Re: Anyone tried Huawei Routers ? [7:49670]
See what happens when American companies send their manufacturing to China? All those products sure look like their Cisco counterparts. Why pay Cisco's price when you can buy the Chinese knock off and save a ton of money? What was it Lenin said? When it comes time to hang the Capitalists, they will cut eachother's throats to sell us the rope? BTW, I find no mention of EIGRP on the website. http://datacomm.huawei.com/english/ Tom cebuano wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Yeah, this company even has its own stack of certs starting with HCNE, HCSE, and last but not least, HCIE!!! Yikes, some more paper Certs to hang on the wall :- But on the serious note, if I can get this 3640 for $500 and load a Cisco IOS, who cares?? Heck, buy the 3680. Elmer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ron Tan Sent: Thursday, July 25, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: OT: Anyone tried Huawei Routers ? [7:49670] Hi group, A piece of Huawei 3640 router just came in the office for evaluation. The whole box seems like a complete duplicate of Cisco's routers, even the CLI looks and feels like home. Heard that the Huawei box has the ability to run EIGRP and HSRP together with Cisco. Anyone tried running the 2 boxes parallel together ? Comments welcome. Regards, Ron Tan [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=49696t=49670 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Rogue Wireless LANs [7:47287]
I realize you are speaking in jest, but for those who might consider this approach as a means of drumming up business, you may want to give some thought. Connecting to a network to which you have no reason nor any right to connect can be considered hacking, and you could be subject to prosecution, ironically by an organization that is asking for trouble anyway.Just because I don't have locks on my doors does not mean it's ok for you to walk into my home any time you please. Please be careful how you approach a company when you have discovered by accident a particularly egregious vulnerability. Tom Dan Penn wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... You have given me an idea. All I need is a laptop now =) I would go war driving in the area to specifically find businesses running unsecured wireless. I bet I would find some businesses that didn't even know they were running wireless such as this thread started out. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Manuel Sent: Tuesday, June 25, 2002 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Rogue Wireless LANs [7:47287] Neil and others, Recently I installed in my home a linksys wireless router/switch/ap, it works great, yes I have wep enabled. After installing the equipment, I became really interested in wireless networking, reading some books, looking for a certification track, scouring websites, etc... I downloaded netstumbler and acquired all the necessary equipment to do some serious wardriving. I've logged over 300 AP's, mapped them using Stumverter and MS Mappoint 2002, it gets down to what side of the street the AP was on, just to add a little spice to the situation, I've got netstumbler to play a .wav file when it finds an AP. Amazingly, 75% of the AP's I've found don't have web enabled. A rather large number of the AP's use the company name as the SSID or use the vendor default SSID, ie. tsunami for Cisco. I'm convinced this whole area of wireless networking is wide open to be farmed for business. I've been trying formulate a business plan to approach businesses to help them install a wireless infrastructure properly and setup security measures for those companies already in the wireless business without implementing security. What my research has shown me so far is that without upper managements support for strict policies with regards to the installation of AP's the company is playing a game of russian roulette because the current Wireless Implementation is FULL of security holes. Depending on how much security you want to implement here's what I would recommend. Enable WEP - however airsnort a linux utility can crack wep in a relatively short time Disable the SSID Broadcast - most AP's have this option, this will prevent netstumbler from picking up the presence of the AP which makes it a little more difficult to associate with the AP. Kismet is a linux utility that will still detect the presence of the AP by passively sniffing for the wireless packets. MAC Filtering - enable it but most AP and Wireless cards allow you to spoof the MAC address, meaning a wireless sniffer like ethereal can sniff out a few MAC addresses and a hacker can use one to gain access. Place the AP outside of the firewall Create VPN access for those wireless clients needing access to internal servers. I'm sure others have done work in this area and can add to the discussion. BTW, interesting enough the first 3 companies I approached about the unsecure AP's, 1 denies having wireless networking installed, 2 ignored me. HTH, Stephen Manuel - Original Message - From: Neil Borne To: Sent: Tuesday, June 25, 2002 8:52 AM Subject: Re: Rogue Wireless LANs [7:47287] The problem that I am coming accross is that some of my customers take the wireless gear outta the box and plug it in and when they figure that work with factory defaults they leave it alonethen all of a sudden someone pulls up in the front yard and starts snooping around. One thing you can do is WEP and depending on the vendor try some filtering by mac, ssid, or protocol... You will have do some serious lockdown measures when its a internal user as opposed to outside users... But like the last email stated if things get bad use netstumbler but be careful from the last I heard it works with only some wireless cards... From: Patrick Donlon Reply-To: Patrick Donlon To: [EMAIL PROTECTED] Subject: Rogue Wireless LANs [7:47287] Date: Mon, 24 Jun 2002 11:48:48 -0400 I've just found a wireless LAN set up by someone in the building, I found it by chance when I was checking something with a colleague from another dept. The WLAN has zero security which is not a surprise and lets the user into the main LAN in the site with a DHCP address served up too! Does anyone
Re: Re: HSRP [7:47177]
Perhaps this will help explain http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c /ipcprt1/1cdip.htm#xtocid23 Yes, HSRP creates a single virtual IP and MAC pair. Yes, when one router fails, the standby router assumes control of this virtual IP and MAC pair. From an end station standpoint, nothing has changed. The end station knows the virtual IP, as configured in it's own settings, or as received as part of its DHCP configuration. In either case, no end station knows all of the IP's of all of the members of the HSRP group. Unless things have changed recently, there is no way to configure multiple default gateways on a Windows machine, at least. This is the reason HSRP, and now VRRP, were developed. If the end station does not already know the MAC of the default gateway, it sends an ARP request, as is standard operating procedure for any host seeking the MAC of an IP. The active router replies with the virtual MAC. You may also want to refer to the VRRP RFC. VRRP is the open standard intended to replace the several proprietary methods that now exist. The first couple of pages provide a good explanation and a good background of the problem to be solved. ftp://ftp.isi.edu/in-notes/rfc2338.txt Tom LongTrip wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So you are saying the client never sees the MAC address of RouterA? It only sees the MAC address of the Virtual Router? Kim From: Michael L. Williams Date: 2002/06/23 Sun AM 11:29:24 EDT To: [EMAIL PROTECTED] Subject: Re: HSRP [7:47177] This isn't quite right. See comments below. Kim Graham wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This brings up a question. I understand that after the initial hi I will be handling your requests please use me as your destination mac address. (Router talking to client). But what happens when the initial router fails and HSRP kicks in? After an unreachable, would ClientA send out an arp or would RouterB initiate the arping to re-establish connections to any client that was using RouterA after it noticed that RouterA was not responding? Scenario: ClientA - RouterA/B(HSRP) -- ClientB ClientA sends a packet to ClientB ClientA talks to the Virtual RouterA/B -- RouterA/B sends to ClientB RouterA/B tells ClientA -- RouterA will be handling your requests. Router A never tells Client A that Router A will be handling your requests. As you mentioned, Client A talks to the Virtual Router via the Virtual IP address which it ARPs to find the Virtual MAC. Client A never knows which of the HSRP routers is intercepting and processing it's requests When Client A sends a frame to the Virtual MAC to go out of it's gateway, both Router A and Router B hear the packet, but only the HSRP Active router will process it. So if, the janitor steps in and unplugs Router A, then after Router B misses enough Hello packets from Router A, it declares itself the Active HSRP router for that HSRP group, and at that point it starts to process the information sent to the Virtual IP/Virtual MAC. This is all transparent to the end clients, Client A in this example. So as far as Client A knows, it's still sending traffic to the Virtual IP via the Virtual MAC address it has in its ARP cache. HTH, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47238t=47177 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]