P 1:129(128)
ack
 160 win 8138NBT Packet (DF)

 11:18:04.689186 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 173:255(82)
 ack
 196 win 8173NBT Packet (DF)
 11:18:04.689187 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 173:255(82)
 ack
 196 win 8173NBT Packet (DF)

 11:18:04.689188 172.X.15.151.ssh  172.X.53.186.1219: P
 2849560709:2849560801(92) ack 2980294350 win 9648 (DF) [tos 0x10]
 11:18:04.689189 172.X.15.151.ssh  172.X.53.186.1219: P 0:92(92) ack 1 win
 9648 (DF) [tos 0x10]

 11:18:04.689192 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 255:309(54)
 ack
 245 win 8124NBT Packet (DF)
 11:18:04.689193 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 255:309(54)
 ack
 245 win 8124NBT Packet (DF)

 11:18:04.689608 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 309:363(54)
 ack
 294 win 8075NBT Packet (DF)
 11:18:04.689609 172.X.15.49.netbios-ssn  172.X.61.103.1066: P 309:363(54)
 ack
 294 win 8075NBT Packet (DF)

 11:18:04.689610 172.X.243.6.printer  172.X.240.10.723: . ack 4096314569
win
 2144
 11:18:04.689610 172.X.243.6.printer  172.X.240.10.723: . ack 1 win 2144

 11:18:04.689611 172.X.53.186.1219  172.X.15.151.ssh: P 1:45(44) ack 92
win
 16724 (DF)
 11:18:04.689612 172.X.53.186.1219  172.X.15.151.ssh: P 1:45(44) ack 92
win
 16724 (DF)

 11:18:04.689614 172.X.61.103.1066  172.X.15.49.netbios-ssn: P 294:343(49)
 ack
 363 win 7380NBT Packet (DF) [tos 0x4]
 11:18:04.718183 172.X.61.103.1066  172.X.15.49.netbios-ssn: P
6762:6811(49)
 ack 8223 win 8397NBT Packet (DF) [tos 0x4]

 11:18:04.718187 172.X.15.49.netbios-ssn  172.X.61.103.1066: P
8223:8287(64)
 ack 6811 win 7438NBT Packet (DF)
 11:18:04.718188 172.X.15.49.netbios-ssn  172.X.61.103.1066: P
8223:8287(64)
 ack 6811 win 7438NBT Packet (DF)

 11:18:04.718423 172.X.15.49.netbios-ssn  172.X.61.103.1066: P
8287:8341(54)
 ack 6860 win 7389NBT Packet (DF)
 11:18:04.718424 172.X.15.49.netbios-ssn  172.X.61.103.1066: P
8287:8341(54)
 ack 6860 win 7389NBT 

Re: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52165]

[Chuck Ryan]

Actually, I thought/read/heard that CCIE #1025 (aka the first CCIE) was/is
Jeff Buddemeier, technical lead for Cisco.

This is the first time I ever heard the name Stewart Biggs mentioned as CCIE
#1025.

- Original Message -
From: Daniel Cotts 
To: 
Sent: Tuesday, August 27, 2002 4:01 PM
Subject: RE: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52159]


 In my previous post I quoted a post from Terry Slattery regarding the
first
 CCIEs. In it he did not recall the name of CCIE# 1025. In the quoted post
 below he does provide a name.
 snip
 The first CCIE, #1025, is/was Stewart Biggs.  My understanding is that his
 certification has lapsed and he's off doing something else.  I took the
test

 from him in August, 1993 and became the second CCIE, #1026.  The lab
itself
 had
 a plaque outside the door labeling it as #1024 (a power of two - kind of
an
 inside joke for networking/compuer jocks).
 unsnip

  -Original Message-
  From: MADMAN [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, August 27, 2002 1:57 PM
  To: [EMAIL PROTECTED]
  Subject: Re: No longer 4 digits [7:52146]
 
 
  CCIE 1040 sits next to me and I asked him if Imran (sp?) was his
  proctor and it was.  Imran designed the orgianal program and it's our
  guess he was the proctor for the 1st CCIE.
 
Imran was pretty tough, I remember talking to him at networkers in
  Denver when the CCIE recert first came out and about 100 of
  us took the
  test and only 2 passed.  He chuckled stating his intention was to make
  it difficult so as to require studying.
 
Dave
 
  Chuck's Long Road wrote:
  
   this topic of fascination for many often leads to a bit of
  confusion as
  well
  
  
  http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_pr
  esent.html
  
   shows the number of CCIE's world wide as of 7/31/02
  
   The first CCIE number issued was 1025.  Over the years,
  some have retired,
   some have neglected to recertify ( including Jeff Doyle, last time I
   looked )
  
   So according to Cisco's numbers, on July 31 2002 there were
  8031 active
   CCIE's.
  
   As a sidebar, Terry Slattery, CCIE 1026, tells how he was
  tested by CCIE
   1025 ( sorry, I can't remember the name )
   The theory was / remains that only CCIE's should test candidates.
  
   No one seems to know who  tested #1025, nor the criteria used.
  
   Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52165t=52165
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52169]

[Moffett, Ryan]

Well, the online verification system says that Stuart Biggs is CCIE 1025,
though the current status is Inactive.

-Original Message-
From: Chuck Ryan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 27, 2002 5:22 PM
To: [EMAIL PROTECTED]
Subject: Re: No longer 4 digits [7:52146] 2nd Terry Slattery quote
[7:52165]


Actually, I thought/read/heard that CCIE #1025 (aka the first CCIE) was/is
Jeff Buddemeier, technical lead for Cisco.

This is the first time I ever heard the name Stewart Biggs mentioned as CCIE
#1025.

- Original Message -
From: Daniel Cotts 
To: 
Sent: Tuesday, August 27, 2002 4:01 PM
Subject: RE: No longer 4 digits [7:52146] 2nd Terry Slattery quote [7:52159]


 In my previous post I quoted a post from Terry Slattery regarding the
first
 CCIEs. In it he did not recall the name of CCIE# 1025. In the quoted post
 below he does provide a name.
 snip
 The first CCIE, #1025, is/was Stewart Biggs.  My understanding is that his
 certification has lapsed and he's off doing something else.  I took the
test

 from him in August, 1993 and became the second CCIE, #1026.  The lab
itself
 had
 a plaque outside the door labeling it as #1024 (a power of two - kind of
an
 inside joke for networking/compuer jocks).
 unsnip

  -Original Message-
  From: MADMAN [mailto:[EMAIL PROTECTED]]
  Sent: Tuesday, August 27, 2002 1:57 PM
  To: [EMAIL PROTECTED]
  Subject: Re: No longer 4 digits [7:52146]
 
 
  CCIE 1040 sits next to me and I asked him if Imran (sp?) was his
  proctor and it was.  Imran designed the orgianal program and it's our
  guess he was the proctor for the 1st CCIE.
 
Imran was pretty tough, I remember talking to him at networkers in
  Denver when the CCIE recert first came out and about 100 of
  us took the
  test and only 2 passed.  He chuckled stating his intention was to make
  it difficult so as to require studying.
 
Dave
 
  Chuck's Long Road wrote:
  
   this topic of fascination for many often leads to a bit of
  confusion as
  well
  
  
  http://www.cisco.com/warp/public/625/ccie/ccie_program/ccie_pr
  esent.html
  
   shows the number of CCIE's world wide as of 7/31/02
  
   The first CCIE number issued was 1025.  Over the years,
  some have retired,
   some have neglected to recertify ( including Jeff Doyle, last time I
   looked )
  
   So according to Cisco's numbers, on July 31 2002 there were
  8031 active
   CCIE's.
  
   As a sidebar, Terry Slattery, CCIE 1026, tells how he was
  tested by CCIE
   1025 ( sorry, I can't remember the name )
   The theory was / remains that only CCIE's should test candidates.
  
   No one seems to know who  tested #1025, nor the criteria used.
  
   Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52169t=52169
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

test [7:51328]

[Newell Ryan D SrA 18 CS/SCBT]

Test




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51328t=51328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCNP okinawa japan [7:51329]

[Newell Ryan D SrA 18 CS/SCBT]

Are there any people in the Okinawa area going for CCNP?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=51329t=51329
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Press OSPF? [7:50567]

[Chuck Ryan]

The Cisco Press OSPF book by Tom Thomas would go great with Dr. Parkhurst's
book as well.

- Original Message -
From: Chuck 
To: 
Sent: Friday, August 02, 2002 10:04 PM
Subject: Re: Cisco Press OSPF? [7:50567]


 Might consider this one:

 Cisco OSPF Command and Configuration Handbook
 by  William R. Parkhurst

 I haven't read this one myself, but according to the reviews it is written
 in the same vein as his BGP book, which I believe is a far better way to
 learn the knobs.

 HTH


 Robert D. Cluett  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  All,
 
  Looking for a book that will cover OSPF in detail outside of the BSCN
 book.
  I recently purchased Internet Routing Architectures to give me more
  detailed knowledge of BGP, but need to round out the OSPF with another
 book.
  Any advice?
 
  Thanks
  Rob Cluett, CCNA




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50571t=50567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 3550 EMI [7:50103]

[Ryan Lecomte]

The 3550 EMI sold for $500 from Ingram Micro and Tech Data, unfortunately
both companies are out of stock and the promotion is over.

Ryan

-Original Message-
From: Brian Zeitz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 2:11 PM
To: [EMAIL PROTECTED]
Subject: RE: 3550 EMI [7:50103]


I think you forgot a zero. Everything thinks you typed 500$

-Original Message-
From: Cisco Nuts [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, July 30, 2002 4:13 PM
To: [EMAIL PROTECTED]
Subject: Re: 3550 EMI [7:50103]

Where can I buy this switch for $500.00 as someone posted this a few
days 
ago??

Thank you.




From: Chuck 
Reply-To: Chuck 
To: [EMAIL PROTECTED]
Subject: Re: 3550 EMI [7:50103]
Date: Tue, 30 Jul 2002 14:28:31 GMT

just getting into it. 1500 pages of documentation to read :-O

They do IGRP, EIGRP, RIPv1, RIPv2, and OSPF. Don't believe the output
of 
the
router ?

BGP is expected to be released real soon now, but according to Cisco
people I've spoken to, it will not be a full featured release. 
Limitations
as to the number of routes processed and stored, for example ( due to
the
physical limitations of the switch ) I.e. don't expect to get full BGP
routes over your DSL connection.

Chuck


Symon Thurlow  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Anyone played with the new 3550 EMI switches? They report layer 3
  routing etc.
 
  Symon
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=50196t=50103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Check this new command out [7:49717]

[Moffett, Ryan]

I have the do command in config mode (in c3640-i-mz.122-5d.bin), but the
output is only:

router(config)#do ?
  .  Version number

-Original Message-
From: Dan Penn [mailto:[EMAIL PROTECTED]] 
Sent: Friday, July 26, 2002 11:19 AM
To: [EMAIL PROTECTED]
Subject: RE: Check this new command out [7:49717]


Yes, I'm not sure what platforms it does work on, I tried it on 2500's,
2600's and 4500's with no luck

Dan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
MADMAN
Sent: Friday, July 26, 2002 8:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Check this new command out [7:49717]

Priscilla Oppenheimer wrote:
 
 MADMAN wrote:
 
  Thought this was pretty cool!!
 
  c7304(config)#do sh ver
 
 Cool! Can you do stuff other than show version while in config mode??
 

  Yes it appears you can do most anything, I tried a sh mem, sh config |
inclu, sh ip route, they all work.  I don't know when/if this will be
available in released IOS, I tried it on a 7200 running the latest 12.2.10a,
no cigar.

  Dave
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49782t=49717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Check this new command out [7:49717]

[Moffett, Ryan]

What code rev is this in?   I have some 12.2(5)+ and I don't see it.   Is
this just in specific 12.1 Development Test images?

-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]] 
Sent: Friday, July 26, 2002 10:40 AM
To: [EMAIL PROTECTED]
Subject: Re: Check this new command out [7:49717]


Ya but you don't need the do command.

  Dave

Juan Blanco wrote:
 
 Please, correct me if I am wrong, but you can execute any command on 
 the pix's box while you are in config mode as well
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of 
 MADMAN
 Sent: Thursday, July 25, 2002 6:01 PM
 To: [EMAIL PROTECTED]
 Subject: Check this new command out [7:49717]
 
 Thought this was pretty cool!!
 
 c7304(config)#do sh ver
 Cisco Internetwork Operating System Software
 IOS (tm) 7300 Software (C7300-JS-M), Version 12.1(1.23.020716.), CISCO 
 DEVELOPME NT TEST VERSION
 Copyright (c) 1986-2002 by cisco Systems, Inc.
 Compiled Tue 16-Jul-02 03:26 by
 Image text-base: 0x40008970, data-base: 0x41B32000...
 
   Dave
 
 --
 David Madland
 Sr. Network Engineer
 CCIE# 2016
 Qwest Communications Int. Inc.
 [EMAIL PROTECTED]
 612-664-3367
 
 Emotion should reflect reason not guide it
-- 
David Madland
Sr. Network Engineer
CCIE# 2016
Qwest Communications Int. Inc.
[EMAIL PROTECTED]
612-664-3367

Emotion should reflect reason not guide it




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49781t=49717
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to keep multiple switch ports on the same VLAN from [7:49521]

[Moffett, Ryan]

The 2924XL platform does support PVLANs if it can be upgraded to 12.0(5)XU
or higher code which is based on a number of factors including memory.
The XL-EN is questionable.   4MB 2924XL switches cannot run the 12.0(5)XU
and higher code.

For what you are trying to do, PVLANs are the only way to do it that I know
of ( I was even trying to come up with a kludge scenario involving using a
router and trunking the VLANs up to the router that is doing IRB and
filtering at the MAC layer).

Especially useful in a DMZ scenario, PVLANs allow you to have a single DMZ
for multiple applications, such as WWW and SMTP, and prevent them from
seeing each other, yet allow them to talk to firewalls and routers (some
people asked why you would do such a thing).   It is a recommended part of
the Cisco SAFE architecture.   

http://www.cisco.com/warp/public/473/90.shtml
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm
  

-Original Message-
From: Don Claybrook [mailto:[EMAIL PROTECTED]] 
Sent: Monday, July 22, 2002 6:17 PM
To: [EMAIL PROTECTED]
Subject: How to keep multiple switch ports on the same VLAN from [7:49410]


I have a customer who needs to have several ports on a 2924XL-EN in the same
VLAN.  The customer does not want these ports to be able to communicate with
one another, but would like all of them to be able to go to/through another
port.  E.g., ports 1 to 5 would be on VLAN 50, they'd all be able to access
port 6, on VLAN 60, but not each other.



I did find something on CCO about Private VLANs, but I see that the 2924 is
not on the list of hardware that supports PVLAN's.  Does anyone know of a
way to accomplish this segregation within the same VLAN, short of PVLAN's?
Any help is much appreciated.



Thanks,



Don Claybrook




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49521t=49521
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Off Topic - Whither IS-IS - Cisco's vision going forward [7:49061]

[Moffett, Ryan]

I attended Networkers 2002 in San Diego and got the impression to look out
for more IS-IS in the future.   Specifically, Cisco is working to achieve
feature parity between OSPF and IS-IS, plus comments were made in the Router
Architecture Power Session that IS-IS is getting a stronger Enterprise
following, especially in Europe.   

-Original Message-
From: Chuck [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, July 17, 2002 4:48 PM
To: [EMAIL PROTECTED]
Subject: Off Topic - Whither IS-IS - Cisco's vision going forward [7:49057]


I have now seen and heard this from several sources within Cisco - IS-IS is
not being considered in the L3 switches other than those we would call
core

I.e. the 4cxxx and the 3550-xx L3 switches do not support IS-IS, nor are
there plans to do so on those boxes.

Recognizing that things can always change, I'm wondering what might be the
reason? Lack of customer interest? Recognition of IS-IS as a specialized
protocol less suitable for normal enterprise type stuff?

Chuck




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49061t=49061
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: CCIE Lab Intelligence [7:47973]

[Ryan Lecomte]

Chuck is correct...

My 3550 came back with Unknown routing protocol only after I entered
router bgp 100. If you leave off the AS number you get incomplete command.

Switch(config)#router ?
  bgp   Border Gateway Protocol (BGP)
  egp   Exterior Gateway Protocol (EGP)
  eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
  igrp  Interior Gateway Routing Protocol (IGRP)
  isis  ISO IS-IS
  iso-igrp  IGRP for OSI networks
  mobileMobile routes
  odr   On Demand stub Routes
  ospf  Open Shortest Path First (OSPF)
  rip   Routing Information Protocol (RIP)
  staticStatic routes


Ryan



-Original Message-
From: Chuck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 03, 2002 6:18 AM
To: [EMAIL PROTECTED]
Subject: Re: OT: CCIE Lab Intelligence [7:47973]


Let's see - I said I was reading the config guide on CCO I provided the
link..  maybe that's where I got the idea.
I have also been told off line by a couple of different people now that BGP
is expected to be released later this year.

Got a question for you - are you sure that after you enter the command you
don't get an error saying unknown protocol

Chuck



Kris Keen  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 What makes you think it doesnt do BGP? I have one right next to me.. Sure
 has hell does bgp


 Cisco Internetwork Operating System Software
 IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(8)EA1c, RELEASE
 SOFTWARE
 (fc1)
 Copyright (c) 1986-2002 by cisco Systems, Inc.
 Compiled Fri 15-Feb-02 10:50 by antonino
 Image text-base: 0x3000, data-base: 0x006675E0

 ROM: Bootstrap program is C3550 boot loader

 WS-C3550-12T_A uptime is 1 week, 2 hours, 24 minutes
 System returned to ROM by power-on
 System image file is
 flash:/c3550-i5q3l2-mz.121-8.EA1c/c3550-i5q3l2-mz.121-8.E
 1c.bin

 cisco WS-C3550-12T (PowerPC) processor (revision G0) with 65526K/8192K
bytes
 of
 memory.


 WS-C3550-12T_A#conf t
 Enter configuration commands, one per line.  End with CNTL/Z.
 WS-C3550-12T_A(config)#router bgp ?
 Autonomous system number

 WS-C3550-12T_A(config)#router bgp


 Looks BGPish to me :)
 I'm trying to get one for my Lab at home..




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=48019t=47973
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: InfoWorld article on Routing SOAP [7:46577]

[Moffett, Ryan]

There are a number of vendors creating XML switches, see:
http://www.nwfusion.com/news/2002/132046_04-29-2002.html.

From my perspective, I think of these Content Aware Switches specializing in
XML.   These have some things in common with Cisco Content Service Switches,
but are tailored to XML and have code running at the application level to
even translate XML documents.



-Original Message-
From: Tom Scott [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 14, 2002 10:25 AM
To: [EMAIL PROTECTED]
Subject: InfoWorld article on Routing SOAP [7:46577]


From the hardcopy issue of InfoWorld (June 10, 2002, Issue 23, p. 43):

Routing, the core technology of the Internet, is emerging as a way to
coordinate interaction among SOAP actors on a global scale. SOAP routing is
described in two of Microsoft's Global XML Architecture specifications.
WS-Routing defines how to specify the route a SOAP messae takes through a
chain of intermediaries. WS-Referral empowers those intermediaries to modify
the route. These proposals are thus far just trial balloons, but early
products such as KnowNow's Event Router ... anticipate a trend toward
increasingly active intermediaries.

How might this be implemented in Cisco routers and switches? Whether it's
Microsoft's .Net or the Java Consortium's J2EE web services, this seems like
a new area that may impact how we design and configure networks.

-- TT




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46586t=46577
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Cisco Lab Changes..Updated [7:46623]

[Chuck Ryan]

Do you have the link for this change? I've just searched CCO, the CCIE
what's new area specifically, and I see no mention of this anywhere.

- Original Message -
From: Frank Merrill 
To: 
Sent: Friday, June 14, 2002 3:43 PM
Subject: Cisco Lab Changes..Updated [7:46623]


 It would appear that the changes to the Lab have been clarified and
updated,
 and it looks like the removal of the indicated topics won't actually
happen
 until Nov 4th now:

 Lab Exam Content and Equipment Changes

 CCIE Candidates should note the following changes to the technical content
 and equipment for the CCIE Lab exam. The content changes affect the CCIE
 Routing and Switching Lab exam, while the equipment changes affect all
CCIE
 certification tracks.

 The CCIE program continually monitors the topics and technologies covered
in
 the CCIE certification tracks. The end result of this process is that a
 topic may be removed from the exam to allow greater emphasis on features
or
 technologies that are more current in the industry.

 Therefore, effective November 4th, 2002, the following topics will no
longer
 be tested on the CCIE Routing and Switching exam:

 IGRP
 Token Ring
 Token Ring Switching
 IPX

 Please note that DLSw+ will remain as a valid topic on the exam.

 Between September 1, 2002 and November 4th, 2002 all CCIE labs will
replace
 the current Catalyst 5000 switches with Catalyst 3550 switches. However,
the
 only switching features tested during this time will be those common to
both
 devices - additional features on the Catalyst 3550 will only be tested
after
 November 4th, 2002.

 Please note that except for the change in switches, no new topics are
being
 added to the content covered by the Routing and Switching exam. However,
 many features currently tested will now be able to receive more weight on
 the exam after November 4th.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46647t=46623
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Exam Changes - Token Ring [7:46481]

[Moffett, Ryan]

DLSW can still be configured and tested without Token Ring.   

-Original Message-
From: Khalsa Singh [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 13, 2002 2:58 PM
To: [EMAIL PROTECTED]
Subject: CCIE Lab Exam Changes - Token Ring [7:46481]


I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE lab, my
question is, do I still have to buy cisco routers with Token Ring interface
to practise DLSW since it is going to be in the lab after Token Ring is
completely out

thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46488t=46481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Exam Changes - Token Ring [7:46481]

[Moffett, Ryan]

The following links deal with DLSw and Ethernet, and DLSw topics in general


http://www.cisco.com/warp/customer/697/3.html
http://www.cisco.com/warp/public/697/3.html
http://www.cisco.com/warp/customer/697/index.shtml
http://www.cisco.com/warp/public/697/index.shtml


-Original Message-
From: Khalsa Singh [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 13, 2002 3:37 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE Lab Exam Changes - Token Ring [7:46481]


How is that possible,  do you have a link to a url that explains how to do
it,  if that's possible then I can exclude all the routers that have token
ring interface, I really wanted  to know, since I have made a commitment to
somebody to buy the whole CCIE Lab this saturday

thanks in advance


Khalsa Singh  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE 
 lab, my question is, do I still have to buy cisco routers with Token 
 Ring
interface
 to practise DLSW since it is going to be in the lab after Token Ring 
 is completely out

 thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46498t=46481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Exam Changes - Token Ring [7:46481]

[Moffett, Ryan]

My take is that while Token Ring will not be there, Ethernet will. And as
such, DLSw is still a subject that can be tested.  If they are removing
Token Ring, then the SRB facets of DLSw are going to be dropped.   


-Original Message-
From: Khalsa Singh [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 13, 2002 5:12 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE Lab Exam Changes - Token Ring [7:46481]


Thanks Ryan,

I'm confused, so when cisco says, no token ring in the CCIE lab from oct
2002 but DLSW will be there, what does that mean. Should we expect to
configure  DLSW on TR-to-TR network or Eth-to-Eth network or  WAN or both in
the Lab




Khalsa Singh  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 I'm in the middle of buying CCIE Lab Equipment to prepare for CCIE 
 lab, my question is, do I still have to buy cisco routers with Token 
 Ring
interface
 to practise DLSW since it is going to be in the lab after Token Ring 
 is completely out

 thanks in advance




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46505t=46481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Question Mark [7:45980]

[Moffett, Ryan]

That's absolutely not true.   In order to do something like that, they would
have to custom compile IOS code specific to the CCIE Lab to have that
removed.   Believe me, the ? is an integral part of working with Cisco
devices from the command line.

-Original Message-
From: Robert McBride [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 06, 2002 8:19 PM
To: [EMAIL PROTECTED]
Subject: CCIE Lab Question Mark [7:45980]


Hey,

I just heard that there is no question mark availability on the lab.  Can
anyone give me there experience on this ??

  -Thanks-
 -Robert-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46004t=45980
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE Lab Question Mark [7:45980]

[Moffett, Ryan]

I attempted the lab back in August of 2000.   Granted that was the 2day
format, but the ? was available then.   To remove it would be absurd.

-Original Message-
From: Roberts, Larry [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 5:23 PM
To: Moffett, Ryan; [EMAIL PROTECTED]
Subject: RE: CCIE Lab Question Mark [7:45980]


Engineering code doesn't have the ? Available.

I had heard the same thing though

Thanks

Larry 

-Original Message-
From: Moffett, Ryan [mailto:[EMAIL PROTECTED]] 
Sent: Friday, June 07, 2002 9:08 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE Lab Question Mark [7:45980]


That's absolutely not true.   In order to do something like that, they would
have to custom compile IOS code specific to the CCIE Lab to have that
removed.   Believe me, the ? is an integral part of working with Cisco
devices from the command line.

-Original Message-
From: Robert McBride [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, June 06, 2002 8:19 PM
To: [EMAIL PROTECTED]
Subject: CCIE Lab Question Mark [7:45980]


Hey,

I just heard that there is no question mark availability on the lab.  Can
anyone give me there experience on this ??

  -Thanks-
 -Robert-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=46072t=45980
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Provider Backbone Engineering and CCIEs [7:44876]

[Moffett, Ryan]

Really?   So I shouldn't being doing a show mem and looking at the data
contained in specific memory addresses labeled *packet data* to turn my
router into a sniffer? :-)

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 24, 2002 1:20 PM
To: [EMAIL PROTECTED]
Subject: Re: Provider Backbone Engineering and CCIEs [7:44876]


At 07:32 AM 5/24/02, dre wrote:
  Cisco router to solve any problem, even those that shouldn't be solved
with
a router!

And how about all the people who try to turn the router into a 
troubleshooting tool? You wouldn't believe how many times I've had to 
convince people that the debug commands aren't a replacement for a sniffer. 
Not only are there issues with eating CPU resources to display the debug 
info, but a lot of the commands don't show packets (which they shouldn't). 
Also, regardless of whether they show events or packets, they don't display 
the information in English (in many cases). In fact, many of the debug 
commands were written to help Cisco software and hardware developers do 
some debugging on flaky code/hardware. They weren't written to help a 
network administrator or engineer.

I know this is a tangent from the real discussion, but I just wanted to 
make that additional point about a Cisco router not being the solution to 
every problem.

Priscilla





Priscilla Oppenheimer
http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44978t=44876
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Doyle on Lab Rats [7:44611]

[Moffett, Ryan]

I think that everyone agrees that in order to pass the CCIE lab, you have to
spend a decent amount of time in a lab playing with scenarios and
technologies you might otherwise have never experienced in a real life
network, or experienced it so long ago that you don't have any where else to
test and learn it.   No matter who you are, you are going to have to get
some of your experience for the CCIE lab in a lab on your own, not a
production network.   Perhaps some people do get all of their experience in
a production network..or several production networks and I am not going to
dispute that, but it is certainly the exception, not the rule.   

I think the problem here is with people who get all of their experience in
a lab network.   Today, it is possible to pass the CCIE written and lab with
little to no real world experience and that is not what the CCIE is about.
I can hardly fault someone who has the time, money and desire to sit down
and attempt the CCIE without much real world experience because I am seeing
more and more employers looking for entry to mid-level network engineers
with CCIE's required or highly desired.   I don't think that was the
original intent of the CCIE either.   

The CISSP already does, or is going to require that you send your resume in
with your application to be a CISSP.   In fact, they audit them to make
sure that people aren't lying on their applications.   I don't claim to know
all the details of the CISSP certification process, but what would something
like this do for the CCIE program?  It appears to keep the CISSP relavent.
Does it really?  



-Original Message-
From: Johnny Routin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: Re: Doyle on Lab Rats [7:44611]


Nice of you to take Jeff's words and use them out of context.  I believe
what Jeff meant is that as we are experienced network engineers pursuing
CCIE certification, we should set up a lab for practice as we cannot perform
the necessary configurations on our production networks.  The thing you
forgot to mention while taking liberities with his words is that lab rats do
not know what a production network looks like.


JR
--
Johnny Routin
The Routin One



cebuano  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Excerpt from Doyle's Vol.2 page 792.
 Labs also provide an area of the network where you can just play around
 with the commands, testing the effect of misconfigurations and practicing
 troubleshooting. The lab can be used in this way for training and CCIE
 preparation. Only with a lab can you THOROUGHLY experiment with
 configurations, break things to see what happens, and determine what
 symptoms identify misconfigurations.

 This is exactly how we are all educated in colleges and universities.
 Remember the labs in Physics, Chemistry, Biology, Human Anatomy...
 So for those of you that have no respect for lab rats, you might need
 to rethink your opinions.
 I say more swiss cheese to lab rats!

 Elmer
 P.S. Don't forget the wine.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44620t=44611
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bridge and switch [7:44649]

[Moffett, Ryan]

John and Mike are both right.   As a matter of fact, there are several
definitions.   In my opinion, the whole topic is adequately described in
Interconnections, by Radia Perlman.   Her take (in a nutshell) is that they
are technically one in the same and that the difference is marketing
terminology.   Ethernet switches are essentially multi-port transparent
bridges (but what bridge isn't 2 ports or more?).   A Ethernet switch or
bridge with only 2 ports could be called a switch or bridge depending on
which one is a better market term.   As time has evolved, new functionality
has been introduced into Ethernet switches, but at their base functionality,
it's all pretty much the same.



-Original Message-
From: Michael L. Williams [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 3:20 PM
To: [EMAIL PROTECTED]
Subject: Re: Bridge and switch [7:44649]


A switch is a multiport bridge.  Think of a bridge that bridges together
2 networks  (i.e. has two interfaces, one in each network).  Then
supposed you upgrade to a 3 port bridge, that can connect 3 networks.
keep adding ports up to 4, 8, 12, 24, or even 48 and that's a switch.
The switch operates pretty much like a bridge where it watches the source
MAC addresses in frames, builds a table of MAC addresses and corresponding
ports (the CAM table), and forwards broadcasts or traffic destined for a MAC
address not in it's CAM table out all ports (except the one it received the
frame on)

Mike W.

rtiwari  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Could somebody will please describe me the difference  in
 between bridge and switch.
 Thanks
 Ravi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=44660t=44649
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: 100Mbit cable can't shorter than 6 feets????? [7:41448]

[Ryan Lecomte]

I found this info on the Krone web site, the page was titled Length
Matters 

Patch cords are an integral - and often overlooked - part of your
network's cabling. Transmission protocols on today's networks run at
specified frequencies. When those frequencies are interrupted or
compromised with patch cords of random or unspecified lengths, the
disturbance created causes signal loss and corrupted data flow. TrueNet
patch cords are designed and manufactured at specified lengths - 4, 7,
10, and 15 feet - to correspond to the critical wavelengths of
transmission frequencies. An average of all the key frequencies - 10,
100, Gigabit Ethernet, and ATM 155/622- was used to determine the
optimal lengths for data transmission.

Ryan



-Original Message-
From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]] 
Sent: Sunday, April 14, 2002 7:46 PM
To: [EMAIL PROTECTED]
Subject: 100Mbit cable can't shorter than 6 feets? [7:41448]

Hi.. everyone,

My friend told me that 100Mbit cable can't SHORTER than 6 feets.  Have
everyone heard that this theory ?  If yes, what is the reason or he is
bull
shitting.

Tong





==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41625t=41448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Router question.. [7:39788]

[Moffett, Ryan]

ISL or 802.1q trunk is an option if the interface hardware supports it.
You configure 3 VLANs on the 2900.   Trunk those 3 VLANs up to the 2600 and
configure that Ethernet interface for ISL or 802.1q encapsulation with 3
subinterfaces, 1 for each VLAN.   

Another option also works on just one interfacesecondary IP addresses.
It's not the best solution, but it would work as well.

-Original Message-
From: Ricky Chan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 28, 2002 12:43 PM
To: [EMAIL PROTECTED]
Subject: Router question.. [7:39788]


Hi all,

My boss just come up and give me a senario question like this. He told me
that I owned a company which uses 3 different LANs, for example,
172.27.10.x, 172.27.11.x, 172.27.12.x. But I only have one cisco 2600 series
router and 2900 series switch. I can't use the serial ports from the router.
Just the two ethernet ports (by default). My question is, is it possible?
Please advice.

Thanks

Ricky




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39821t=39788
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP to CCDP [7:39448]

[Moffett, Ryan]

You can still pursue the CCDP.   If you look at the certification tracking
website, it should show you started your CCDP back when you started passing
exams related to the CCNP or CCDA.   I just did exactly the same thing.   I
passed my CCNP about 2 years ago and just got my CCDP with the CID test last
month.  It wasn't clear to me either based on what I could dig up on Cisco's
website, however I scheduled the exam anyway and followed up on the tracking
website to make sure it showed me as completing my CCDP. 

-Original Message-
From: Daniel Ma [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 2:28 PM
To: [EMAIL PROTECTED]
Subject: CCNP to CCDP [7:39448]


Well, I got my CCNP two years ago with old exam track. What if I want to get
CCDP certification, do I need to take all the exams again, or I could just
take the CID.

Thanks,

Daniel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39456t=39448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP to CCDP [7:39448]

[Moffett, Ryan]

My CCNP will expire in about a year unless I re-certify.   My CCDP lasts 3
years from that date that I passed the CID.

-Original Message-
From: Daniel Ma [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 3:05 PM
To: Moffett, Ryan; [EMAIL PROTECTED]
Subject: Re: CCNP to CCDP [7:39448]


Does this mean your CCDP will be valid for three years from now on? or it
will expire when your CCNP expires.

Thanks,
- Original Message -
From: Moffett, Ryan 
To: 'Daniel Ma' ; 
Sent: Monday, March 25, 2002 2:59 PM
Subject: RE: CCNP to CCDP [7:39448]


 You can still pursue the CCDP.   If you look at the certification tracking
 website, it should show you started your CCDP back when you started
passing
 exams related to the CCNP or CCDA.   I just did exactly the same thing.
I
 passed my CCNP about 2 years ago and just got my CCDP with the CID test
last
 month.  It wasn't clear to me either based on what I could dig up on
Cisco's
 website, however I scheduled the exam anyway and followed up on the
tracking
 website to make sure it showed me as completing my CCDP.

 -Original Message-
 From: Daniel Ma [mailto:[EMAIL PROTECTED]]
 Sent: Monday, March 25, 2002 2:28 PM
 To: [EMAIL PROTECTED]
 Subject: CCNP to CCDP [7:39448]


 Well, I got my CCNP two years ago with old exam track. What if I want to
get
 CCDP certification, do I need to take all the exams again, or I could just
 take the CID.

 Thanks,

 Daniel
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39460t=39448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCNP to CCDP [7:39448]

[Moffett, Ryan]

CCDA is a pre-req.

-Original Message-
From: Brian Zeitz [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 25, 2002 3:27 PM
To: [EMAIL PROTECTED]
Subject: RE: CCNP to CCDP [7:39448]


Don't take my word for it, but don't you need the CCDA too for CCDP? Or
is CCNA good enough?

-Original Message-
From: Daniel Ma [mailto:[EMAIL PROTECTED]] 
Sent: Monday, March 25, 2002 2:28 PM
To: [EMAIL PROTECTED]
Subject: CCNP to CCDP [7:39448]

Well, I got my CCNP two years ago with old exam track. What if I want to
get
CCDP certification, do I need to take all the exams again, or I could
just
take the CID.

Thanks,

Daniel




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=39473t=39448
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM for CCIE [7:38772]

[Moffett, Ryan]

Cisco ATM Solutions, Cisco Press, by Galina Pildush.  She also contributed
to CCIE Practical Studies, Volume 1 by Cisco Press.   ATM Theory and
Applications by Spohn and McDysan is also a good reference.

-Original Message-
From: Matthew Meiers [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 19, 2002 9:26 AM
To: [EMAIL PROTECTED]
Subject: RE: ATM for CCIE [7:38772]


Anyone know any good ATM books?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Persio Pucci
Sent: Tuesday, March 19, 2002 6:57 AM
To: [EMAIL PROTECTED]
Subject: ATM for CCIE [7:38772]

Folks,

I'm reading the CCIE Resource Kit 2001 Ed., and I think that the amount
of
information about ATM that the book covers is just insufficient for the
test.
Anybody feels like this? Or is it just enough? Any recommendation for
ATM?

Regards,

Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38789t=38772
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT/ Pass one Lab and hold two CCIE certs ? [7:38402]

[Moffett, Ryan]

CCIE = Hexadecimal CC1E = Decimal 52254.   Took me a while too. :-)

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 15, 2002 2:28 PM
To: [EMAIL PROTECTED]
Subject: Re: OT/ Pass one Lab and hold two CCIE certs ? [7:38402]


I'm slow guys and gals, what with all these numbers after the CCIE?  What
CCIE #52254 summposed to mean?

--

RFC 1149 Compliant.


Dennis Laganiere  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 That's cute, but I think I'll wait for ccie #12648430

 --- Dennis

 -Original Message-
 From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
 Sent: Friday, March 15, 2002 10:35 AM
 To: [EMAIL PROTECTED]
 Subject: Re: OT/ Pass one Lab and hold two CCIE certs ? [7:38402]


 I get it! ;-)

 Priscilla
 CNX 01CCDD

 At 11:49 AM 3/15/02, Phil Barker wrote:
 What about the one who passes out as CCIE #52254 ?
 
 Phil.
   --- John Neiberger
 wrote:  Change your last name to Ccie?  :-)
  
   Or, include both the written and lab exam, e.g. John
   Neiberger, CCIE
   Written, CCIE RS #12005.
  
   Nah, because only one of those is a cert.  I give
   up, what's the trick?
  
  
   John
  
Phil Barker
   3/15/02 8:44:23 AM 
   How can you get CCIE after your name twice by only
   passing 1 CCIE Lab exam ?
  
  
   PS : Lateral thinking may be required 
  
  
   Phil.
  
   __
   Do You Yahoo!?
   Everything you'll ever need on one web page
   from News and Sport to Email and Music Charts
   http://uk.my.yahoo.com
 [EMAIL PROTECTED]
 
 __
 Do You Yahoo!?
 Everything you'll ever need on one web page
 from News and Sport to Email and Music Charts
 http://uk.my.yahoo.com
 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=38469t=38402
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: basic OSPF questions [7:37142]

[Moffett, Ryan]

Someone else has tackled the others, I go after #1):

As you probably already know, in a lab setting, loopbacks are great for
building up fictional stub networks to be used in reachability testing and
summarization/filtering scenarios.   For example, you can create interface
loopback0 with an ip address of 10.1.1.1/24.   By default, in OSPF, this
loopback interface's network would be advertised as 10.1.1.1/32 even though
you have specified the /24 mask.   This makes for some confusion.   If you
specify on the loopback interface OSPF network type as point-to-point, it
will force the /24 advertisement to be made instead of the /32.   This makes
the loopback interfaces appear to be just another stub network (not to be
confused with OSPF stub area). 

Ryan

-Original Message-
From: bergenpeak [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 04, 2002 9:00 AM
To: [EMAIL PROTECTED]
Subject: basic OSPF questions [7:37142]


1) A loopback address is normally advertised by OSPF as a host route.
The command ip ospf network point-to-point enables one to specify
that the interface should be advertised as a subnet route.  What are
the benefits for doing this?

2) Must a link cost be the same on for all routers that share the
link?  Is there a protocol reason for this?  Some other reason?

3) In the Exstart phase, how is the master selected?  Chappel's
book says RID while Doyle's say highest interface IP address.  Which
is it?

4) I'm somewhat unclear on the Exchange and the Loading states.  When
a router goes into Exchange state, does it send all DDPs it knows
about before processing any DDPs received from other adjancent
neighbors?
Thus, a router goes into Exchange state, sends all DDPs it knows about,
then goes into Loading state, where it issues LSRs for LSAs it wants
more
details on?  Is this the process?   

5) Is there a difference between DBD and DDP packets?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=37162t=37142
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]