Re: Cisco Routers and RSA secureid [7:71715]
Robert, You'll need both CiscoSecure ACS and RSA Secure ID (ServerAgent). I am working with it on a similar project and it works perfectly. Please feel free to email me with any questions. Regards, -Scott Robert Perez wrote in message news:[EMAIL PROTECTED] Anyone know if I Can I use RSA SecureID FOBS to authenticate access to a Router versus using tacacs+ to do the authentication?? So basically the user tries to Telnet to a router to do config changes. I want their ID to be auth'd against an RSA server. | ---+ | Bob Perez | Telecom Administrator | InterCept, Inc. | [EMAIL PROTECTED] | | **Cisco CCNP, CCDP, CSPFA** | -+ | Phone 302.326.0700 x4242 | | Cell 302.420.6883 | ---+- | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71908t=71715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Routers and RSA secureid [7:71715]
Robert, You'll need both CiscoSecure ACS and RSA Secure ID (ServerAgent). I am working with it on a similar project and it works perfectly. Please feel free to email me with any questions. Regards, -Scott Robert Perez wrote in message news:[EMAIL PROTECTED] Anyone know if I Can I use RSA SecureID FOBS to authenticate access to a Router versus using tacacs+ to do the authentication?? So basically the user tries to Telnet to a router to do config changes. I want their ID to be auth'd against an RSA server. | ---+ | Bob Perez | Telecom Administrator | InterCept, Inc. | [EMAIL PROTECTED] | | **Cisco CCNP, CCDP, CSPFA** | -+ | Phone 302.326.0700 x4242 | | Cell 302.420.6883 | ---+- | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71806t=71715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: regulations [7:66267]
Cory, Look up the Graham-Leach-Bliley Act. It's a governance that states certain security measures that financial instutions should abide by. Good Luck. -Scott Stull, Cory wrote in message news:[EMAIL PROTECTED] Where could I go to find information on network security regulations for banks and medical offices?. Information on firewalls and rules they have to abide by and that sort of thing? Thanks God Bless our troops. Cory Stull CCNP,CCDP,MCSE4/2k Communications Concepts Unlimited 262-814-7214 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66284t=66267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Log files Pix Chkpnt [7:63646]
www.opensystems.com They make a product called Private-I.. It's bar-none the best info-correlation product out there. -- Scott M. Trieste Information Security Consultant p: 201.618.8977 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know of a product that will merge log files from multiple sources Snort, PIX, Checkpoint, etc...? I'm trying to centralize much of our security management responsibilities. Thanx, Mike J. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63658t=63646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE starting pay [7:33899]
Am I not the only one that is insulted by this question?? Joe Carr wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... what would be the average starting pay for CCIE with no work experience. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33927t=33899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE starting pay [7:33899]
They are one and the same when dealing with $. - Original Message - From: Joe Carr To: Scott M. Trieste Sent: Thursday, January 31, 2002 3:10 PM Subject: Re: CCIE starting pay [7:33899] I did not mean no experience I said no WORK experience - Original Message - From: Scott M. Trieste To: Sent: Thursday, January 31, 2002 1:34 PM Subject: Re: CCIE starting pay [7:33899] Am I not the only one that is insulted by this question?? Joe Carr wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... what would be the average starting pay for CCIE with no work experience. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=33966t=33899 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Aeropoint - Cisco CSS 11000 Content switch [7:30711]
Brant, Great call on the BigIP. I am a huge fan of F5's product line, and there BigIP -HA box is sooo sweet. If anyone would like some heads up on these boxes, try www.f5networks.com or feel free to email me. Thanks. -Scott M. Trieste Brant Stevens wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Personally, I hate the CSS... many issues, especially if you use it to distribute load for applications other than HTTP; SQL comes to mind... Not to mention that in my experience, Cisco support doesn't seem to know the box too well... I'm a big Foundry fan... BigIP is also a very solid product line... -Brant - Original Message - From: John Neiberger To: Sent: Wednesday, January 02, 2002 5:39 PM Subject: Re: Aeropoint - Cisco CSS 11000 Content switch [7:30711] We've got one of the original Arrowpoint CSS 100 switches and I love it. They're pretty easy to configure and very reliable. However, we're going to be redesigning that portion of our network and we're seriously considering moving to the competing product by F5. They have a new model that is just coming out called the Big IP 3000 that is exactly what we need. Pricey, but I've heard nothing but great things about them. As far as the Cisco stuff goes, I'm sure you'd be happy with it. I definitely love the one we have. HTH, John Byron 1/2/02 3:16:04 PM Hello- Can anyone share any successes stories and problem areas with the Cisco CSS 11000 Content Services Switch? We're about to begin a migration of dual Local Directors (supporting large ASP model web farm) moving to the CSS 11000. We're upgrading due to bugs and instability we've experienced with the LDs. Would very much appreciate any experiences with the CSS 11000 product. thx kindly.Byron _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=30808t=30711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: load balance between 4 T1s [7:15692]
If your running this implementation with an ISP, chances are they won't use a technology that has proved buggy: CEF. My recommendation would be to use the load balancing feature of such IGP routing protocols like OSPF or EIGRP. khramov wrote in message news:[EMAIL PROTECTED]... I am getting 4 T1s but I think I will have only one IP address. How can I load balance 1IP between 4 T1s. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=15903t=15692 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab Study Partner in Modesto, California area [7:4291]
Have you taked your written yet? I'd be interested in teaming up with you, as I have a full rack of gear to work with. Drop me a line: [EMAIL PROTECTED] Best Regards, Scott M. Trieste Jason Roysdon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Ok, it's come down to this: I need to find me a Cisco study partner. I find myself not always as motivated as I should be to study, especially after a long day of work. I find that often if I'm teach or working with others and going over things I know or learning new things together that I learn it better and also keep at it longer. Anyway, I've got a lab full of gear ( http://r2cisco.artoo.net/routers.html ), just thinking that two heads are better than one in preparation at this point. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=4323t=4291 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip subnetting question [7:1607]
Jason, That calculator is awesome. Great post! Thanks a million. -Scott M. Trieste Jason J. Roysdon wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm not exactly sure what you're looking for, but I'd suggest grabbing 3Com's Subnet calculator, which will let you select by network bits, subnet mask, subnet networks, or hosts. Somewhere on their support site under Windows applications (free). I keep a copy on my server as well if you like: ftp://artoo.net/pub/bin/windows/32bit/3CIPCalc.zip Here's a URL with some IP basics (it's a good course for those wanting an overview on basic tcp/ip networking): http://www.freesoft.org/CIE/Topics/26.htm -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Lowell Sharrah wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anybody out there have a soft copy of a table that lists the subnet mask, number of networks and number of host per subnet for class a,b, and c networks? Appreciate it very much. Chuck Larrieu 04/23/01 11:07AM Idle curiousity - what resources have you already checked? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of jastinaveen Sent: Monday, April 23, 2001 3:27 AM To: [EMAIL PROTECTED] Subject: pl provide sol for ccna questions [7:1582] 1)How can you check the frame relay configuration on an interface 2) If the access-group command is configured on an interface and there is no access-list created which of the following is most correct? a) An error message will appear. b) The command will be executed and deny all traffic out. c) The command will be executed and permit all traffic out. d) The command will be executed and permit all traffic in and out. e) The command will be executed and deny all traffic in and out 3)what frame-relay displays source and destinations dlci's FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1652t=1607 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX CPU
Is there a "sh proc cpu" command on the PIX or something similar? I am curious to know if a certain process is killing my CPU. Thanks in advance. Best Regards, Scott M. Trieste _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AW: Anyone tried setting up a Linux TFTP Server for Cisco?
Drew, Bravo! Very well said. Both *nix and Winbloze systems all have services turned on by default, when it's installed. IE- ftp, nis, isa, www, tftp, terminal, etc. These services all have corresponding ports that are listening on the box. If services aren't being used their should be no good reason to leave them turned on. Poorly configured/administered servers are the reason for vulnerabilities, not because one is "just" better. My $.02. -Scott "Drew Simonis" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Udo Konstantin wrote: Please can you more specify A unix system is more secure than a Wxx system. So you need to configure your linux box for an nsecure connect. I know its off topic, but I hate such narrow minded comments... If you have ever installed any *ix system, you'd be darn well aware that the thing isw i d e open. There is almost no security there. It has to be added and maintained. Win32 systems are similar. Very trusting and friendly until they are properly taken care of. Is *ix inherently more secure? no way. I challenge anyone to make a valid, non-ideological based comparison of a base Win32 and a base Liux install. If Linux were so damned secure in its current state, I woulnd't see IDS logs filling up with folks scanning for obvious Linux vulns, now would I? Bottom dollar is, without proper administration, both Win32 and *ix suck big time. With proper care and feeding, they can both become releatively secure. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM PVC monitoring with RPM
Teerapun, You have to make sure that your SNMP Community and trap settings are configured both on your MRTG server and on your router. If you can provide more info, we can definitely help you better. Regards, Scott M. Trieste ""Teerapun"" [EMAIL PROTECTED] wrote in message 97v8lh$gkh$[EMAIL PROTECTED]">news:97v8lh$gkh$[EMAIL PROTECTED]... Dear sir, I got the problem when I try to use MRTG for generate traffic monitoring of ATM subinterface of Cisco Router (RPM module of MGX that compatible with cisco7200). Please help me how can I config cisco router and mrtg becuase I try many way but not work at all. Thanks for advance. Best Regards, Teerapun P. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Another Router-on-a-stick Post
Colleagues, I've been browsing cisco.com for some info on inter-vlan routing with the 2610. Cisco says there is a way to build ethernet sub-interfaces for trunking to a switch. But when I do a "int e0/0.100" and try to add an IP address, it gives me an error message: "Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10 or ISL vLAN." There doesn't seem to be an "encapsulation [dot1q | isl] command on this router, and mls obviously isn't supported. I know that I could just give this interface multiple IP address and use a "switchport access multi" command on the switch-- but that would be too easy. By the way, I am trying to do this with a 2924XL. Should this or shouldn't this work? Many thanks in advance, Best Regards, Scott M. Trieste _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP over Satellite link
What exactly are you looking for? Configurations for VoIP or for satellite comm? Thanks. -Scott "Amit Gupta" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Help needed on the prerequisites in the form of IOS for configuring VoIP over an International Leased Private Circuit. Do the Cisco Routers at both the sides have to have a minimum IOS version. We are using the 3640 Router at both ends. Thanks Regards Amit __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows NT DHCP with multiple Scopes
You will also need to create a "super-scope" since you will have 2 different net addresses on the same NIC card. "Hatim badr" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All, I'm using Windows NT DHCP server with 2 scopes in that server. I'm creating 2 VLANs. To be able to use the DHCP with this situation , I'm using 2 NIC card , one for each VLAN. I wonder if I can use only one NIC card and the IP HELPER ADDRESS with it! given that I want to use the same structure, I mean each VLAN has its own scope. Thanks Hatim Get free email and a permanent address at http://www.netaddress.com/?N=1 _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: juniper and cisco
Juniper v. Cisco Juniper seems to be a serious player in the carrier core, IP-only arena. Companies like Worldcom really like the wirespeed Gigabit/Terabit switching fabric. On the other hand, Cisco has a strong grasp (and market share) in the Enterprise arena. For my $.02 worth, they provide the best products for end-to-end integrations. Not to mention that practically all their products play nice with one another. Although that may not be the case with other vendors: (*cough*, *cough* ie- 6509's and HP Procurves; Firewall -1 and PIX ). Hope this helps. Best Regards, Scott M. Trieste ""cslx"" [EMAIL PROTECTED] wrote in message 97dk96$f5i$[EMAIL PROTECTED]">news:97dk96$f5i$[EMAIL PROTECTED]... it is said that the core technology of juniper is better than cisco now,it that true? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Convergence time 6509-6509-3524
If you are running HSRP, your failover time should be almost instantaneous. If you are letting EIGRP/OSPF handle your redunancy, I'd say 60secs is a good estimation, barring your 4 6509's are the only layer 3 devices on your infrastructure. "Timo Graser" [EMAIL PROTECTED] wrote in message B9FA35776B31D411A5DA00104B2BC0390DCEA6@fileserver">news:B9FA35776B31D411A5DA00104B2BC0390DCEA6@fileserver... I have 2 6509 in the Core Layer, 2 in the Distribution Layer, and 3524s in the Access-Layer. All 6509 with Layer 3. All links redundand with Gigabit My Question is: How long is the Convergence time if a link fails? Routing Protocol EIGRP or OSPF. 65096509 Core | \/ | 6509 6509 Distribution | \/ | 3524 3524Access(50 Switches) thx Timo _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Port Redirection
Colleagues, I am trying to achieve port redirection on a PIX-520. We have an application that only accepts connections on a user-definable port but some of our customers don't allow any inbound traffic other than 80/443. Is there any way to redirect inbound (port 80) traffic to a user-definable port(ie 4003). If possible, I'd like to make this happen on a PIX-520. My feeling is that a feature of NAT will allow me to do this. Any insight is appreciated. Thanks in advance. -Scott M. Trieste _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Firewall
Howard, If you are trying to block all incoming traffic from the Internet, without inhibiting your outgoing network traffic use this command at the beginning of your ACL: permit ip any any established. This will allow all tcp/udp conversations through the firewall, as long as they were initiated from inside your network. Regards, Scott M. Trieste ""Howard Yuan"" [EMAIL PROTECTED] wrote in message 96v2gr$kri$[EMAIL PROTECTED]">news:96v2gr$kri$[EMAIL PROTECTED]... Hi, I'm trying to set up a firewall on my Cisco router. I'm trying to block everything from the Internet except for webpage access (port 80). But, when I set it up to do that, I can not surf the net without putting in the line: permit ip any any But, doing that will allow everything to come in through the router. I don't want anybody being able to come in through any port except for the ones I specify. Is there anybody that know how to do that? Please tell me. Thank you in advanced. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewalls and VPNs
What are you talking about? A PIX is nothing more than a router with ONLY Ethernet interfaces. You mean to tell me that the "route (interface) dest address, dest mask, next hop, metric" command doesn't actually route? Just my $.02. -Scott ""Jason"" [EMAIL PROTECTED] wrote in message 96l2j0$uh4$[EMAIL PROTECTED]">news:96l2j0$uh4$[EMAIL PROTECTED]... As someone said yesterday: The PIX will not route, period. It will NAT (including NAT 0), but it will not route packets between different networks. If you need routing off any interface on a PIX, you need a router there. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ "anthony kim" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... A device can best be described by its chief function. You can use a PIX as a router, just allow everything through. In fact you can use a router as a firewall, be selective with access lists. Terminology is flexible as long as you're pragmatic about function. On Fri, Feb 16, 2001 at 10:52:06AM -0800, Dan West wrote: PIX - sounds like a router to me - packet forwarding based on layer 3 addressing. It has extra security features and all of a sudden it's a firewall...marketing fluff? or accurate description??? who will uncover this mystery ; --- mtieast [EMAIL PROTECTED] wrote: I think this comes from the fact that cisco instructors in class say that the Pix is not a router. I have heard this as well when I had the class. I know the Pix is not a router, but does it route? Well, if making decisions about where to send traffic based on layer 3 info is routing then I would argue it does route. It does not forward traffic based on layer 2 info so .. It routes traffic to the appropriate interface. Can someone else shed some light as to why this is said. If it doesn't route the traffic it recieves what does it do? -Original Message- From: haroldnjoe [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, February 16, 2001 12:41 PM Subject: Firewalls and VPNs I've read here a couple of times that PIX's don't route. Period. In light of this I'm left a little confused as to a proposed network map I was given recently. The core layer router is a 3640 linking all of our branch offices together. From the 3640, there is an ethernet connection to a PIX 515R. From the PIX, there is another ethernet connection to a 1750 router. The 1750 connects via T1 to our ISP. There is yet another ethernet connection from the PIX to the isolation lan, on which resides an internet mail/web server and a VPN 3000 concentrator. If PIX's don't route, what subnet is the isolation lan going to sit on? As I understand it, the PIX will be providing NAT functionality for the 3640 and everything behind it. So I would assume that the T1 and ethernet interfaces on the 1750, the outside interfaces on the PIX, and everything in the isolation lan including the VPN concentrator will have to have public IP addresses which will be given to us by our ISP. The way the map is layed out, it looks to me like the isolation lan would have to be on its own subnet. What am I missing? If the PIX doesn't route, do it's ethernet interfaces reside on the same subnet as the isolation lan? If so, then the ethernet interface on the 1750 must also be on that subnet, right? This is the proposed network map that Cisco's presale engineers gave me. I'm sure it's a solid design, but I'm still trying to work out the details so that I understand what I'm implementing (always a good thing, I think). Thanks for your time, [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = from The Big Lebowski... The Dude: You sure he won't mind? Bunny: Dieter doesn't care about anything. He's a nihilist. The Dude: Ohhh, that must be exhausting... __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to
Re: Firewall Traffic - What Is The Bandwidth Limit Of A PIX?
Christopher, Assuming that an OC-12 will be piped to your location, I trust your router has enough firepower handle it. My recommendation would be a 7206VXR with a gigabit ethernet module. My firewall recommendation is a Checkpoint Firewall-1 on a Linux platform (Red Hat 6.2) with an Intel gigabit ethernet adapter. On a Dual Xeon machine you'll be astounded at the perfomance. You could even run a firewall cluster with a software package called Stonebeat. If I can help in any way, please drop me a line. Regards, Scott M. Trieste CCNP/Security, CCDP, RHCE, MCSE+Win2k ""Tim O'Brien"" [EMAIL PROTECTED] wrote in message 008c01c09b67$ef5bee10$bb3344ab@tiobrien">news:008c01c09b67$ef5bee10$bb3344ab@tiobrien... It depends on what kind of bandwidth you are talking about (encrypted or not) but here are the current throughputs for the different PIX firewalls. Aggregate Full Duplex Clear Text (Mbps): 515R - 120 515UR - 170 520 - ~370 525 - ~370 535 - 1,000 (Yep.. 1Gbps!) If you need anythin else, let me know... Tim - Original Message - From: "Christopher Kolp" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, February 20, 2001 12:37 PM Subject: Firewall Traffic - What Is The Bandwidth Limit Of A PIX? This question is a bit off target from the list but maybe someone can shed some light on this My company is looking to purchase firewalls for our OC-12 circuits. I know in the past, bandwidth was a serious issue with firewalls ie. not being able to pass traffic fast enough. Has anyone had any experience with this? We brought a Nokia in for testing and found it choked at 40Mbs. I realize that every manufacturer would like to sell the world and claim unreal numbers, so I'm asking for any advice! Thanks!! Ck _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SBI/PacBell Basic ADSL PVCs?
Why are you wasting your time with ATM over broadband? ""Jason"" [EMAIL PROTECTED] wrote in message 96fumt$fi9$[EMAIL PROTECTED]">news:96fumt$fi9$[EMAIL PROTECTED]... Here's what I just sent off to PacBell's support team, but I'm sure I'll have to battle their live tech support personnel to get in touch with an engineer who can answer this (if someone else knows, that'd be great as my ATM knowledge is limited to configuring a few 1417 ADSL CPE routers): Up until this point the customer has connected with their Westel Wirespeed using the EnterNet 300 software. However, we're moving to a new platform for VPN support and security: I'm configuring a Cisco 1720 router with an ADSL interface card for a customer with Basic ADSL which uses PPPoE. The Cisco 1720 supports PPPoE authentication, but I first need more ATM info. What PVC information should I configure for the router? I've tried 0/35 8/35 (the two standard PVCs I know about for Enhanced ADSL), but neither get me past Layer 2 ATM. -- As a side note, here's the base config I used on the 1720 and also on an 827-4v for my personal static "Enhanced" ADSL connection (no need for PPPoE, and PVC 0/35 worked): bridge irb ! ! ! interface ATM0 no ip address no ip route-cache no ip mroute-cache atm vc-per-vp 256 no atm ilmi-keepalive pvc 0/35 ! dsl operating-mode auto no fair-queue bridge-group 1 ! interface FastEthernet0 ip address 192.168.45.172 255.255.255.0 speed auto ! interface BVI1 ! I configure a static MAC so that I don't have to wait ! for the PBI router's ARP table to ! clear out when I change routers mac-address .0c85.8f1c ip address 63.206.176.162 255.255.255.248 ! ip classless ! bridge 1 protocol ieee bridge 1 route ip -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ Cisco resources: http://r2cisco.artoo.net/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: %STANDBY-3-DUPADDR:
g_study, When setting up HSRP, if your physical/virtual IP address crashes into another box with the same address, you will get this error, and HSRP will fail. Thanks. -Scott [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Has anyone run into this error before? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whew... I passed
Man, oh Man. You are a CCNP/ CCDP and your not pulling 60k? My friend, you need to stand the hell up and get paid appropriately for your expertise. Do you realize that in NYC, you could take home 100k just on your certs alone. The thousands of Cisco Partners in this area gobble up anyone with CCNx next to there name (provided your resume isn't empty). Once again, feel free to flame away. Just my humble $.02. -Scott ""ItsMe"" [EMAIL PROTECTED] wrote in message 948h65$j28$[EMAIL PROTECTED]">news:948h65$j28$[EMAIL PROTECTED]... I'm not saying I don't think you owe the company if they pay your way, by no means. I just saying to be aware of what you are agreeing to. Wow 30K to 120K, I could double my pay and not be at 120K, it may be time to move forward. Me ccnp+security, ccdp, mcse, mcp+i, n+, a+ "Dennis Laganiere" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm ready to get spammed for this, but here are some thoughts from the other side of management. If YOU paid for your own training, lab equipment, and lab attempts (probably multiple, at $1,000 piece) then I could see your asking for a huge raise. HOWEVER, if the company paid for your training, bought $15,000 to $20,000 worth of lab equipment for you to play with, and gave you the time to study, + lab attempts, +travel expenses+ god-knows-what-else, I think you owe something back, and perhaps some time served at your current rate is the least they could expect in return. If they support you through the whole process and you either leave or start barking for the stars salary-wise, the guy next to you, who's six months behind you on the same career path, won't get the price of honey for his tea. Again, these are just my $.02 --- Dennis -Original Message- From: ItsMe To: [EMAIL PROTECTED] Sent: 1/18/01 6:39 PM Subject: Re: Whew... I passed Convincing the VP isn't the hard part, its after you pass explaining to the VP that a $20K/year raise is warranted. Which in turn he says your are nuts, so you decide to leave... until he breaks out the agreement that says in fine print that you have agreed to pay back all training funds it you leave... Be careful! "Jim Healis" [EMAIL PROTECTED] wrote in message DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2... Well, I did it. I passed the CCIE written exam this morning. And, for just a moment, I felt the weight of the world lift off my shoulders. Then I thought about the lab exam and what I need to do to get there. Thankfully, I have a plan; it just needs to be put on paper so it can be a working document. I have posted much in the recent weeks about how I have studied to get this far, so I won't post it again. But if you have specific questions about certain areas, that won't violate the NDA, I will be happy to answer them. Now, my next challenge comes along... not the lab... convincing my boss that the company should pay for the lab exam and any needed materials for getting there. I know that I shouldn't rely on this as the means to the end; but if I can get it, why not? Anyone have any pointers on how to convince a VP that doesn't know much about the CCIE program that he should approve these things? Thanks for the wonderful humor and study tips! Jim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cat5500 question
They are referring to the actual Supervisor Module. Normally it is the module with your console connection. Regards, Scott M. Trieste ""Jason Tran"" [EMAIL PROTECTED] wrote in message 947hfv$pju$[EMAIL PROTECTED]">news:947hfv$pju$[EMAIL PROTECTED]... Hi Group, just have a quick question. I have a cat 5500 currently has a Supervisor Engine I. If someone tells me I need Supervisor Engine II, is he talking about software or hardware? How am I going about changing it to Supervisor Engine II? Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Flame bait.
Ladies and gents! Just a thought. But I was curious as to the most vicious combination of Cisco paper. It's no secret that a CCIE is by far the most sought after cert on the planet. That being the case I'd be curious to know what kind of position/compensation someone with CCIE/Design/RS/Security would have. If in fact this person exists. Anyway, this is just a thought, feel free to flame away if you must. Regards, Scott M. Trieste CCNP/Security,CCDP,MCSE+I+Win2k, RHCE _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switch port IP
Bob, Can you be more specific as to what kind of switch. Cisco products run a proprietary protocol called CDP- Cisco Discovery protocol, but this will only show cisco devices connected to it. If you know what ports your devices are interconnected to, use this command: show mac-address-table This will show you every mac address connected to the switch. So if you know the mac of your device, this could be the answer your looking for. Hope this helps. -Scott ""Sites, Bob"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED].. . Can someone refresh my memory on this. What is the command on a switch that will show you the IP address of connecting devices on the ports? Can't seem to get any hits in the archives. I use it so seldom I've forgotten what it was? Bob Sites, CCNA System Engineer Valley Health System, IS Dept. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Flame bait.
3 words: I Love Beaucrats. I meant not to start a war. My intent was to ask an objective question. Please point your reponse at the alt.was-a-cashier.now-a-network-engineer.so-where's-the-cash.certification thread. But thanks nonetheless for the response. ""Peter A van Oene"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It's my experience that companies do not buy certificates, they hire people. Hard or not, simply passing tests does not imply superiority in my books. *** REPLY SEPARATOR *** On 14/11/2000 at 8:55 AM Scott M. Trieste wrote: Ladies and gents! Just a thought. But I was curious as to the most vicious combination of Cisco paper. It's no secret that a CCIE is by far the most sought after cert on the planet. That being the case I'd be curious to know what kind of position/compensation someone with CCIE/Design/RS/Security would have. If in fact this person exists. Anyway, this is just a thought, feel free to flame away if you must. Regards, Scott M. Trieste CCNP/Security,CCDP,MCSE+I+Win2k, RHCE _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rumor Alert - Lab Changes - WAS: Flame bait.
Chuck, Thanks for the heads up. -Scott ""Chuck Larrieu"" [EMAIL PROTECTED] wrote in message 009801c04e52$e9daf6a0$[EMAIL PROTECTED]">news:009801c04e52$e9daf6a0$[EMAIL PROTECTED]... Before you all get hot thinking about CCIE specialties and the money you can make, you may want to facto in a couple of RUMORS about the CCIE track I heard recently. Rumor #1 - The CCIE Design certification is being dropped. Why? Because no one can figure what it is supposed to be or do, and the lab itself is a crock. Rumor #2 - The CCIE ISP/Dial lab is being revamped completely. It is turning into DSL / Cable Modem etc. Don't know about the ISP side of things - BGP, IS-IS, peering, etc. Rumor #3 - The CCIE Security will involve configuring Cisco security products on both Unix and NT boxes and doing VPN tunnels end to end, meaning for the first time a candidate would be responsible for end user equipment in the lab. Them changes is coming. Remember - these are RUMORS, and may or may not be true. Always check the Cisco web site for the facts. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott M. Trieste Sent: Tuesday, November 14, 2000 5:56 AM To: [EMAIL PROTECTED] Subject: Flame bait. Ladies and gents! Just a thought. But I was curious as to the most vicious combination of Cisco paper. It's no secret that a CCIE is by far the most sought after cert on the planet. That being the case I'd be curious to know what kind of position/compensation someone with CCIE/Design/RS/Security would have. If in fact this person exists. Anyway, this is just a thought, feel free to flame away if you must. Regards, Scott M. Trieste CCNP/Security,CCDP,MCSE+I+Win2k, RHCE _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switch port IP address
Try sh mls entry. Your 6509 will have this feature by default. But do you have a RSM module for the 5000? Good luck. ""Sites, Bob"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED].. . I guess I need to clarify this a little. Yes, I'm talking about Cisco switches, 6509 5000's. No, I'm not looking for MAC addresses. I thought that there was a command that would list the IP of all connecting devices on (all) ports on the switch. The "sho cdp nei det" or other variations only shows the ip of the ports that are "trunking." I need all of the ports, not just the trunking ports. Any ideas? Can someone refresh my memory on this. What is the command on a switch that will show you the IP address of connecting devices on the ports? Can't seem to get any hits in the archives. I use it so seldom I've forgotten what it was? Bob Sites, CCNA System Engineer _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Youngest CCNP
Neo, I can't help but chime in here. I'm 20 with NP/DP. IE written is december first. Just my $.02. Scott M. Trieste MCSE+I+Win2k, CCNP/ Security, CCDP, RHCE [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am 21 also and will have mine before 22 (2left with 8 months). I also doubt very highly that this is the youngest. I think that I heard Global Knowledge is sponcering some 12 year old in getting his CCIE (no joke). So I would imagine he/she has their CCNP. Could be wrong though... Mark Z. ~ CCNA, CCDA, 1/2-NP (oh so close) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCIE Written!
Rob, Congratulations on both your exam and your new born son. Perhaps a better future for him will be your driving force, we all tip our hats to you. Good luck. I'll be taking my CCIE written on December 1st. Best Regards, Scott M. Trieste CCNP/Security, CCDP, MCSE -Win2k ""Rob Fielding"" [EMAIL PROTECTED] wrote in message 000a01c04c20$b0e620b0$ca85ea18@minime">news:000a01c04c20$b0e620b0$ca85ea18@minime... This was no easy test. I got 78%. It wasn't very ambiguous, but I really had to pick apart details to choose an answer. To make matters worse, the test exploded half-way through. Fortunately, when they got it restarted, it picked up where I left off. I finished with plenty of time to spare. An occasional joke planted in the test helped to clear my head a few times. I didn't notice a focus on any one subject. There was an even mix of everything (and I mean everything!). This test was more detailed than ACRC. I didn't do a very good job studying for this test. I dragged it out too long. I was going to take itbefore my son was born, but he arrived a month early so its been hard to find study time recently. I could have taken it a couple of months ago after I finished my CCNP cert, but I was just too lazy. The resources I used were: CertificationZone - very good, probably the single best resource, but I don't like the fact that you can only take the tests once each. CCIE Exam Cram - surprisingly detailed. Good sample test, but not enough by itself. Que CCIE prep kit - Average. Boson - loaded with errors. Very frustrating. I never even tried all four tests. I just gave up after two. I have Internet Routing Architectures and Routing TCP/IP, but I haven't read them yet. I just used them for reference occasionally. CCNP and field experience - This would have been too hard without experience and focused studying. Well, now I'm off to find a lab date and give away $1000 to Cisco. Wish me luck. -Rob Fielding
Re: HSRP Betweem 6509 MSFC Blades
Stan, Trunk your 6509's, ISL/On. Don't use spanning tree between your Switches. HSRP between your MSFC Cards will suffice. Can you post your configs, I'm sure we can help. Thanks. -Scott ""Rossetti, Stan"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Could someone tell me if they have seen this problem before or have any suggestions. Scenario: We have 2 6509 switches with msfc cards in each on the 1st floor and 4th floor of a building. We have redundant links between the switches and each switch has redundant sup 1 cards with the msfc blades. We also have 2 more 6509 switches on the 2nd and 3rd floors of the same building. The first floor switch is connected to the outside world through a 7206 router. There are multiple vlan across each switch that are connected to the user through several 3500 series switches on each floor. When we first turned HSRP on, the msfc1 vlans did not come up. We get Cisco online and they said we had a bad msfc card. So we switched over to the redundant msfc card (msfc2). The vlans came up and hsrp between the switches was working (exchange hello packets and send standby info). Each vlan knew of the other vlan standby router and ip address. To run a test we disabled our connection to the outside world to localize any problems and brought up continuous ping sessions between the switches and vlans on the 1st and 4th. Next we shut down the 1st floor switch. (Note: The 1st floor switch has the higher priority). The network went down and hsrp did no swap over to the standby switch. Additionally, when we disconnect the cable between the 1st floor and 4th floor switch we see duplicate ip address errors. We saw the same duplicate ip errors the last time we disconnected the cable between the 1st and 4th floor switches, but that was before we had hsrp installed. Some other useful info: About 3 weeks ago, before we installed the 1st floor switch the 4th floor switch acted as the interface to the outside world through the msfc card that cisco now says is bad. Then we installed the 1st floor switch and move all connections through the 1st floor switch. Essentially the 1st floor switch became the interface to the outside world with redundant link to the 4th floor and 2nd floor switch. When we did this the vlan could not talk to each other. Which means that we could ping the msfc card from the outside world but not the 6509 switch. Internally, we could ping the 6509 switch, but not the outside world. To isolate the problem we removed the connection to the 1st and 4th floor switches like we did above and everything came up, but we saw the same duplicate ip address errors. We did a hardware reset of the switch and reconnected the 1st and 4th floor switches and everything started working correctly. Any ideas? This make no sense to me and installing HSRP should not be an 8 ordeal. Thanks, Stan Rossetti Russia Services Group Email: [EMAIL PROTECTED] Phone: (256) 544-5031 Beeper: 544-1183 pin # 0112 ... _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Getting into Cisco
Hey Everyone, At 6:00 today I am being thrown to the lions. Objective 1 of 5 was fuffilled last week: the preliminary technical interview. Tonight I will be pitted against 5 Senior Engineers of Cisco's Network Service Engineering division. We'll see how much I really know. Wish me luck. Scott M. Trieste _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Resetting cisco 2610 as Username and Password
Selvan, This router is most likely being authenticated by a TACACS or RADIUS box. Try to locate the authentication server and reset the name and password. Other than that you'll need to breat into the router via a console connection, and then reset the boot registers. Hope this helps. -Scott ""tselvan"" [EMAIL PROTECTED] wrote in message 000c01c0432f$0512b590$0900a8c0@msense10">news:000c01c0432f$0512b590$0900a8c0@msense10... Dear friends, In one of my client place a new administrator has taken over the incharge of network. They are using cisco 2610 router for which the admin doesnot know the username and password for cisco 2610 router. Recently they want to configure a leased lineto internet in cisco 2610 router . They have contacted me to Reset the router Help me in this regard. Regards Selvan
Re: HSRP priority bug???
Mark, I have run into this before. Chances are there is another device on this segment that is listening to multicast 224.0.0.2. Do a "debug standby" and see if these devices are communicating. My intuition says that another device on this segment is hearing the 224.0.0.2 multicast. Let me know what you find. -Scott [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hey Group, Got an issue for you. I am faced with a dilemma here. We have a client who is about to make us upgrade about 100 IOS's to fix this issue and I just want to know if there is another way around it. We have a site with 2 redundant routers. HSRP is configured between them. The modle is Cisco 2612(Token/Ether) when we configure HSRP with a priority of 100 on the secondary router and 105 on the primary both of them get stuck in INIT. The rest of the network uses these settings and everything is nice and dandy. When we go onto these devices and try to set the priority to 100, HSRP does not work!?!? If we set it to 105, 110, 115, etc. it will work just fine but for some reason it will not except 100. Has anybody ever dealt with this problem or know how to fix it? I would really appreciate it if somebody could help us out or it looks like we will be working nights here if you know what I mean. Thanks in advance all... Mark Zabludovsky ~ CCNA, CCDA, 1/4-NP _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Please don't lie on resumes
My answer is that because a Frame-Relay network is a Non-Broadcast Multiaccess Network, a virtual link needs to be established between the AS's on either side of the frame-link. Just my $.02 -Scott "Charlemagne" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Everyone, Don't put down lies or exaggerate on your resumes. You will be uncovered. Things like, "Very Familiar with OSPF" leave you open to questions like "Explain the problems with OSPF over Frame-Relay partial mesh networks". If your very familiar, then you know the answer to that question. If you have OSPF all over your resume and can't answer that, potential employers will probably not hire you. Be honest, and your chances of getting that job become greater. Regards Kamoto __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CiscoSecure
Cisco Secure/NT Tacacs+/AAA Beautiful combo, It runs awesome. ""C. Cubberley"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have some questions on dial-up security. Currently we are using CiscoSecure on a Unix platform, with the default ISQL database, and AAA using TACACS+. These seem to have been all the wrong choices. The current thought is to continue with CiscoSecure, but use it on an NT box, with the default database, and change to RADIUS. I think that maybe a mistake, TACACS seems so much more robust, and we already have a good start on it (over 3,000 users defined). But, it seems like Cisco is not giving it very much support anymore. So, the question is, is anybody using CiscoSecure with NT and Radius, and liking it, or is there any other product people are happy with and would recommend? Thanks in advance, C. Cubberley State of New Jersey _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 (2948G-L3) switching question
What kind of link will be connecting you? If your remote office projects are being done at remote locations, there probably wouldn't be a reason to create VLANS. I could use a little more information on this subject. Thanks. -Scott ""Jeff Walzer"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have 4 remote offices that have the 2620 router installed but need the capability to use and route between VLANs. Being that the lowest router required to route between VLANs is the 3600 series (please correct me if I am wrong) I was considering buying the 2948G-L3 for these sites. Would this be a good solution? These remote offices will have various projects going on using people from other companies and I want to keep their traffic separate from our internal network traffic. Thanks, Jeff **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: routers for sale
That is way over priced. 25xx boxes are discontinued. We can do much better on Ebay. [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am sorry. both routers asking $2300 including cables. 16ram 8 flash and ios 11.x and 12.x **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ether Channel is it an issue???
Sandeep, set spanning-tree portfast on all interfaces that your DC's are connected to. Also make sure that your servers and corresponding interfaces are all set to 100mbs Full Duplex. I have seen this problem a million times. Another NT Domain issue that I've seen, in this case is not correlated to your Cisco gear. If you can ping your DC's there is obviously Layer 3 connectivity. In this case we need Layer 5/7 connectivity. Remember Micro$oft'$ triple R. Restart, Reboot, Reload. I would try powering down all your member servers and clients. Then power up your PDC BDC's, and rejoin your domain. After doing this "clear arp" and "ip route *" on your 6509's. Using server manager make sure that all your clients/member servers/dc's are in this new domain. Power the bad boys up and you should have connectivity. By the way-- If this is a production network, I wouldn't recommend this during business hours. Good Luck, Scott M. Trieste CCNP,CCDP, MCSE,RHCE, Bay Router Specialist "Sandeep Kulkarni" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, Slightly off topic, But i just want to share someone's view on this one. We are in the process of migrating our infrastructure to the Cisco switches. We have a pure NT netowrk with Once PDC One BDC. I mooved all the users to the new switch with no issues at all. Then started mooving all the NT member Servers, This also went very smmothly. However when i mooved my BDC i am having a nightmare, I am getting all kind's of authentication problem like login script hangs, Or people not able to see the domain controller (Tcpip connectivity is fine) This has started happening only after we mooved the BDC to the new switch. I have Ether Channel on the Servers with the Intel cards. Tcpip connectivity looks fine. This started happening only after i mooved the DC to the new Cisco 6509 switch. I don't know weather it's a coincidence or a problem. Also i have checked the Domain controllers for their sync. issues there are none. I was just wondering if anyone has land up in the same mess as i am have any resolution to this one. Any help is greatly appriciated thank you in advance Sandeep __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie written
Would it ever be possible for someone to pass CCIE written by sheer fluke? I have a little of this router mumbo-jumbo under my belt and feel I could hack it. Dumb question I know. Thanks in Advance. Scott M. Trieste CCNP,CCDP,Bay Router Specialist,MCSE,RHCE **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ccie written
Phillip, With the exception of some 25xx's at work I really have nothing at home. But at work I have everything from 2503's to Cat65k's running 802.1q. I have extensive hands on with 2500/2600/3600/7200/7500 routers, and practically every switch that Cisco makes. Although, I have no PIX experience whatsoever. We use a product by Checkpoint called Firewall01. Thanks. -Scott bunch of nifty wallet cards. "pwdiamanti" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am studying for my CCIE written as well. The part that is killing me is all this legacy token ring crap. I don't care about the RIF or RII in a token ring frames. It is hard to say if you would pass it by a fluke chance? What are you using to study for the CCIE? I have 7 routers and a Adtran 550. I need to get some token ring routers but I don't have the cash for them. I don't know if I will pass the CCIE lab without hands on IBM SNA token ring stuff. I wish they would get rid of all this RSRB and SRB all together. Phillip CCNP,CCDA,MCT,MCSE "Scott M. Trieste" [EMAIL PROTECTED] wrote in message news:8r24g6$obp$[EMAIL PROTECTED]... Would it ever be possible for someone to pass CCIE written by sheer fluke? I have a little of this router mumbo-jumbo under my belt and feel I could hack it. Dumb question I know. Thanks in Advance. Scott M. Trieste CCNP,CCDP,Bay Router Specialist,MCSE,RHCE **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Connect two cisco with transceivers
what kind of hub do you have does it support auto-sync? also check your duplex/speed configs on your eth interfaces. If you really want to interconnect these boxes to a hub. the best bet is to use 2 x-cables and plug them into ports 1 2 on your hub. Do NOT connect these to an uplink port on your hub. Best of Luck. ""Stuart Laubstein"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am trying to connect two cisco 2501's together using rj45 cables and a hub and transceivers in the AUI slots. Will this work, and if so what might I be doing wrong as they certainly will not telnet or ping each other. I have set ip's on both E/O interfaces and both trannsceivers show a link. Setup looks like this router1 E/0transceiver--cable--hub--cable--tranceiver--E/0 router2 both the cables are only 15 inches long and someone mentioned that maybe they need to be longer. Should I be using some other kind of cable? thanks for any help stuart _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access List Question
Is there anyway to remove a specific line from an access list without erasing the entire thing. Thanks in advance. Best Regards, Scott M. Trieste ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]