pix + router, design issue [7:63244]
I have a case with a customer that I am installing a PIX and a border router for, He want´s to have controle over the border router, but the Service Provider, is providing their router as the CPE. one interface on the Service Providers router has an ip address from the customers public ip address range, so I am thinking about what would be the best way to config the customers border router, as it will need to be sending some ip address that is on the interface connected to the CPE router back to the pix. - -- -- - - -- -- - - -- -- - PIX 213.100.1.10 Border RouterCPE Router 213.100.1.1 I am beeing a little slow to day, so I would like to get some input on how you would handle this secenario. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63244&t=63244 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCNP Done, finaly [7:63355]
Just finished BSCI today, and also my CCNP. boy the BSCI was realy hard, I think it was harder then all the other combined. But thats probably beacuse I dont have that much experince with Routing Protocols, used the Sybex book, and hands on with my router lab to prepair. I got a lot on BGP and EIGRP, and some easy stuff on OSPF and IS-IS. Best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63355&t=63355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
City Wide MAN Design [7:63706]
Hi all I am looking for some insightes into a MAN desigin spanning a city using Fiber Gigabit Ethernet Links. What I am realy looking for are comments about the pros and cons of a Ring design vs. the standard Core-Dist.-Acces. design with redundant paths from the dist to the core. any thoughts Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63706&t=63706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Core Layer L2 or L3 [7:63708]
In a Core-Distribution-Access Layer design, would you keep the Core L2 or with high end L2/L3 switches such as the Cat6500 do you think it would be better to do L3 in the core ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63708&t=63708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ADSL Between Head Office and Remote Branch [7:63711]
I would think that you would have to use the 828 G.SHDSL Router, not an 837 ADSL, as an ADSL connection requires an DSLAM to connect to, but the G.SHDSL is for point to point Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63712&t=63711 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VLAN Trunking + Access lista [7:63739]
Hi When using vlan trunking from a router, for example in a router on a stick enviroment, I would create subinterfaces on the ethernet interface on the router, does that in some way limit the use of access-lista to controle traffic, like traffic between the vlans and out of the router through another interface ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63739&t=63739 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
New CCDP [7:63848]
Please note that under the new structure, Remote Access exam (640-605) will no longer be a required exam for CCDP. Registration for the current 640-025 exam will end on May 27, 2003, and the existing Cisco Internetwork Design (CID) course will end-of-life on April 28, 2003. For those candidates who have already completed the current CID exam, Cisco will recognize Remote Access and CID exams instead of the ARCH exam until September 1, 2003. I have a CCNP and am taking the CID today, am I reading the cisco text right as to If I complet the requierments for the old CCDP before Sept 1. 2003 I wil be valid as an CCDP and I dont have to recertify until after the normal amount of time ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63848&t=63848 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Stateful Failover [7:63959]
Hi I am reading the Cisco PIX Firewalls book by Richard A. Deal. and it states that to use the Stateful Failover feature I require a special license from cisco for the PIX. I can´t find any information about this license on the cisco website, can anyone give me some more information about this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63959&t=63959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCDP question [7:63963]
I have a CCNA and CCNP yesterday I took the CID 640-025, will this do for the old requierments for CCDP, or will I also have to take the CCDA ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63963&t=63963 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Stateful Failover [7:63959]
Yes I know about the UR, and failover license, but the book gives the impresion "at least to me" that you require a seprate license from that. but having looked for it on cisco, I dont think that is the case, so I think I would just need one UR and one Failover license and with that can do both normal failover or stateful failover Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63970&t=63959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: New Voice CCIE [7:64620]
I would say it sound very intresting, sepcialy for those that have call manager / voice experince. I wonder how much routing it has, for example, I doubt you have to configure BGP on this one, or what do you think ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64624&t=64620 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT + VPN Tunnel [7:64731]
In the following secnaryo should there be any problems for the hosts on the inside of router1 to connect to the hosts on the otherside of the VPN tunnel inside networkrouter1router2internet inside of router1 are RFC1918 addresses are used router1 is doing NAT in between the router is a kind of DNZ, and public ip addresses are used router2 makes a IPsec tunnel to an vpn concentrator for some of the traffic to pass through will I have problems with this setup, It has not worked yet, and any comments would be welcome. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64731&t=64731 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ATM for Practice Lab [7:65087]
Hi All Can someone give me some clues as to what is the best way to go for ATM in an home CCIE practice LAB, I know about the LS100 and that can be found for a fair price, but what about the routers and modules ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65087&t=65087 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Good book for CCIE Written Prep [7:65104]
Can anyone recomend a good book for CCIE Written preperation ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65104&t=65104 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CID exam - 640-025 [7:65139]
I passed it three weeks ago, no to hard I uesd the Top Down Network Design book, it´s a great book, but I actuly just got through half of it before the exam. it´s not that hard, and I took the CCDA, the old version after the CID and i would say the cid is a little harder, and not as boring i.e. does not contain case study´s like the ccda. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65143&t=65139 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
9E0-541 Exam trobules [7:65162]
Damm routing and switching Spec. exam 9E0-541, I have taken It two times in two weeks, and failed both times the first time I got 819 need 825, today I got 777, I am s pissed, at myself for the mostpart but this exam is rather hard, atleast the version I got to day, the one I got last week was ok, but I just did not know anything about the SOHO products, so that failed me, but today totaly diffrent, anyone here that has passed this exam ? I have CCNA/DA CCNP/DP and passed all of them in the first try. are the specilazition exams this much harder ??? well, just letting of some steem, I guess I wait for two weeks now and the try It again... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65162&t=65162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 9E0-541 Exam trobules [7:65162]
I totaly agree with you about the point of pepole just learning what is enough to pass the tests, and take them again and again just to pass them, As I come from a microsoft background and am a former Microsoft MCT traineer I know this all to well, as it is a even bigger problem on that side. I work in a cisco enviroment all day, but as I am from a small contry with a small market, there are some products that I don´t see a lot off, so I can be hard to get real word exerpince with the whole range of cisco products. This routing and switching exam is in my opinion totaly difrent from the other cisco exams I have taken, as the questions are very short and to the point about some detail, and I would say 50% configuring and functonality of IOS features and 50% product knowlidge, and I.M.H.O some of the product question can be preati obscure. I was looking for comments frome somone that has taken this exam, as to what they used to prepair, you can be asured that I am going to be well prepaired the next time I take the exam, and I will probably better get to know some of the products I dont work with on an regular basis. Well good luck to me one the next atempt, that is going to be the last one, as I am not faling againg ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65216&t=65162 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco IOS Telephony Service [7:65363]
has any one had experince with this http://www.cisco.com/univercd/cc/td/doc/product/voice/c_ipphon/keyswtch/ft_its21.htm Sound like a good idea for small company´s Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65363&t=65363 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
help with Debug output [7:65419]
g=218.1.140.1, len 1514, forward I am a little confused as to what the above line is telling me, can anyone please explain ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65419&t=65419 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Catalyst 2948G L3 [7:65733]
Can I do SPAN monitoring on this switch, for example to do monitoring with a sniffer ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65733&t=65733 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Large number of VLANS [7:65815]
Hi One question If I have the need to use many VLANS, let´s say around 400, can could I use a 3550 switch that supports 1005 vlans as the core, and then 2950 switches in the wiring closets, but they dont support more than 250 vlans, i.e. can I use the 3550 with all the vlans, and the just trunk for example vlans 100-50 to switch 1, 151-200 to switch 2, and so one, and would be possible to implement that with VTP ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65815&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Large number of VLANS [7:65815]
I was testing this in my lab, and could not get VTP to work with this setup, as soon as I went over 254 vlans the Cat2950 gave me this message 00:17:11: %SW_VLAN-6-VTP_MODE_CHANGE: VLAN manager changing device mode from CLIENT to TRANSPARENT. 00:17:11: VTP LOG RUNTIME: VTP mode changed to Transparent so it looks like I cant use VTP with this one, but I gues it will work if I dont use VTP and just configure the vlans myself on the switches. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65833&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Large number of VLANS [7:65815]
I have goten it to work in a lab enviroment, i.e. with out using VTP, just using VTP transperant mode and manualy configuring the vlans on all the switchs. Even though I use the "switchport trunk allowed vlan" command to limmit vlans on the trunk links, VTP still send the whole list through, and the 2950 switch goes to transparent mode as soon as the vlans go over the 254 it can handle. I am going to be using this at a Hotel, that is using a system called the Universal subscriber gateway from a company called Nomadix, it´s similar to cisco´s BBSM In this case we are using VLAN per room, to make the billing easyer, for example. if you are using VLAN 202 you are in room 202, so the billing system can send the bill to the correct room, for internet usage. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65879&t=65815 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Question - IPX Support? [7:66338]
No the PIX does not support IPX only IP, you will need a router for that Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66341&t=66338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multicast [7:66831]
I need a little information about, multicast, if I am using multicast within a single IP network can I use the cisco 2950 switches, i.e. do I need any multicast protocolls such as IGMP and the like. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66831&t=66831 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Hosting Question [7:70255]
Hi all I have a question about hosting enviroments, For example, let say I am running a hosting buissness and I have 15 customers that I host servers for, some of the servers like DNS and such are shared for all, and some a just for one customer, all the customers have a high speed link to my network 10Mbits or more. What security setup would you recomend for this kind of enviroment Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70255&t=70255 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Online Audios/Videos of Networking Courses [7:70214]
I thnik its great that you have taken the time to make these courses avalible online, I am sure it will help a lot of pepole, my self included, one sugestion, It would be better to download them if you had them on an FTP Site. Keep up the good work. best regards, Arni Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70256&t=70214 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX & Router [7:70001]
I have a router connected to a vlan trunk one for internet access, and one for a remote branch,but then I have a pix that all my users connect throuhg, and does the NAT, but then of course the users in the remote branch that connect directly to the border router, cant access the internet as that router just routes them to the internet, but I would like for it to go through the pix, first inn, than nat, out, is this possible, i.e. as the PIX can not generaly send traffic out the same interface as it recives it. best regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70001&t=70001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Tunnel interface Problem [7:70590]
Hi all I am trying to bring up a tunnel interface, I get up and up, but the folowing statement is shown when i do a show int tunnel Tunnel protocol/transport uninitialized and I can not get any traffic to flow through the tunnel, any thoughts ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70590&t=70590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tunnel interface Problem [7:70590]
I will post the config, as soon as I am able, but I have a route on both sides, and can ping, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70621&t=70590 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
mac address filtering [7:72684]
Hi I have some catalyst 2950 and 3550 switches, that I need to control the mac addresses of the machines that are alowed to connect to the switches, i.e. something similar to port security, but i dont want to configure it per port, but rather for a whole switch or vlan, what would be the best way to accomplish this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72684&t=72684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX xlate question [7:74012]
why would I see the folowing when I do sh xlate on the pix, i.e. one global address is beeing translated to the next in line global address ? and sugestions would be welcome Global 213.213.128.143 Local 213.213.128.142 Global 213.213.128.142 Local 213.213.128.141 Global 213.213.128.137 Local 213.213.128.136 Global 213.213.128.136 Local 213.213.128.135 Global 213.213.128.139 Local 213.213.128.138 Global 213.213.128.138 Local 213.213.128.137 Global 213.213.128.133 Local 217.3.103.62 Global 213.213.128.132 Local 213.213.128.131 Global 213.213.128.135 Local 213.213.128.134 Global 213.213.128.134 Local 213.213.128.133 Global 213.213.128.129 Local 213.213.128.128 Global 213.213.128.128 Local 213.213.128.127 Global 213.213.128.131 Local 213.213.128.130 Global 213.213.128.130 Local 213.213.128.129 Global 213.213.128.189 Local 213.213.128.188 Global 213.213.128.188 Local 213.213.128.187 Global 213.213.128.191 Local 200.65.74.239 Global 213.213.128.190 Local 213.213.128.189 Global 213.213.128.185 Local 213.213.128.184 Global 213.213.128.184 Local 213.213.128.183 Global 213.213.128.187 Local 213.213.128.186 Global 213.213.128.186 Local 213.213.128.185 Global 213.213.128.181 Local 213.213.128.180 Global 213.213.128.180 Local 213.213.128.179 Global 213.213.128.183 Local 213.213.128.182 Global 213.213.128.182 Local 213.213.128.181 Global 213.213.128.177 Local 213.213.128.176 Global 213.213.128.176 Local 213.213.128.175 Global 213.213.128.179 Local 213.213.128.178 Global 213.213.128.178 Local 213.213.128.177 Global 213.213.128.173 Local 213.213.138.210 Global 213.213.128.172 Local 10.200.20.124 Global 213.213.128.175 Local 213.213.128.174 Global 213.213.128.174 Local 213.213.128.173 Global 213.213.128.169 Local 213.213.128.168 Global 213.213.128.168 Local 213.213.128.167 Global 213.213.128.171 Local 213.213.128.170 Global 213.213.128.170 Local 213.213.128.169 Global 213.213.128.165 Local 213.213.128.164 Global 213.213.128.164 Local 213.213.128.163 Global 213.213.128.167 Local 213.213.128.166 Global 213.213.128.166 Local 213.213.128.165 Global 213.213.128.161 Local 213.213.128.160 Global 213.213.128.160 Local 213.213.128.159 Global 213.213.128.163 Local 213.213.128.162 Global 213.213.128.162 Local 213.213.128.161 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74012&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: PIX xlate question [7:74012]
Here are the Global and NAT statements global (outside) 1 213.213.128.100-213.213.128.200 global (outside) 2 213.213.128.50 global (dmz) 1 192.168.17.150 nat (inside) 0 access-list 100 nat (inside) 2 157.157.144.49 255.255.255.255 0 0 nat (inside) 2 10.100.0.0 255.255.0.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74107&t=74012 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Proority Queuing [7:74254]
Hi I am trying to configure prioryti queuing on a cisco 828 router, I can create the priority-list just fine, but can´t apply it to any interface, in interface config mode, the priority group command is missing, any ideas on why that is ? and how I can work around this problem to give certan traffic higher priority based on an access-list ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74254&t=74254 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
VACL, ACL or ???? [7:74559]
I have a question regarding L3 switches and security If I have for example an catalyst 3550 swithc with 30 vlans, and don´t want traffif flowing from vlan to vlan, I just want to allow traffic from the vlans to go to a special server vlan, and then the internet, but there are also some groups of vlans that are allowd to send traffic to each other. what is the best way to do this ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74559&t=74559 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
