hacking challenge [7:66720]

[Wilmes, Rusty]

this is a general question for the security specialists.

Im trying to convince a client that they need a firewall

so hypothetically, 

if you had telnet via the internet open to a router (with an access list
that allowed smtp and telnet) (assuming you didn't know the telnet password
or the enable password)that had a bunch of nt servers on another interface,
how long would it take a determined hacker a) cause some kind of network
downtime and b) to map a network drive to a share on a file server over the
internet. 

Thanks,
Rusty

> -Original Message-
> From: Larry Letterman [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 02, 2003 1:44 PM
> To: [EMAIL PROTECTED]
> Subject: RE: VLAN loop problem [7:66656]
> 
> 
> Yes,
> it prevents loops in spanning tree on layer 2 switches from 
> causing a loop
> by disabling the port on a cisco switch...
> 
> 
> Larry Letterman
> Network Engineer
> Cisco Systems
> 
> 
> 
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] Behalf Of
> > Thomas N.
> > Sent: Wednesday, April 02, 2003 12:18 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: VLAN loop problem [7:66656]
> >
> >
> > What does "portfast bpdu-guard" do?  Does it prevent interfaces with
> > portfast enabled from causing the loop in my scenario?
> >
> >
> > ""Larry Letterman""  wrote in message
> > news:[EMAIL PROTECTED]
> >
> > > port mac address security might work, altho its a lot of admin
> > > overhead..are you running portfast bpdu-guard on the access ports?
> > >
> > >
> > > Larry Letterman
> > > Network Engineer
> > > Cisco Systems
> > >
> > >
> > >   - Original Message -
> > >   From: Thomas N.
> > >   To: [EMAIL PROTECTED]
> > >   Sent: Tuesday, April 01, 2003 8:14 PM
> > >   Subject: VLAN loop problem [7:66656]
> > >
> > >
> > >   Hi All,
> > >
> > >   I got a problem in the production campus LAN here between
> > VLANs.  Please
> > >   help me out!  Below is the scenario:
> > >
> > >   We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) subnets.
> > Routing is
> > >   enable/allowed between the two subnets using MSFC of 
> the 6500.  Each
> > subnet
> > >   has a DHCP server to assign IP address to devices on its subnet.
> > >   Spanning-tree is enable; however, portfast is turned on on all
> > >   non-trunking/uplink ports.  Recently, devices on VLAN 10 got
> > assigned an
> > IP
> > >   address of 10.20.x.x , which is from the DHCP on the 
> other scope and
> > also
> > >   from 10.10.x.x scope, and vice versa.  It seems that we a
> > loop somewhere
> > >   between the 2 subnets but we don't know where.  I 
> noticed lots of end
> > users
> > >   have a little unmanged hub/switch hang off the network 
> jacks in their
> > >   cubicals and potentially cause loop.
> > >
> > >   Is there any way that we can block the loop on the 
> Cisco switches
> > without
> > >   visiting cubicals taking those little umanaged 
> hubs/switches?  Thanks!
> > >
> > >   Thomas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66720&t=66720
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: hacking challenge [7:66720]

[Wilmes, Rusty]

there's an access list on the ethernet interface thats directly connected to
a dsl modem.

they're allowing telnet and smpt to basically, any any plus various other
protocols from/to specific addresses.  There're only two outside addresses
that are natted but its really hideous and the access list is the only thing
resembling a layer of security between the internet and their server farm.  

I was just hoping to hear some really good verbage about how vulnerable they
are.  I've told them for 3 months to get a pix but it just aint sinking in.
Now they've got a worm loose on their mail server thats bringing down their
main host system and their internet line (but thats another story).



> -Original Message-
> From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 03, 2003 8:46 AM
> To: [EMAIL PROTECTED]
> Subject: RE: hacking challenge [7:66720]
> 
> 
> Wilmes, Rusty wrote:
> > 
> > this is a general question for the security specialists.
> > 
> > Im trying to convince a client that they need a firewall
> > 
> > so hypothetically, 
> > 
> > if you had telnet via the internet open to a router (with an
> > access list
> > that allowed smtp and telnet) (assuming you didn't know the
> > telnet password
> > or the enable password)that had a bunch of nt servers on
> > another interface,
> 
> Do you actually mean that you are allowing Telnet and SMTP to 
> go through the
> router? You said "to" above which is confusing. Allowing Telnet to the
> router unrestricted would be a horrible security hole, even 
> for people who
> don't know the password because passwords are often guessable.
> 
> But I don't think that's what you meant...
> 
> Allowing Telnet and SMTP through the router is more common, 
> especially SMTP.
> You have to allow SMTP if you have an e-mail server that gets 
> mail from the
> outside world. Avoid Telnet, though, if you can. It sends all 
> text as clear
> text, including passwords.
> 
> The question is really how vulnerable is the operating system 
> that the SMTP
> server is running on? It's probably horribly vulnerable if your client
> hasn't kept up with the latest patches, and it sounds like 
> your client is
> the type that hasn't? In fact, the server is probably busy 
> attacking the
> rest of us right now! ;-0
> 
> So, as far as convicing your customer
> 
> The best way may be to put a free firewall, like Zone Alarm, 
> on the decision
> maker's computer and show her/him all the attacks happening 
> all the time. Or
> if she already has a firewall, walk her through the log.
> 
> Good luck. I have a good book to recommend on this topic:
> 
> Greenberg, Eric. "Mission-Critical Security Planner." New 
> York, New York,
> Wiley Publishing, Inc., 2003.
> 
> Here's an Amazon link:
> 
> http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw
> inc/104-9901005-4572707
> 
> Priscilla
> 
> > how long would it take a determined hacker a) cause some kind
> > of network
> > downtime and b) to map a network drive to a share on a file
> > server over the
> > internet. 
> > 
> > Thanks,
> > Rusty
> > 
> > > -Original Message-
> > > From: Larry Letterman [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, April 02, 2003 1:44 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: VLAN loop problem [7:66656]
> > > 
> > > 
> > > Yes,
> > > it prevents loops in spanning tree on layer 2 switches from 
> > > causing a loop
> > > by disabling the port on a cisco switch...
> > > 
> > > 
> > > Larry Letterman
> > > Network Engineer
> > > Cisco Systems
> > > 
> > > 
> > > 
> > > 
> > > 
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED] Behalf Of
> > > > Thomas N.
> > > > Sent: Wednesday, April 02, 2003 12:18 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: VLAN loop problem [7:66656]
> > > >
> > > >
> > > > What does "portfast bpdu-guard" do?  Does it prevent
> > interfaces with
> > > > portfast enabled from causing the loop in my scenario?
> > > >
> > > >
> > > > ""Larry Letterman""  wrote in message
> > > > news:[EMAIL PROTECTED]
> > > >
> > > > > port mac address security might work, altho its a lo

RE: hacking challenge [7:66720]

[Wilmes, Rusty]

Many thanks to all who replied.  I've got some good verbage now.  In
particular the multi-layer defense.  

> -Original Message-
> From: Evans, TJ (BearingPoint) [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 03, 2003 12:36 PM
> To: [EMAIL PROTECTED]
> Subject: RE: hacking challenge [7:66720]
> 
> 
> So ... doesn't that give them enough supporting evidence all 
> by itself?
>   If not, maybe it is a lost cause?
> 
> As an aside - a pix, if it was permitting the offending port 
> through as
> well, may not have stopped the worm either.  Think "Defense 
> in Depth".  A
> firewall, while a necessity for -everyone- (IMHO) is not a 
> cure-all; it is a
> piece of a very large, very complex puzzle (even for a small 
> network!).
> 
> ..
> Have someone in a Decision-making position there read 
> "Hacking __(pick an os
> - Windows2k, Linux, etc.)", or attend a SANS course (or 
> just visit their
> reading room - TONS of articles).  Read Eric Cole's or Ed 
> Skoudis's books.
> .. or, teach him/her to use google ... 
> 
> 
> Thanks!
> TJ
> -Original Message-
> From: Wilmes, Rusty [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, April 03, 2003 2:05 PM
> To: [EMAIL PROTECTED]
> Subject: RE: hacking challenge [7:66720]
> 
> there's an access list on the ethernet interface thats 
> directly connected to
> a dsl modem.
> 
> they're allowing telnet and smpt to basically, any any plus 
> various other
> protocols from/to specific addresses.  There're only two 
> outside addresses
> that are natted but its really hideous and the access list is 
> the only thing
> resembling a layer of security between the internet and their 
> server farm.  
> 
> I was just hoping to hear some really good verbage about how 
> vulnerable they
> are.  I've told them for 3 months to get a pix but it just 
> aint sinking in.
> Now they've got a worm loose on their mail server thats 
> bringing down their
> main host system and their internet line (but thats another story).
> 
> 
> 
> > -Original Message-
> > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, April 03, 2003 8:46 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: hacking challenge [7:66720]
> > 
> > 
> > Wilmes, Rusty wrote:
> > > 
> > > this is a general question for the security specialists.
> > > 
> > > Im trying to convince a client that they need a firewall
> > > 
> > > so hypothetically, 
> > > 
> > > if you had telnet via the internet open to a router (with an
> > > access list
> > > that allowed smtp and telnet) (assuming you didn't know the
> > > telnet password
> > > or the enable password)that had a bunch of nt servers on
> > > another interface,
> > 
> > Do you actually mean that you are allowing Telnet and SMTP to 
> > go through the
> > router? You said "to" above which is confusing. Allowing 
> Telnet to the
> > router unrestricted would be a horrible security hole, even 
> > for people who
> > don't know the password because passwords are often guessable.
> > 
> > But I don't think that's what you meant...
> > 
> > Allowing Telnet and SMTP through the router is more common, 
> > especially SMTP.
> > You have to allow SMTP if you have an e-mail server that gets 
> > mail from the
> > outside world. Avoid Telnet, though, if you can. It sends all 
> > text as clear
> > text, including passwords.
> > 
> > The question is really how vulnerable is the operating system 
> > that the SMTP
> > server is running on? It's probably horribly vulnerable if 
> your client
> > hasn't kept up with the latest patches, and it sounds like 
> > your client is
> > the type that hasn't? In fact, the server is probably busy 
> > attacking the
> > rest of us right now! ;-0
> > 
> > So, as far as convicing your customer
> > 
> > The best way may be to put a free firewall, like Zone Alarm, 
> > on the decision
> > maker's computer and show her/him all the attacks happening 
> > all the time. Or
> > if she already has a firewall, walk her through the log.
> > 
> > Good luck. I have a good book to recommend on this topic:
> > 
> > Greenberg, Eric. "Mission-Critical Security Planner." New 
> > York, New York,
> > Wiley Publishing, Inc., 2003.
> > 
> > Here's an Amazon link:
> > 
> > http://www.amazon.co

RE: Books for Introduction to networking [7:66849]

[Wilmes, Rusty]

try these articles  

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/index.htm

http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/index.htm

they should be able to get you going...

> -Original Message-
> From: Hubert Pun [mailto:[EMAIL PROTECTED]
> Sent: Friday, April 04, 2003 7:21 AM
> To: [EMAIL PROTECTED]
> Subject: Books for Introduction to networking [7:66849]
> 
> 
> Hi,
> 
> Is there any good book for non-technical manager about intro 
> to networking 
> (or network 101)?
> 
> I have tried to search around and come across two books.
> 
> Cisco Networking Academy Program IT Essentials II: Network 
> Operating Systems 
> Companion Guide
> 
> http://www.ciscopress.com/isapi/st~{83B5FF0E-06C7-4A59-B7F4-61
B7A6B1566C}/session_id~{8F92035A-5279-4756-AE28-2676C8AB5BF8}/product_id~{66
B1B7AF-7587-4FD1-8D82-FDB7976BD71F}/catalog/product.asp

Internet Architecture: An Introduction to IP Protocols

http://www.amazon.com/exec/obidos/tg/detail/-/0130199060/qid=1049468836/sr=1
-9/ref=sr_1_9/002-1652755-1832040?v=glance&s=books

The "Internetwork Technology Handbook" that is too cisco oriented and also 
one step too far.

What I am looking for is some books that talks about OSI 7 layers, what 
router is for, what switches is for and so on

Thanks in advance for any suggestion.


_
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66863&t=66849
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TCP/UDP port scanning Program [7:66881]

[Wilmes, Rusty]

> -Original Message-
> From: johnman johnman [mailto:[EMAIL PROTECTED]
> Sent: Friday, April 04, 2003 12:42 PM
> To: [EMAIL PROTECTED]
> Subject: TCP/UDP port scanning Program [7:66881]
> 
> 
> I have been looking for any utilities that does TCP/UDP port scanning.
> If you know of any utility that can do the port scanning 
> please let me know.
> 
> 
> 
> 
> 
> 
> 
> _
> MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
> http://join.msn.com/?page=features/virus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66886&t=66881
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TCP/UDP port scanning Program [7:66881]

[Wilmes, Rusty]

the copy of this in my sent items has the link I sent but its not in what
was recieved in the group.  does majordomo scrub links?

   http://www.webattack.com/get/superscan.shtml   

> -Original Message-
> From: Wilmes, Rusty 
> Sent: Friday, April 04, 2003 2:22 PM
> To: [EMAIL PROTECTED]
> Subject: RE: TCP/UDP port scanning Program [7:66881]
> 
> 
> > -Original Message-
> > From: johnman johnman [mailto:[EMAIL PROTECTED]
> > Sent: Friday, April 04, 2003 12:42 PM
> > To: [EMAIL PROTECTED]
> > Subject: TCP/UDP port scanning Program [7:66881]
> > 
> > 
> > I have been looking for any utilities that does TCP/UDP 
> port scanning.
> > If you know of any utility that can do the port scanning 
> > please let me know.
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > _
> > MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
> > http://join.msn.com/?page=features/virus




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66894&t=66881
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Windows VPN through Cisco 2611 HELP!!! [7:69788]

[Wilmes, Rusty]

try 


access-list 124 permit gre any host 192.168.1.180


GRE is it's own protocol.


-Original Message-
From: Steve Collins [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 9:47 AM
To: [EMAIL PROTECTED]
Subject: Windows VPN through Cisco 2611 HELP!!! [7:69788]


I am having trouble tring to connect to our corp lan.  I have a windows 2000
vpn server and have verified that it works internally.  The problem I face
is setup on the cisco 2611.  How do allow gre port 47 to pass through the
router.  I believe this is the issue.  The Cisco IOS Release is 12.1(5)T9. 
When I try to connect from the outside world I get an error message of:
Error 721: The remote computer is not responding.  This is after it checks
the password.  Any help would be much appreciated.  Thanks

Here is my current configuration.

Current configuration : 6236 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sea-r0
!
logging rate-limit console 10 except errors
enable secret XXX
!
memory-size iomem 15
ip subnet-zero
!
!
no ip finger
ip domain-name Company.com
!
ip inspect name x5fw ftp timeout 3600
ip inspect name x5fw http timeout 3600
ip inspect name x5fw realaudio timeout 3600
ip inspect name x5fw smtp timeout 3600
ip inspect name x5fw udp timeout 3600
ip inspect name x5fw tcp timeout 3600
ip audit notify log
ip audit po max-events 100
!
!
!
interface Ethernet0/0
 ip address 216.100.100.130 255.255.255.0
 ip access-group 124 in
 ip nat outside
 full-duplex
!
interface Serial0/0
 ip address 192.168.10.1 255.255.255.252
 ip nat inside
 ip inspect x5fw in
!
interface Ethernet0/1
 description Company LAN
 ip address 192.168.1.254 255.255.255.0
 ip access-group 135 in
 ip nat inside
 ip inspect x5fw in
 full-duplex
!
interface Serial0/1
 no ip address
 shutdown
!
ip nat pool overld 216.100.100.130 216.100.100.130 prefix-length 24
ip nat inside source list 5 pool overld overload
ip nat inside source static udp 192.168.4.127 5632 interface Ethernet0/0
5640
ip nat inside source static tcp 192.168.1.180 1723 interface Ethernet0/0
1723
ip nat inside source static tcp 192.168.1.180 47 interface Ethernet0/0 47
ip nat inside source static tcp 192.168.4.127 5631 interface Ethernet0/0
5639
ip nat inside source static udp 192.168.4.126 5632 interface Ethernet0/0
5638
ip nat inside source static tcp 192.168.4.126 5631 interface Ethernet0/0
5637
ip nat inside source static udp 192.168.4.125 5632 interface Ethernet0/0
5636
ip nat inside source static tcp 192.168.4.125 5631 interface Ethernet0/0
5635
ip nat inside source static tcp 192.168.1.36 3389 interface Ethernet0/0 3389
ip nat inside source static tcp 192.168.1.171 25 interface Ethernet0/0 25
ip nat inside source static tcp 192.168.1.171 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.171 443 interface Ethernet0/0 443
ip nat inside source static tcp 192.168.1.150 5631 interface Ethernet0/0
5631
ip nat inside source static udp 192.168.1.150 5632 interface Ethernet0/0
5632
ip nat inside source static tcp 192.168.1.125 5631 interface Ethernet0/0
5633
ip nat inside source static udp 192.168.1.125 5632 interface Ethernet0/0
5634
ip nat inside source static 192.168.1.36 216.100.100.133
ip nat inside source static 192.168.1.200 216.100.100.131
ip nat inside source static 192.168.1.202 216.100.100.132
ip classless
ip route 0.0.0.0 0.0.0.0 216.100.100.129
ip route 192.168.4.0 255.255.255.0 Serial0/0
no ip http server
!
access-list 5 permit 192.168.1.0 0.0.0.255
access-list 5 permit 192.168.4.0 0.0.0.255
access-list 5 permit 192.168.10.0 0.0.0.255
access-list 124 permit tcp any host 216.100.100.130 eq telnet
access-list 124 permit tcp any host 216.100.100.130 eq 24
access-list 124 permit tcp any host 216.100.100.130 eq 1723
access-list 124 permit tcp any host 216.100.100.130 eq www
access-list 124 permit tcp any host 216.100.100.130 eq 443
access-list 124 permit tcp any host 216.100.100.130 eq 5000
access-list 124 permit tcp any host 216.100.100.130 eq smtp
access-list 124 permit tcp any host 216.100.100.130 eq 5631
access-list 124 permit udp any host 216.100.100.130 eq 5632
access-list 124 permit tcp any host 216.100.100.130 eq 5633
access-list 124 permit udp any host 216.100.100.130 eq 5634
access-list 124 permit tcp any host 216.100.100.130 eq 5635
access-list 124 permit udp any host 216.100.100.130 eq 5636
access-list 124 permit tcp any host 216.100.100.130 eq 5637
access-list 124 permit udp any host 216.100.100.130 eq 5638
access-list 124 permit tcp any host 216.100.100.130 eq 5639
access-list 124 permit udp any host 216.100.100.130 eq 5640
access-list 124 permit tcp any host 216.100.100.130 eq 3389
access-list 124 permit icmp any host 216.100.100.130
access-list 124 permit tcp any host 216.100.100.131 eq ftp
access-list 124 permit tcp any host 216.100.100.131 eq telnet
access-list 124 permit tcp any host 216.100.100.131 eq www
access-list 124 

RE: Windows VPN through Cisco 2611 HELP!!! [7:69788]

[Wilmes, Rusty]

Steve,

we have a public address that gets natted to the private address of our pptp
server.  external users open a vpn session to the external address then the
pix nats it to the internal address. an inbound access list on the outside
interface permits gre and tcp 1723 hosts external address then the whole kit
and caboodle get natted to the inside address.

I wouldn't have a public nic and private nic on the same machine.  either
one or the other.

Im not even remotely a guru though so the grain of salt disclaimer applies
:)

Rusty


-Original Message-
From: Steve Collins [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 2:42 PM
To: [EMAIL PROTECTED]
Subject: RE: Windows VPN through Cisco 2611 HELP!!! [7:69788]


the reason i'm setting this up is to eliminate pc anywhere and the ip
addresses on the post are bogus.  The inside nat address of the vpn server
is 192.168.1.180.  I also have another nic with a public address.  What is
the point of two nic cards?  this may be a stupid question but should the
client connect to the external nic or the internal nic?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69837&t=69788
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Router Configuration Backups?? [7:70009]

[Wilmes, Rusty]

i believe solarwinds can alert you if the config changes.  I don't think it
will schedule the config backups.

-Original Message-
From: Stevo [mailto:[EMAIL PROTECTED]
Sent: Monday, June 02, 2003 9:37 AM
To: [EMAIL PROTECTED]
Subject: Router Configuration Backups?? [7:70009]


Hey Group,

I have a number of routers that don't get their configs backed up on a
regular basis... does anyone have (or know of) any software products out
there that will do the backups for me...  or even better still, let me know
if a config is changed by someone??

Thanks

--Stevo




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70024&t=70009
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Bakup Interface with Wireless! [7:70410]

[Wilmes, Rusty]

outta curiosity, whats the routing protocol and topology?  And is your isdn
configured with floating static routes?

and which interface is showing up,up?  

I've got a building connected with two wireless links and load balanced with
EIGRP.  If one link goes down the other one takes all the traffic.  not
quite the same scenario but it doesn't try to send traffic out the down link
so in theory if the 2nd link was a bri interface then it should bring the
interface up if theres a route in place.

-Original Message-
From: Marc Russell
To: [EMAIL PROTECTED]
Sent: 6/9/2003 3:19 PM
Subject: Re: Bakup Interface with Wireless! [7:70410]

Try this. Watch the word wrap. "Dialer watch"

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configur
atio
n_guide_chapter09186a00800872ed.html

Marc Russell
www.ccbootcamp.com (Cisco training)


""Kenan Ahmed Siddiqi""  wrote in message
news:[EMAIL PROTECTED]
> Hey!
> I have a branch office connected with a Wireless Link. I want to
configure
> my ISDN link(which can also connect to the same branch office) as a
"Backup
> Interface" with the wireless link.
>
> The problem which I am facing is that when my Wireless link goes down,
it
> doesn't show "line protocol down" and the "line is up, line protocol
is
up"
> is always there even when the Wireless link is not working. Therefore
my
> backup ISDN interface never comes up.
>
> I would really appreciate any help/suggestions in this regard. Thanx
alot
in
> advance!
>
> cheers,
> -Kenan




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70451&t=70410
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

pix > netscreen vpn [7:70547]

[Wilmes, Rusty]

Hi,

I've got an existing vpn between a pix 515 and a netscreen box.  the SA is
up and idle, i can ping across it no sweat but Im getting the following in
my log buffer...

identity doesn't match negotiated identity

any thoughts?

tia,
Rusty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70547&t=70547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: pix > netscreen vpn [7:70547]

[Wilmes, Rusty]

so i found a reference to acl's not matching.  the netscreen doesn't appear
to have one (but that's not confirmed yet).  More news to follow.

-Original Message-----
From: Wilmes, Rusty 
Sent: Wednesday, June 11, 2003 4:01 PM
To: [EMAIL PROTECTED]
Subject: pix > netscreen vpn [7:70547]


Hi,

I've got an existing vpn between a pix 515 and a netscreen box.  the SA is
up and idle, i can ping across it no sweat but Im getting the following in
my log buffer...

identity doesn't match negotiated identity

any thoughts?

tia,
Rusty




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70554&t=70547
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Device Symbols [7:70207]

[Wilmes, Rusty]

Hi,

Is there Network modules or wic's anywhere in these icon sets?  I can't seem
to find them.

Thanks
Rusty

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 9:31 AM
To: [EMAIL PROTECTED]
Subject: RE: Device Symbols [7:70207]


For visio:
http://www.cisco.com/warp/customer/503/icons1.zip
http://www.cisco.com/warp/customer/503/icons2.zip
http://www.cisco.com/warp/customer/503/icons3.zip
http://www.cisco.com/warp/customer/503/icons4.zip

for Powerpoint:
http://www.cisco.com/warp/public/503/2.html

-Original Message-
From: Aaron [mailto:[EMAIL PROTECTED]
Sent: 05 June 2003 16:11
To: [EMAIL PROTECTED]
Subject: Device Symbols [7:70207]


Does anyone know a link to somewhere in CCO where there is a listing of all
the device symbols and what they are?  I am looking at some symbols that are
starting to get complex and wanted to reference something to make sure I
know what I am looking at.

Thanks!
Aaron




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70941&t=70207
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Frame Relay over IP [7:70927]

[Wilmes, Rusty]

Howdy,

Im just curious and have no input at all but if your going to encap frame
relay in IP what is the frame relay going to carry?  And what's the
equipment at either end?

Thanks,
Rusty
-Original Message-
From: Cisco Breaker [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 10:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Frame Relay over IP [7:70927]


I am tryin to use Frame relay switching over IP. Not IP over frame relay. If
we can do that we can connect two sites that are connected over IP from L2
point of view.

Frame Relay

Frame Relay over IP is not yet readily available. The draft IETF
specification was produced

in March 2001. This has not left much time for industry take-up. Frame Relay
over IP

would probably appeal only to the carrier market in any case.

Carriers may embrace this to reduce their frame relay network costs. It is
unlikely to find

widespread deployment at all, although it may see limited use towards the
end of this year.

It should hold little attraction for enterprise companies- where is the
benefit of adding

another layer of complexity when they can engineer and migrate to an IP VPN
instead?


Best regards,


""Pedro Cabarga""  wrote in message
news:[EMAIL PROTECTED]
> May I ask you what r u tryng to do?
>
>
> ""Cisco Breaker""  wrote in message
> news:[EMAIL PROTECTED]
> > Hi all,
> >
> > Anybody used Frame relay over IP without using MPLS or GRE Tunnel with
> Cisco
> > routers?
> >
> > We are searching for a solution to deploy Frame relay over IP without
> using
> > MPLS or GRE tunnel.
> >
> > Any help will be appreciated.
> >
> > Best regards,
> >
> > Cisco Breaker




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70987&t=70927
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT/Look at the requirements of this position!!!! [7:71052]

[Wilmes, Rusty]

My guess is they know how much you folks cost!

-Original Message-
From: Duy Nguyen
To: [EMAIL PROTECTED]
Sent: 6/21/2003 2:39 AM
Subject: OT/Look at the requirements of this position [7:71052]

"VPN and Cisco skills should be very strong and be accompanied by a CCNA
(CCNP's will be considered, however, CCIE's or nearly qualified CCIE's
will
not be)." What is wrong with this statement?  Is CCIE easier than CCNP?

http://www.hotjobs.com/cgi-bin/job-show?TEMPLATE=/htdocs/job-show.html&J
__PIN
DEX=JRSVJ7DF3&P__SOURCE=HJC&P__SOURCE_SPECIFIC=HJC&BOLD_KEYWORDS=cisco&B
OLD_O
PENTAG=%3Cspan+class%3D%22bold-opentag%22%3E&BOLD_CLOSETAG=%3C%2Fspan%3E




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71060&t=71052
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: For Priscilla [7:71462]

[Wilmes, Rusty]

Thats funny.  I was looking this morning.

Amazon says they'll ship it and her other book in 24 hours

http://www.amazon.com/exec/obidos/search-handle-url/index=books&field-keywor
ds=priscilla%20oppenheimer&search-type=ss&bq=1/103-2498254-6602210
-Original Message-
From: Mauricio H Fernandez [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 10:40 AM
To: [EMAIL PROTECTED]
Subject: For Priscilla [7:71462]


I have been trying to get Troubleshooting Campus Networks for the 
longest time.  I've met Joeseph B.  He is one of the smartest guys I've 
ever encountered.  Can you tell me PLEASE why your book is so hard to get?

Mauricio H Fernandez




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71470&t=71462
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Upgrading Aironet Firmware [7:71496]

[Wilmes, Rusty]

I've done it quite a bit.  I hadn't noticed a different fcc/etsi.  There's
only one the one image.  We put 12.01 i think on all our br350's.  

I while back we were having a weird problem and after a bit of
troubleshooting TAC said to upgrade the firmware.  I took that as a canned
answer and messed with it another day.  Finally upgraded the firmware and it
fixed the problem.  Lesson learned...

Let me know if you still can't get the image...

-Original Message-
From: lost in space
To: [EMAIL PROTECTED]
Sent: 6/26/2003 7:29 PM
Subject: Upgrading Aironet Firmware [7:71496]

Dear All,

Has anyone try upgrading Wireless Bridge Aironet 350 Firmware?
Would the firmware be different between FCC and ETSI?
I tried to download the firmware from CCO, however the link seems to be
down, and Cisco doesnt seem to differentiate the firmware for FCC and
ETSI.

any idea would be appreciated...


RD




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71525&t=71496
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Cisco frame-relay question [7:71500]

[Wilmes, Rusty]

It looks like it's used when LMI isn't available

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_refe
rence_chapter09186a008017cf53.html#1059567

Note   The frame-relay local-dlci command is provided mainly to allow
testing of the Frame Relay encapsulation in a setting where two servers are
connected back-to-back. This command is not required in a live Frame Relay
network.

-Original Message-
From: Paresh Khatri
To: [EMAIL PROTECTED]
Sent: 6/26/2003 8:26 PM
Subject: Cisco frame-relay question [7:71500]

Hi all,

What is the cisco "frame-relay local-dlci" command used for ? 

Thanks in advance,
Paresh.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71527&t=71500
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Sniffer Recommendation [7:71523]

[Wilmes, Rusty]

if you want a performance baseline then you don't really need a protocol
analyzer.

We use solarwinds to monitor the network nodes via snmp and it keeps a
running database of utilization across all our links.  
Perfect for trending usage and patterns.

It also has many other good tools: notification of outages, syslog, tftp,
etc.

-Original Message-
From: J B [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 6:03 AM
To: [EMAIL PROTECTED]
Subject: Sniffer Recommendation [7:71523]


Can someone recommend a couple of good choices for network sniffer software.

My company is looking to buy a sniffer to develop a LAN baseline.

Any recommendations will be appreciated.
Thanks
JB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71541&t=71523
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: VLAN Tagging on Cat 3550 [7:71703]

[Wilmes, Rusty]

I'll take a stab since I just finished reading that in the CCNP switching
manual and it'll be a good test :)

It depends on the setup eg, whether or not there's to be multiple vlans and,
if so, whether or not the two vlans are to communicate etc.

On the router you need to configure a subinterface on the physical ethernet
port for each of the vlans  and for that subint  connection to trunk then
specify the encapsulation there (either isl or dot1q) and the vlan number
that will be assigned on the switch.

Then configure the port on the switch that the router is connected to for
the same trunking protocol.  Then configure the vlan domain, and the vtp
mode (server, client or transparent) on the switch.  Then configure the
vlans.  

eg...

on the router

interface FastEthernet2/0
 no ip address
 ip helper-address x.x.x.x
 speed 100
 full-duplex
end
 
interface FastEthernet2/0.1
 encapsulation dot1q 5
 ip address 192.168.5.1 255.255.255.0
 ip helper-address x.x.x.x
 no ip redirects
end

Note the encapsulation dot1q 5.  5 is the number of the vlan as will be
configured on the switch.  In this case it's also the number of the subnet
(a tip from Mr. Letterman).  Dont use vlan number 1 or 1-1005.

Im shaky on the command syntax and I don't have an IOS switch (i just
ordered my 3550's last week) but on a CLI switch it would be

set vtp domain mydomain (sets vtp domain name to mydomain)

set vtp mode server (sets the switch in server mode - will transmit vlan
info out all trunk ports to client mode machines)

set trunk 1/1  nonegotiate dot1q 1-1005 (set the trunking protocol to dot1q
for all vlans.  Note: vlan 1 should be reserved for administration, 1001 is
reserved by Cisco and 1002-1005 are reserved for tokenring bridging)

set vlan 5 name subnet5 (define vlan number 5 with name of subnet 5)

set vlan 5 2/1  (put port 2/1 on vlan 5.


802.1q (dot1q) is recommended as it only adds 4 bytes to the frame after the
destination address in the IP header (2 bytes are the trunking protocol id,
3 bits for priority, 1 bit for CFI (whether or not the mac address is listed
in canonical format), 12 bits for the vlan id).  ISL encapsulates the frame
with a 24 byte header and a 4 byte crc.  Way more overhead...

Any input on the IOS commands would be appreciated and Im still foggy on the
trunking negotiation! Is it that one side is hard set to the protocol and
the other is set noneogtiate so that it won't try and change it?

(Any other input would be appreciated as well.  Especially if I missed
something obvious!)







-Original Message-
From: simon watson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 1:02 AM
To: [EMAIL PROTECTED]
Subject: VLAN Tagging on Cat 3550 [7:71703]


Hi Guys

A client wants a Cat 3550 configured for VLAN tagging, I have not done one
of these before so how do I configure the switch, also there is a Cisco 2600
router also connected to the switch.Do I need to configure the router to
accomodate VLAN tagging (and any router that packets of the VLAN goes
through ?)

Thanks

Simon.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71717&t=71703
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Quoting in Replies [7:71366]

[Wilmes, Rusty]

According article 4 section 10 subsect ym, of the Charter Of Interspatially
Recognized Internet Keyword Search Lookup People, use of illudium, in either
a peaceful or dastardly fasion, is punishable by Death Ray.

Ming The Merciless

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 3:51 PM
To: [EMAIL PROTECTED]
Subject: Re: Quoting in Replies [7:71366]


Cosmic ray machines are a violation of the GroupStudy TOS.  Please
discontinue the use of such devices.  Failure to comply will result in
retaliation with an Illudium Q-36 Explosive Space Modulator.

Your compliance is appreciated,
Marvin

>>> David Cooper 7/1/03 4:30:09 PM >>>
On Tuesday 01 July 2003 15:29, Jamie Johnson wrote:
> Cool! My cosmic ray machine must be working. Better put on your
tinfoil
> hats.
>
> From: Recent escapee from the ex-dot.commer insane asylum
>
> John Neiberger wrote:
> >  - jvd 7/1/03 12:32:02 PM >>>
> > >
> > >Hi my Quote button disappeared! No serious, there used to be a
> >
> > quote
> > button
> >
> > >next to my Post button but now it's gone. I refreshed the page
> >
> > as well and
> >
> > >still nothing. Maybe the cosmic rays hit my PC's memory,
> >
> > corrupted it and
> >
> > >deleted my Quote button :-)
> > >
> > >No serious, is anybody else also having this problem?
> >
> > That's rather odd.  What browser are you using?

Could that be considered a Denial of Service attack?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71756&t=71366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Quoting in Replies [7:71366]

[Wilmes, Rusty]

Your use of "Merciless" has caused me much lost income due to trademark
infringement.  Please cease and desist or I will be forced to bypass my
Death Ray and go straight to my attorney.

Thank you for your cooperation,
Ming the Merciless

-Original Message-
From: Tom Lisa
To: [EMAIL PROTECTED]
Sent: 7/2/2003 4:57 PM
Subject: Re: Quoting in Replies [7:71366]

Puny Marvin,

It is appropriate that you ended you last sentence
with "I'm afraid."  You should be afraid, very
afraid!!!   I have the new and improved, ultra
special, galaxy class disrupter.  I say pshaw to
your lowly Q-36.

This will be my last statement on this as I must
return to annihilating useless & redundant posts
on the associate list!  HAHAHAHAHA

No regards,
Worf the Merciless Moderator

John Neiberger wrote:

  Worf the Moderator dares challenge Marvin the Moderator??  My
  Illudium Q-36
  Explosive Space Modulator can easily disrupt your puny  Klingon
  Disrupter
  Ray!  Your threat forces me to take drastic action and I'm going to
  have to
  blow up your entire planet, I'm afraid.

  Kind regards,
  Marvin

  >>> Tom Lisa 7/2/03 12:56:58 AM >>>
  Stop this thread immediately or I will be forced to annihilate all of
  you with my Anti-Proton Sub-Space Internet Disrupter Ray!

  Worf

  "Wilmes, Rusty" wrote:

  According article 4 section 10 subsect ym, of the Charter Of
  Interspatially
  Recognized Internet Keyword Search Lookup People, use of illudium, in
  either
  a peaceful or dastardly fasion, is punishable by Death Ray.

  Ming The Merciless

  -Original Message-
  From: John Neiberger [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, July 01, 2003 3:51 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Quoting in Replies [7:71366]

  Cosmic ray machines are a violation of the GroupStudy TOS.  Please
  discontinue the use of such devices.  Failure to comply will result
  in
  retaliation with an Illudium Q-36 Explosive Space Modulator.

  Your compliance is appreciated,
  Marvin

  >>> David Cooper 7/1/03 4:30:09 PM >>>
  On Tuesday 01 July 2003 15:29, Jamie Johnson wrote:
  > Cool! My cosmic ray machine must be working. Better put on your
  tinfoil
  > hats.
  >
  > From: Recent escapee from the ex-dot.commer insane asylum
  >
  > John Neiberger wrote:
  > > >>>> - jvd 7/1/03 12:32:02 PM >>>
  > > >
  > > >Hi my Quote button disappeared! No serious, there used to be a
  > >
  > > quote
  > > button
  > >
  > > >next to my Post button but now it's gone. I refreshed the page
  > >
  > > as well and
  > >
  > > >still nothing. Maybe the cosmic rays hit my PC's memory,
  > >
  > > corrupted it and
  > >
  > > >deleted my Quote button :-)
  > > >
  > > >No serious, is anybody else also having this problem?
  > >
  > > That's rather odd.  What browser are you using?

  Could that be considered a Denial of Service attack?
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71812&t=71366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Quoting in Replies [7:71366]

[Wilmes, Rusty]

Your use of "Merciless" has caused me much lost income due to trademark
infringement.  Please cease and desist or I will be forced to bypass my
Death Ray and go straight to my attorney.

Thank you for your cooperation,
Ming the Merciless

-Original Message-
From: Tom Lisa
To: [EMAIL PROTECTED]
Sent: 7/2/2003 4:57 PM
Subject: Re: Quoting in Replies [7:71366]

Puny Marvin,

It is appropriate that you ended you last sentence
with "I'm afraid."  You should be afraid, very
afraid!!!   I have the new and improved, ultra
special, galaxy class disrupter.  I say pshaw to
your lowly Q-36.

This will be my last statement on this as I must
return to annihilating useless & redundant posts
on the associate list!  HAHAHAHAHA

No regards,
Worf the Merciless Moderator

John Neiberger wrote:

  Worf the Moderator dares challenge Marvin the Moderator??  My
  Illudium Q-36
  Explosive Space Modulator can easily disrupt your puny  Klingon
  Disrupter
  Ray!  Your threat forces me to take drastic action and I'm going to
  have to
  blow up your entire planet, I'm afraid.

  Kind regards,
  Marvin

  >>> Tom Lisa 7/2/03 12:56:58 AM >>>
  Stop this thread immediately or I will be forced to annihilate all of
  you with my Anti-Proton Sub-Space Internet Disrupter Ray!

  Worf

  "Wilmes, Rusty" wrote:

  According article 4 section 10 subsect ym, of the Charter Of
  Interspatially
  Recognized Internet Keyword Search Lookup People, use of illudium, in
  either
  a peaceful or dastardly fasion, is punishable by Death Ray.

  Ming The Merciless

  -Original Message-
  From: John Neiberger [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, July 01, 2003 3:51 PM
  To: [EMAIL PROTECTED]
  Subject: Re: Quoting in Replies [7:71366]

  Cosmic ray machines are a violation of the GroupStudy TOS.  Please
  discontinue the use of such devices.  Failure to comply will result
  in
  retaliation with an Illudium Q-36 Explosive Space Modulator.

  Your compliance is appreciated,
  Marvin

  >>> David Cooper 7/1/03 4:30:09 PM >>>
  On Tuesday 01 July 2003 15:29, Jamie Johnson wrote:
  > Cool! My cosmic ray machine must be working. Better put on your
  tinfoil
  > hats.
  >
  > From: Recent escapee from the ex-dot.commer insane asylum
  >
  > John Neiberger wrote:
  > > >>>> - jvd 7/1/03 12:32:02 PM >>>
  > > >
  > > >Hi my Quote button disappeared! No serious, there used to be a
  > >
  > > quote
  > > button
  > >
  > > >next to my Post button but now it's gone. I refreshed the page
  > >
  > > as well and
  > >
  > > >still nothing. Maybe the cosmic rays hit my PC's memory,
  > >
  > > corrupted it and
  > >
  > > >deleted my Quote button :-)
  > > >
  > > >No serious, is anybody else also having this problem?
  > >
  > > That's rather odd.  What browser are you using?

  Could that be considered a Denial of Service attack?
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71906&t=71366
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Network Security [7:70841]

[Wilmes, Rusty]

Safe =
http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns128/networking_solutio
ns_package.html

What is SAFE???

>FWIW, there is an example Security Polcy in the MCNS course book from Cisco
>Press --
>Mike Wenstrom's book --
>
>http://www.amazon.com/exec/obidos/tg/detail/-/1578701031/qid=1056122196/sr=
1-21/ref=sr_1_21/104-7746290-9333516?v=glance&s=books
>

also, there's a thorough list of example security policies at
http://www.sans.org/resources/policies/.

They look a lot like mine for some reason... :)




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72343&t=70841
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: do you know why? [7:72352]

[Wilmes, Rusty]

sounds like from b > a you dont have an nat xlate established. 

when you go from a > b it creates the xlate so that b > a starts working.

We had a problem after upgrading from 6.1.1 to 6.3 where one of our vpn
partners couldn't get in til we pinged a host on their side.  Error in the
syslog was a deny due to no xlate.  We were also losing NAT to arbitrary
addresses on port 80.  We rolled back to 6.1.4 (the latest GD and all is
well).  

What version are you on?

-Original Message-
From: Vajira Wijesinghe [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 3:23 PM
To: [EMAIL PROTECTED]
Subject: do you know why? [7:72352]


I have a pix firewall and i have a strange problem.
If any one of you have come across this pls let me know the solution.

I have few servers at both sides of the PIX.
eg. Server-A at Outside zone and Server-B at Inside zone.

1. When I ping from Server-B to Server-A, I get request timeout.
2. Now I go to Server-A and start a ping to Server-B. It works fine.
3. Then again I go back to Server-B to ping to Server-A, and now it 
starts pinging!!!

Can anyone of you explain this???
I need to get this thing resloved and straight away ping from B to A.
Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72357&t=72352
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: do you know why? [7:72352]

[Wilmes, Rusty]

I'd think that if it was an access list that it would either work or not
work but NOT not work until you try it from the other side.

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 15, 2003 8:23 PM
To: [EMAIL PROTECTED]
Subject: Re: do you know why? [7:72352]


I'm not very familiar with the newer releases of PIX software, but do you
have to enable ICMP on those interfaces? It looks to me like you only have
ICMP allowed going one direction. This is a very common problem and easily
fixed. Also, if something is being blocked it should be apparent from the
logs why it was blocked.

HTH,
John

- Original Message - 
From: "Vajira Wijesinghe" 
To: 
Sent: Tuesday, July 15, 2003 4:23 PM
Subject: do you know why? [7:72352]


> I have a pix firewall and i have a strange problem.
> If any one of you have come across this pls let me know the solution.
>
> I have few servers at both sides of the PIX.
> eg. Server-A at Outside zone and Server-B at Inside zone.
>
> 1. When I ping from Server-B to Server-A, I get request timeout.
> 2. Now I go to Server-A and start a ping to Server-B. It works fine.
> 3. Then again I go back to Server-B to ping to Server-A, and now it
> starts pinging!!!
>
> Can anyone of you explain this???
> I need to get this thing resloved and straight away ping from B to A.
> Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72410&t=72352
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: do you know why? [7:72352]

[Wilmes, Rusty]

Jim,

outta curiosity - where would my situation with the vpn fit into this
scenario.

i have a pix >-vpn->> Wilmes, Rusty 7/16/03 11:31:51 AM >>>
I'd think that if it was an access list that it would either work or not
work but NOT not work until you try it from the other side.

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, July 15, 2003 8:23 PM
To: [EMAIL PROTECTED] 
Subject: Re: do you know why? [7:72352]


I'm not very familiar with the newer releases of PIX software, but do
you
have to enable ICMP on those interfaces? It looks to me like you only
have
ICMP allowed going one direction. This is a very common problem and
easily
fixed. Also, if something is being blocked it should be apparent from
the
logs why it was blocked.

HTH,
John

- Original Message - 
From: "Vajira Wijesinghe" 
To: 
Sent: Tuesday, July 15, 2003 4:23 PM
Subject: do you know why? [7:72352]


> I have a pix firewall and i have a strange problem.
> If any one of you have come across this pls let me know the solution.
>
> I have few servers at both sides of the PIX.
> eg. Server-A at Outside zone and Server-B at Inside zone.
>
> 1. When I ping from Server-B to Server-A, I get request timeout.
> 2. Now I go to Server-A and start a ping to Server-B. It works fine.
> 3. Then again I go back to Server-B to ping to Server-A, and now it
> starts pinging!!!
>
> Can anyone of you explain this???
> I need to get this thing resloved and straight away ping from B to A.
> Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72433&t=72352
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: a really big bug [7:72463]

[Wilmes, Rusty]

As we don't know exactly *what* you need to do, it's difficult to say 
whether he's right or not. But my gut says he's wrong; as soon as you 
*do* know, there are 'packetfactory'-tools enough about...

..and if you have ONE port accessible from the internet there's about a
gazillion possible culprits...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72532&t=72463
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Access list or Conduit? [7:72514]

[Wilmes, Rusty]

my understanding is conduits are the same as access lists but are being
phased out and replaced by access lists so that syntax is more uniform
across platforms.

-Original Message-
From: E. Keith J. [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 17, 2003 2:12 PM
To: [EMAIL PROTECTED]
Subject: Access list or Conduit? [7:72514]


Hi all

 

The boss wants to allow ping.

In the website I found the way by using an access list.

In another config I see a conduit is used.

 

What is the difference between using a conduit and an access list to allow
ping

 

Is it that a conduit is to a specific host 

Rather than permit any?

 

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72531&t=72514
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

need input on a frame relay t1 problem [7:72621]

[Wilmes, Rusty]

I've got a frame line thats almost 100% errors, mostly framing.  Local
Hardware is a 1604 w/ t1 wic (for testing purposes only.  will be a 3640.)
Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame
lines.  Remotes have existing pvcs back to the 3640 on the production
network.

PVCs come up but line protocol bounces continuously.
telco has reported that they can get to their network termination but not to
my csu.  I've triple checked the extension from the NIU to the WIC and it
looks good.  Its about 75 feet of shielded t1 cable.  Tried both clock
source line and clock source internal.  on clock source line I lose the pvcs
(deleted).  Telco verified lmi type cisco (they had it at auto but changed
to cisco).  I tried ANSI on my side and got no LMI rcvs.  W/ type set to
cisco LMI enq/rcv is incrementing but drifting all over the place.
Interface resets increment each time I lose line protocol.  Carrier resets
are incrementing slowly as well.

Im still suspecting telco issues but any input would be greatly appreciated.




interface Serial0
 no ip address
 encapsulation frame-relay
 fair-queue 64 32 0
 service-module t1 clock source internal
 service-module t1 timeslots all
 frame-relay lmi-type cisco

local-test#sho int s0
Serial0 is up, line protocol is up
  Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
  MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255
  Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
  LMI enq sent  18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up
  LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
  LMI DLCI 1023  LMI type is CISCO  frame relay DTE
  Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts
66
  Last input 00:00:08, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:03:06
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/1/32 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 1 packets/sec
 19 packets input, 1466 bytes, 0 no buffer
 Received 11 broadcasts, 0 runts, 0 giants, 0 throttles
 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort
 99 packets output, 8280 bytes, 0 underruns
 0 output errors, 0 collisions, 3 interface resets
 0 output buffer failures, 0 output buffers swapped out
 0 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
 
local-test#
local-test#
local-test#
local-test#
local-test#sho frame lmi
 
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0Invalid Prot Disc 0
  Invalid dummy Call Ref 0Invalid Msg Type 0
  Invalid Status Message 0Invalid Lock Shift 0
  Invalid Information ID 0Invalid Report IE Len 0
  Invalid Report Request 0Invalid Keep IE Len 0
  Num Status Enq. Sent 19Num Status msgs Rcvd 12
  Num Update Status Rcvd 0Num Status Timeouts 8




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72621&t=72621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: need input on a frame relay t1 problem [7:72621]

[Wilmes, Rusty]

Thanks to all.  We've isolated it to the house cabling extension.  If i jack
the router directly to the niu the line comes up and runs error free.  Crud,
I hate it when its not verizons fault :)
Thanks again,
Rusty


-Original Message-
From: Wilmes, Rusty 
Sent: Saturday, July 19, 2003 8:39 AM
To: [EMAIL PROTECTED]
Subject: need input on a frame relay t1 problem [7:72621]


I've got a frame line thats almost 100% errors, mostly framing.  Local
Hardware is a 1604 w/ t1 wic (for testing purposes only.  will be a 3640.)
Remote hardware for the 6 pvc's are 1604's w/ t1 wics on fractional frame
lines.  Remotes have existing pvcs back to the 3640 on the production
network.

PVCs come up but line protocol bounces continuously.
telco has reported that they can get to their network termination but not to
my csu.  I've triple checked the extension from the NIU to the WIC and it
looks good.  Its about 75 feet of shielded t1 cable.  Tried both clock
source line and clock source internal.  on clock source line I lose the pvcs
(deleted).  Telco verified lmi type cisco (they had it at auto but changed
to cisco).  I tried ANSI on my side and got no LMI rcvs.  W/ type set to
cisco LMI enq/rcv is incrementing but drifting all over the place.
Interface resets increment each time I lose line protocol.  Carrier resets
are incrementing slowly as well.

Im still suspecting telco issues but any input would be greatly appreciated.




interface Serial0
 no ip address
 encapsulation frame-relay
 fair-queue 64 32 0
 service-module t1 clock source internal
 service-module t1 timeslots all
 frame-relay lmi-type cisco

local-test#sho int s0
Serial0 is up, line protocol is up
  Hardware is QUICC Serial (with FT1 CSU/DSU WIC)
  MTU 1500 bytes, BW 1536 Kbit, DLY 2 usec, rely 189/255, load 1/255
  Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
  LMI enq sent  18, LMI stat recvd 11, LMI upd recvd 0, DTE LMI up
  LMI enq recvd 0, LMI stat sent  0, LMI upd sent  0
  LMI DLCI 1023  LMI type is CISCO  frame relay DTE
  Broadcast queue 0/64, broadcasts sent/dropped 76/0, interface broadcasts
66
  Last input 00:00:08, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:03:06
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
 Conversations  0/1/32 (active/max active/max total)
 Reserved Conversations 0/0 (allocated/max allocated)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 1 packets/sec
 19 packets input, 1466 bytes, 0 no buffer
 Received 11 broadcasts, 0 runts, 0 giants, 0 throttles
 1154 input errors, 89 CRC, 737 frame, 0 overrun, 0 ignored, 328 abort
 99 packets output, 8280 bytes, 0 underruns
 0 output errors, 0 collisions, 3 interface resets
 0 output buffer failures, 0 output buffers swapped out
 0 carrier transitions
 DCD=up  DSR=up  DTR=up  RTS=up  CTS=up
 
local-test#
local-test#
local-test#
local-test#
local-test#sho frame lmi
 
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE = CISCO
  Invalid Unnumbered info 0Invalid Prot Disc 0
  Invalid dummy Call Ref 0Invalid Msg Type 0
  Invalid Status Message 0Invalid Lock Shift 0
  Invalid Information ID 0Invalid Report IE Len 0
  Invalid Report Request 0Invalid Keep IE Len 0
  Num Status Enq. Sent 19Num Status msgs Rcvd 12
  Num Update Status Rcvd 0Num Status Timeouts 8




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72627&t=72621
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT: Anyone using Qwest PRN ? [7:72704]

[Wilmes, Rusty]

I looked at Qwests VPN stuff a while back which I think is at least similar
in overall design to PRN.  Though there was benefit in this type of solution
over frame relay from a technical standpoint, there was no cost benefit
versus converting my frame network to point-to-point lines via local carrier
and maintaining control over my own network.  Their stuff at the time was
ungodly expensive.

I do have a Qwest Internet T1 that has been flawless and their support is
first rate.  Its been down twice.  The first time they had it fixed w/i 10
minutes of my call.  The second time was because we lost main power to the
building and it knocked out our perimeter router.  Qwest took the
initiative, and called me wondering why it was down about 3 hours after it
went down.  Verizon won't even guarantee a callback w/i 3 hours much less
initiate the investigation.  That said, we'll be moving it to an SBC
internet line in the near future due to the high MRC on the Qwest line.  

-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: Monday, July 21, 2003 11:02 AM
To: [EMAIL PROTECTED]
Subject: Re: OT: Anyone using Qwest PRN ? [7:72704]


Peter van Oene wrote:
> 
> At 04:31 PM 7/21/2003 +, John Neiberger wrote:
> >Are any of you using Qwest PRN? If so, I have a few questions
> for you:
> >
> >1. How do you like it so far?
> >2. Did you migrate from something else? If so, how did the
> migration go?
> >3. Any 'gotchas' that you learned later that you wish you'd
> learned sooner?
> >4. How does the service compare to what you were using before?
> >5. How many sites do you have? Is this solution scaling well
> for you?
> 
> Hey John,
> 
> What is PRN? Private routed network? Can't seem to find much
> about it in my
> brief googling.
> 

Oops. Accidentally hit post before adding any content.  ;-)

Yes, it stands for Private Routed Network. It's a very interesting solution.
Our hub sites would participate in OSPF with their network, while our spoke
sites would use static routing. The PRN would have static routes pointing to
our spoke sites and those statics would be redistributed into OSPF.

The biggest downside to this is that we'd have to contact Qwest each time we
added a new subnet at a branch, but I suppose that just means we'd need to
plan ahead better.

This solution buys us a few things over our current frame relay network.
Each site has a full pipe into the PRN instead of multiple PVCs sharing a
single link, and we don't have to deal with CIR. From the perspective of our
routers each site is one hop away from any other site. These combination of
these features will allow us to proceed with VoIP throughout our network,
which is not feasible with the current frame relay network.

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72716&t=72704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ios upgrade... [7:72779]

[Wilmes, Rusty]

Hi,

I tried upgrading IOS on a 3620 via the console (about 1.75 hours!)

Now there's some ugliness in the boot.  I verified the flash and it seems
ok. 

Boot and sho ver follows.

Just seeing if anyone had any input...

Thanks
Rusty

System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE
SOFT
WARE (fc2)
Copyright (c) 1994-1996 by cisco Systems, Inc.
C3600 processor with 65536 Kbytes of main memory
Main memory is configured to 32 bit mode with parity disabled

program load complete, entry point: 0x80008000, size: 0x843438
Self decompressing the image : #.##[OK]

%ERR-1-GT64010: Fatal error, PCI Master abort
 cause=0x0300E483, mask=0x0CD01F00, real_cause=0x0400
 bus_err_high=0x, bus_err_low=0x3100, addr_decode_err=0x1FEE

  Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

   cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, California 95134-1706



Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 29-May-03 17:29 by kellythw
Image text-base: 0x60008940, data-base: 0x60EB4000

cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
memory.
Processor board ID 06072235
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)



Press RETURN to get started!


00:00:06: %LINK-4-NOMAC: A random default MAC address of .0c86.2235 has
  been chosen.  Ensure that this address is unique, or specify MAC
  addresses for commands (such as 'novell routing') that allow the
  use of this address as a default.
00:00:07: %SYS-5-CONFIG_I: Configured from memory by console
00:00:10: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 29-May-03 17:29 by kellythw
Router>
Router>
Router>sho ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 29-May-03 17:29 by kellythw
Image text-base: 0x60008940, data-base: 0x60EB4000

ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
RELEASE
 SOFTWARE (fc2)

Router uptime is 0 minutes
System returned to ROM by power-on
System image file is "flash:c3620-is-mz.121-20.bin"

cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
memory.
Processor board ID 06072235
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Router>




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72779&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ios upgrade... [7:72779]

[Wilmes, Rusty]

Hi,

I tried upgrading IOS on a 3620 via the console (about 1.75 hours!)

Now there's some ugliness in the boot.  I verified the flash and it seems
ok. 

Boot and sho ver follows.

Just seeing if anyone had any input...

Thanks
Rusty

System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT RELEASE
SOFT
WARE (fc2)
Copyright (c) 1994-1996 by cisco Systems, Inc.
C3600 processor with 65536 Kbytes of main memory
Main memory is configured to 32 bit mode with parity disabled

program load complete, entry point: 0x80008000, size: 0x843438
Self decompressing the image : #.##[OK]

%ERR-1-GT64010: Fatal error, PCI Master abort
 cause=0x0300E483, mask=0x0CD01F00, real_cause=0x0400
 bus_err_high=0x, bus_err_low=0x3100, addr_decode_err=0x1FEE

  Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

   cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, California 95134-1706



Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 29-May-03 17:29 by kellythw
Image text-base: 0x60008940, data-base: 0x60EB4000

cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
memory.
Processor board ID 06072235
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)



Press RETURN to get started!


00:00:06: %LINK-4-NOMAC: A random default MAC address of .0c86.2235 has
  been chosen.  Ensure that this address is unique, or specify MAC
  addresses for commands (such as 'novell routing') that allow the
  use of this address as a default.
00:00:07: %SYS-5-CONFIG_I: Configured from memory by console
00:00:10: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 29-May-03 17:29 by kellythw
Router>
Router>
Router>sho ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
(fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Thu 29-May-03 17:29 by kellythw
Image text-base: 0x60008940, data-base: 0x60EB4000

ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
RELEASE
 SOFTWARE (fc2)

Router uptime is 0 minutes
System returned to ROM by power-on
System image file is "flash:c3620-is-mz.121-20.bin"

cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
memory.
Processor board ID 06072235
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Router>




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72804&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ios upgrade... [7:72779]

[Wilmes, Rusty]

even though it was throwing the error it seemed to function normally and
recognized the nm-1fe (hence the need for the upgrade).  I put it on the
network and started a tftp upgrade (as later suggested by Ganesh) and went
home and slept.  It finished okay but this morning is still throwing the
same error. :(

I doubt it's hardware because it wasnt throwing the error on
11.whateveritwas and it does it whether the nm-2fe is in there or not.  

It seems to work fine but i HATE having machines with those errors that you
always have to tell people "dont worry about that..."



-Original Message-
From: Raj Singh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 6:35 AM
To: [EMAIL PROTECTED]
Subject: RE: ios upgrade... [7:72779]


Here u go!

Bus Error Crashes
The system encounters a bus error when the processor tries to access a
memory location that either does not exist (a software error) or does not
respond properly (a hardware problem). A bus error can be identified by
looking at the output of the show version command provided by the router (if
not power-cycled or manually reloaded).

Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72813&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ios upgrade... [7:72779]

[Wilmes, Rusty]

only one image in flash..

outer#dir flash:
Directory of flash:/

1  -rw- 8664404c3620-is-mz.121-20.bin

16777216 bytes total (8112748 bytes free)

It can ping itself just fine w/ a 1475 datagram size.  I guess the drops
might be a problem between this interface and the gateway.

-Original Message-
From: Zsombor Papp [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 7:18 AM
To: [EMAIL PROTECTED]
Subject: RE: ios upgrade... [7:72779]


Hi,

are you sure that the image that crashes and the one that then boots up
properly is the same one? Isn't it possible that you have two images, and
the second one is booted up after the booting of the first failed?

A full boot-log would help to answer these questions. If you indeed have two
images, then simply make sure that the boot variable points to it (see 'boot
system flash' command).

Thanks,

Zsombor 

Wilmes, Rusty wrote:
> 
> Hi,
> 
> I tried upgrading IOS on a 3620 via the console (about 1.75
> hours!)
> 
> Now there's some ugliness in the boot.  I verified the flash
> and it seems
> ok. 
> 
> Boot and sho ver follows.
> 
> Just seeing if anyone had any input...
> 
> Thanks
> Rusty
> 
> System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY
> DEPLOYMENT RELEASE
> SOFT
> WARE (fc2)
> Copyright (c) 1994-1996 by cisco Systems, Inc.
> C3600 processor with 65536 Kbytes of main memory
> Main memory is configured to 32 bit mode with parity disabled
> 
> program load complete, entry point: 0x80008000, size: 0x843438
> Self decompressing the image : #.##[OK]
> 
> %ERR-1-GT64010: Fatal error, PCI Master abort
>  cause=0x0300E483, mask=0x0CD01F00, real_cause=0x0400
>  bus_err_high=0x, bus_err_low=0x3100,
> addr_decode_err=0x1FEE
> 
>   Restricted Rights Legend
> 
> Use, duplication, or disclosure by the Government is
> subject to restrictions as set forth in subparagraph
> (c) of the Commercial Computer Software - Restricted
> Rights clause at FAR sec. 52.227-19 and subparagraph
> (c) (1) (ii) of the Rights in Technical Data and Computer
> Software clause at DFARS sec. 252.227-7013.
> 
>cisco Systems, Inc.
>170 West Tasman Drive
>San Jose, California 95134-1706
> 
> 
> 
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE
> SOFTWARE
> (fc2)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Thu 29-May-03 17:29 by kellythw
> Image text-base: 0x60008940, data-base: 0x60EB4000
> 
> cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K
> bytes of
> memory.
> Processor board ID 06072235
> R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> DRAM configuration is 32 bits wide with parity disabled.
> 29K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read/Write)
> 
> 
> 
> Press RETURN to get started!
> 
> 
> 00:00:06: %LINK-4-NOMAC: A random default MAC address of
> .0c86.2235 has
>   been chosen.  Ensure that this address is unique, or specify
> MAC
>   addresses for commands (such as 'novell routing') that allow
> the
>   use of this address as a default.
> 00:00:07: %SYS-5-CONFIG_I: Configured from memory by console
> 00:00:10: %SYS-5-RESTART: System restarted --
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE
> SOFTWARE
> (fc2)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Thu 29-May-03 17:29 by kellythw
> Router>
> Router>
> Router>sho ver
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE
> SOFTWARE
> (fc2)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Thu 29-May-03 17:29 by kellythw
> Image text-base: 0x60008940, data-base: 0x60EB4000
> 
> ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY
> DEPLOYMENT
> RELEASE
>  SOFTWARE (fc2)
> 
> Router uptime is 0 minutes
> System returned to ROM by power-on
> System image file is "flash:c3620-is-mz.121-20.bin"
> 
> cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K
> bytes of
> memory.
> Processor board ID 06072235
> R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> DRAM configuration is 32 bits wide with parity disabled.
> 29K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read/Write)
> 
> Configuration register is 0x2102
> 
> Router>




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72814&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - Ethernet Fire Alarm [7:72749]

[Wilmes, Rusty]

i was thinking that each unit would have to be something 
like a tiny VESDA system that can detect the elements of smoke 
before there's actual combustion.

-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 7/24/2003 1:46 AM
Subject: RE: OT - Ethernet Fire Alarm [7:72749]

I don't think there is any fire regulations that will endorse the use of
UTP/STP/fiber cabling for critical signal paths such as emergency
detection
systems. It has to be in pyrotenics and the like. I had though about
this
application for an instance when cabling some industrial units once, but
the
question I could not answer to satisfy myself was 'can I ensure that
fire
does not destroy the cabling to the sensors before the fire is detected
and
an alarm raised'..it was easier on my conscience to follow the local
regs.

HTH

DF

-Original Message-
From: Weaselboy [mailto:[EMAIL PROTECTED] 
Sent: 22 July 2003 22:38
To: [EMAIL PROTECTED]
Subject: OT - Ethernet Fire Alarm [7:72749]


> My company's Facilities department manager mentioned in meeting that 
> he was having someone cable our entire building to support a new 
> fire/emergency alarm system, and I was just thinking that... hey... 
> the whole place is already networked.  Isn't there some kind of 
> Ethernet-aware alarm or intercom system that could piggyback on what 
> we already have?  It could almost be a simple voice-over-IP 
> application.  Has anybody got any good links for this kind of thing?
 

Just looking for a few thoughts...

> WB




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72907&t=72749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ios upgrade...(resolved) [7:72779]

[Wilmes, Rusty]

Hi,

Many thanks to all.

At the suggestion of Larry Letterman (Thanks Larry) I tried a different
image yesterday. I
I used tftp to move it and the tftp kept getting timeouts.  During the first
console
flash my laptop went to sleep and during the 2nd I also got the tftp
timeouts but was eventually successful and verify flash: was clean.  

Yesterday after getting the timeouts i connected
to the f0/0 port w/ a crossover and  the flash went flew by fine
and the funky error went away on reload.  

My suspicion is that the original image I used is fine but that a few bits
got scrambled here and there (even though i did a "verify flash:").

Today Im going to try putting back the last image I used to see if it was
the actual image or 
the funkiness in the transfer.

I'll repost the results.

Thanks again,
Rusty



-Original Message-
From: Raj Singh
To: [EMAIL PROTECTED]
Sent: 7/23/2003 11:34 PM
Subject: RE: ios upgrade... [7:72779]

I think its a software error trying to read a memeory block that has
gone
bad, the older images did nothing when the memory block was bad but skip
over, I think the newer images report it. Thats what I think. Could be
wrong
or could be right.

Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72912&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ios upgrade... [7:72779]

[Wilmes, Rusty]

even though it was throwing the error it seemed to function normally and
recognized the nm-1fe (hence the need for the upgrade).  I put it on the
network and started a tftp upgrade (as later suggested by Ganesh) and went
home and slept.  It finished okay but this morning is still throwing the
same error. :(

I doubt it's hardware because it wasnt throwing the error on
11.whateveritwas and it does it whether the nm-2fe is in there or not.  

It seems to work fine but i HATE having machines with those errors that you
always have to tell people "dont worry about that..."



-Original Message-
From: Raj Singh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 6:35 AM
To: [EMAIL PROTECTED]
Subject: RE: ios upgrade... [7:72779]


Here u go!

Bus Error Crashes
The system encounters a bus error when the processor tries to access a
memory location that either does not exist (a software error) or does not
respond properly (a hardware problem). A bus error can be identified by
looking at the output of the show version command provided by the router (if
not power-cycled or manually reloaded).

Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72924&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ios upgrade...(resolution confirmed) [7:72779]

[Wilmes, Rusty]

uter Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
 
   cisco Systems, Inc.
   170 West Tasman Drive
   San Jose, California 95134-1706
 
 
 
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3620-IK8S-M), Version 12.2(13b), RELEASE SOFTWARE
(fc1)
 
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 21-Feb-03 11:21 by pwade
Image text-base: 0x60008930, data-base: 0x61278000
 
 
Compliance with U.S. Export Laws and Regulations - Encryption
 
This product performs encryption and is regulated for export
by the U.S. Government.
 
This product is not authorized for use by persons located
outside the United States and Canada that do not have prior
approval from Cisco Systems, Inc. or the U.S. Government.
 
This product may not be exported outside the U.S. and Canada
either by physical or electronic means without PRIOR approval
of Cisco Systems, Inc. or the U.S. Government.
 
Persons outside the U.S. and Canada may not re-export, resell,
or transfer this product by either physical or electronic means
without  prior approval of Cisco Systems, Inc. or the U.S.
Government.
 
cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
memory.
Processor board ID 06072235
R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
1 FastEthernet/IEEE 802.3 interface(s)
DRAM configuration is 32 bits wide with parity disabled.
29K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
 
 
Press RETURN to get started!
 
 
-Original Message-
From: Wilmes, Rusty 
Sent: Thursday, July 24, 2003 5:53 AM
To: [EMAIL PROTECTED]
Subject: RE: ios upgrade... [7:72779]


even though it was throwing the error it seemed to function normally and
recognized the nm-1fe (hence the need for the upgrade).  I put it on the
network and started a tftp upgrade (as later suggested by Ganesh) and went
home and slept.  It finished okay but this morning is still throwing the
same error. :(

I doubt it's hardware because it wasnt throwing the error on
11.whateveritwas and it does it whether the nm-2fe is in there or not.  

It seems to work fine but i HATE having machines with those errors that you
always have to tell people "dont worry about that..."



-Original Message-
From: Raj Singh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 6:35 AM
To: [EMAIL PROTECTED]
Subject: RE: ios upgrade... [7:72779]


Here u go!

Bus Error Crashes
The system encounters a bus error when the processor tries to access a
memory location that either does not exist (a software error) or does not
respond properly (a hardware problem). A bus error can be identified by
looking at the output of the show version command provided by the router (if
not power-cycled or manually reloaded).

Raj




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72934&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE required in UAE. [7:72879]

[Wilmes, Rusty]

I've heard that sometimes mid east contractors don't pay much but they
provide a veritable palace complete with full staff etc to live...  

-Original Message-
From: Will Gragido [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 8:22 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE required in UAE. [7:72879]


I was waiting to see what the US dollar conversion was.

Will Gragido CISSP CCNP CIPTSS CCDA MCP
Suite 325 9450 W. Bryn Mawr Ave. 
Rosemont, Il 60018
[EMAIL PROTECTED]
"The Knowledge Behind The Network"
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Walker, James - Is
Sent: Thursday, July 24, 2003 8:55 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE required in UAE. [7:72879]

That is only $2118.51 a month?



-Original Message-
From: afshin mehrpouya [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 1:24 AM
To: [EMAIL PROTECTED]
Subject: CCIE required in UAE. [7:72879]


CCIE required in UAE-Dubai for an international solution provider company.
Min salary 2 derhems/month.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72948&t=72879
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

TANGENT RE: OT - Ethernet Fire Alarm [7:72749]

[Wilmes, Rusty]

Im in the process of building out a new datacenter.  I was wondering if
anyone had any pointers to electircal and fire codes in California on fire
suppression requirements in a datacenter.  

I've done some googling and havent found much.  

ONe of our chiefs, in a complete lack of wisdom, axed all firesupression
from the blueprints so Im looking for ammo to get an FM200/VESDA system.

-Original Message-
From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 7:57 AM
To: [EMAIL PROTECTED]
Subject: Re: OT - Ethernet Fire Alarm [7:72749]


This is an area where your local building inspectors and your 
insurers aren't going to let you be creative. While local codes can 
override, in general, you are going to have to comply with the rules 
of the National Electrical Code and the National Fire Protection 
Association. In turn, they generally specify that fire detection 
systems must be certified by independent testing laboratories, such 
as Underwriters Laboratories in the US.  There are specifications for 
alarm wiring, although some fire detectors operate through power 
lines.

On a practical basis, during a lecture on integrated voice and data, 
I sometimes take a student team design, put a birthday candle on the 
Call Manager or PBX, and innocently ask, "the Call Manager is on 
fire. Would someone please call 911?"  Let's put it this way -- I 
don't consider it a safe voice design unless there is some 
independent way to place emergency calls -- perhaps cellular or POTS 
phones behind breakable glass at fire exits.  You'll find that most 
hospitals have at least one phone line in nursing units, the ER, 
etc., that do not go through the PBX or equivalent.

Now, use sensors as a supplemental system? Sure, but I'd look at them 
as a supplement.  In a specialized environment (e.g., manufacturing), 
where there might be threats that standard detectors don't detect, it 
makes perfect sense to use them as an adjunct. Even there, however, 
you want to keep life-critical equipment on separate or massively 
fault tolerant facilities.  Fly-by-wire flight control systems on 
commercial aircraft are at least triply redundant, and may be more so 
on combat aircraft expected to suffer battle damage.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72946&t=72749
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CCIE [7:65426]

[Wilmes, Rusty]

thats hilarious!

http://www.badminston.demon.co.uk/stucco.html

-Original Message-
From: l0stbyte [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2003 12:30 PM
To: [EMAIL PROTECTED]
Subject: Re: CCIE [7:65426]


That is hilarious. Can I plagiarize it for my biography?

-l0stbyte
Juan Blanco wrote:
> Team,
> I got this from a friend but I not sure if you have seen this or not but
> only someone pursuing the CCIE would laugh at it!!
> In the course of my day-to-day work, people ask me what is a CCIE? I
thought
> about this for some time. I wrote some notes. And this is what I came up
> with:
> I am a dynamic figure, often seen scaling 8 foot computer racks and
charming
> magnetic security cardswipes. I have been known to remodel SME networks on
> my lunch breaks, making them more efficient in the area of capital
> deployment, reliability and performance. I translate technobabble for
> Management, I write award-winning technical presentations and deliver them
> better than an American president announcing tax cuts.
> I can recite complete chapters of the Cisco Documentation CD, backwards
and,
> with little effort and at the same time, perform decimal to binary
> conversion for very large numbers.
> I woo women with my sensuous and godlike MIDI playing on a notebook. I can
> pilot computer trolleys up severe inclines with unflagging speed, and I
can
> rack Cisco gear faster than Arnold Schwarznegger can bench press. I am an
> expert in network diagramming tools, a veteran in web surfing, and know
the
> Cisco Web Site better than I know my own family.
> Just to keep it interesting, I occasionally tread water for three days
while
> programming Cisco practice labs. I manage time efficiently and can
complete
> a timesheet every week. In addition, I know the part number for every
Cisco
> router cable.
> Using only a Chinese AC power cord and a large glass of water, I once
> single-handedly rebuilt the network core of major co-location facility
after
> the roof fell in. I used to play games, but now it's serious. I am the
> subject of numerous urban myths and I am the creator of a few as well.
When
> I'm bored, I test fiber optic cable, calculate power loss sums on UTP and
> the minimum refraction index for 50 micron multimode fiber. I mean, what
IS
> the point of it ?
> I understand that DLSW and Source Route Translational Bridging actually
has
> a reason for existence. It's not just IBM playing a practical joke.
Really.
> I enjoy urban guerilla activities. I can build a 802.11b parabolic dish
> antennae using surplus antennae from defunct satellite companies and a
juice
> can. It has better performance than off the shelf products. I think that
> having a wind generator and solar array as power backup for my practice
lab
> is not only responsible preparation, it's environmentally friendly too. On
> Wednesdays, after work, I repair old monitors free of charge for my local
> charity.
> I know that canonical to non-canonical conversion is not about religion,
> it's about "ART."
> Microsoft geeks worldwide swoon over my original line of corduroy evening
> wear, which I don't understand -- it was supposed to be funny. I don't
> perspire. I am a private citizen, yet I receive fan mail. I have been
caller
> number ten and have won the cash jackpot.
> I can speak IPX NLSP, AppleTalk, ATM PVC, QoS, and BGP to name a few, and
> redistribute routes at will, with filtering, using non contiguous masks. I
> install IPV6 on customer sites whenever I can, just so I can play with it.
> Same for OSPF NSSA. Children trust me.
> I can hurl squishy giveaway tradeshow toys at sales personnel with
stunning
> accuracy, and ensure that the dweeb from administration gets the blame. I
> have charisma beyond normal mortals; if I didn't the boss would have sent
> the other guy to this exam.
> I once read Cisco Quality of Service, Caslow Bridges and Routers 2nd Ed,
and
> Jeff Doyles' Routing TCP/IP Vol2 in one day, and still had time to do
> practice on a Frame Relay multipoint network, using OSPF and IGRP, split
> horizon, route maps and ISDN. I know the exact location of every food item
> in the supermarket and I use a link state protocol to calculate the
shortest
> path to get there.
> I have performed several covert operations with the CIA. It was kind of
fun
> having them follow me around. I know that security and privacy is a
> phantasm-like myth created by "security companies" to extract money from
IT
> Managers who can't implement a decent security policy. But it's great fun
to
> play with.
> I sleep once a week; when I do sleep, I sleep in a chair. I know exactly
how
> much coffee my body will take to sustain me at peak function. While on
> vacation, I successfully negotiated with the hotel to fix their network in
> return for free accommodation. The laws of society do not apply to me.
> I balance, I weave, I dodge, I frolic, and my bills are all paid. On
> weekends, to let off steam, I participate in full-contact tech stock 

RE: ios upgrade... [7:72779]

[Wilmes, Rusty]

I got a nm-1fe.  The error was resolved by trying a different image.  Many
thanks though!


-Original Message-
From: Bikespace [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 3:18 PM
To: [EMAIL PROTECTED]
Subject: Re: ios upgrade... [7:72779]


What cards have you got in it. Seems some confusion (1FE, 2FE, both ??).
If its 2FE2W your image does not support it.

Let us know what's in it.

Bikespace


""Wilmes, Rusty""  wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I tried upgrading IOS on a 3620 via the console (about 1.75 hours!)
>
> Now there's some ugliness in the boot.  I verified the flash and it seems
> ok.
>
> Boot and sho ver follows.
>
> Just seeing if anyone had any input...
>
> Thanks
> Rusty
>
> System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
RELEASE
> SOFT
> WARE (fc2)
> Copyright (c) 1994-1996 by cisco Systems, Inc.
> C3600 processor with 65536 Kbytes of main memory
> Main memory is configured to 32 bit mode with parity disabled
>
> program load complete, entry point: 0x80008000, size: 0x843438
> Self decompressing the image : #.##[OK]
>
> %ERR-1-GT64010: Fatal error, PCI Master abort
>  cause=0x0300E483, mask=0x0CD01F00, real_cause=0x0400
>  bus_err_high=0x, bus_err_low=0x3100,
addr_decode_err=0x1FEE
>
>   Restricted Rights Legend
>
> Use, duplication, or disclosure by the Government is
> subject to restrictions as set forth in subparagraph
> (c) of the Commercial Computer Software - Restricted
> Rights clause at FAR sec. 52.227-19 and subparagraph
> (c) (1) (ii) of the Rights in Technical Data and Computer
> Software clause at DFARS sec. 252.227-7013.
>
>cisco Systems, Inc.
>170 West Tasman Drive
>San Jose, California 95134-1706
>
>
>
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
> (fc2)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Thu 29-May-03 17:29 by kellythw
> Image text-base: 0x60008940, data-base: 0x60EB4000
>
> cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
> memory.
> Processor board ID 06072235
> R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> DRAM configuration is 32 bits wide with parity disabled.
> 29K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read/Write)
>
>
>
> Press RETURN to get started!
>
>
> 00:00:06: %LINK-4-NOMAC: A random default MAC address of .0c86.2235
has
>   been chosen.  Ensure that this address is unique, or specify MAC
>   addresses for commands (such as 'novell routing') that allow the
>   use of this address as a default.
> 00:00:07: %SYS-5-CONFIG_I: Configured from memory by console
> 00:00:10: %SYS-5-RESTART: System restarted --
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
> (fc2)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Thu 29-May-03 17:29 by kellythw
> Router>
> Router>
> Router>sho ver
> Cisco Internetwork Operating System Software
> IOS (tm) 3600 Software (C3620-IS-M), Version 12.1(20), RELEASE SOFTWARE
> (fc2)
> Copyright (c) 1986-2003 by cisco Systems, Inc.
> Compiled Thu 29-May-03 17:29 by kellythw
> Image text-base: 0x60008940, data-base: 0x60EB4000
>
> ROM: System Bootstrap, Version 11.1(7)AX [kuong (7)AX], EARLY DEPLOYMENT
> RELEASE
>  SOFTWARE (fc2)
>
> Router uptime is 0 minutes
> System returned to ROM by power-on
> System image file is "flash:c3620-is-mz.121-20.bin"
>
> cisco 3620 (R4700) processor (revision 0x81) with 61440K/4096K bytes of
> memory.
> Processor board ID 06072235
> R4700 CPU at 80Mhz, Implementation 33, Rev 1.0
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> DRAM configuration is 32 bits wide with parity disabled.
> 29K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read/Write)
>
> Configuration register is 0x2102
>
> Router>




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73221&t=72779
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Loopback Interface [7:73305]

[Wilmes, Rusty]

our remote routers are configured to do ddr through the loopback interface.

-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 1:40 PM
To: [EMAIL PROTECTED]
Subject: RE: Loopback Interface [7:73305]


To monitor the router, since its up/up if the router is up.



Larry Letterman
Cisco Systems




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
DeVoe, Charles (PKI)
Sent: Thursday, July 31, 2003 12:16 PM
To: [EMAIL PROTECTED]
Subject: Loopback Interface [7:73305]


I know the loopback interface is useful for assigning the router ID.  Is
there any other purpose?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73321&t=73305
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: PIX License upgrade procedure [7:73769]

[Wilmes, Rusty]

its definitely chargeable.  A couple months ago I got a 3des license for a
515e restricted.  Around $400.

-Original Message-
From: Dom [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 09, 2003 5:25 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX License upgrade procedure [7:73769]


IIRC, it is chargeable - Contact your local Cisco reseller.

Best regards,

Dom Stocqueler
SysDom Technologies
Visit our website - www.sysdom.org


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Hitesh Pathak R
Sent: 09 August 2003 11:58
To: [EMAIL PROTECTED]
Subject: PIX License upgrade procedure [7:73769]


Hi ,

I just need to know what is the procedure if I want to upgrade my PIX
license to enable VPN-3DES feature (which is presently disabled). Either
thru CCO or by the mean of TAC case with Cisco ?? Is it free from Cisco
or chargeable ??

Many thanks in advance

Thnx

Hitesh


**Disclaimer

Information contained in this E-MAIL being proprietary to Wipro Limited
is 'privileged' and 'confidential' and intended for use only by the
individual  or entity to which it is addressed. You are notified that
any use, copying or dissemination of the information contained in the
E-MAIL in any manner whatsoever is strictly prohibited.


***

[GroupStudy removed an attachment of type image/jpeg which had a name of
Glacier Bkgrd.jpg]
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73780&t=73769
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX License upgrade procedure [7:73769]

[Wilmes, Rusty]

h - how long has it been free ?
-Original Message-
From: Joshua Vince
To: [EMAIL PROTECTED]
Sent: 8/11/2003 4:04 AM
Subject: RE: PIX License upgrade procedure [7:73769]

It is free now.

http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl

You will need a CCO login.

Josh

-Original Message-
From: Hitesh Pathak R [mailto:[EMAIL PROTECTED] 
Sent: Saturday, August 09, 2003 6:58 AM
To: [EMAIL PROTECTED]
Subject: PIX License upgrade procedure [7:73769]


Hi ,

I just need to know what is the procedure if I want to upgrade my PIX
license to enable VPN-3DES feature (which is presently disabled). Either
thru CCO or by the mean of TAC case with Cisco ?? Is it free from Cisco
or chargeable ??

Many thanks in advance

Thnx

Hitesh


**Disclaimer

Information contained in this E-MAIL being proprietary to Wipro Limited
is 'privileged' and 'confidential' and intended for use only by the
individual  or entity to which it is addressed. You are notified that
any use, copying or dissemination of the information contained in the
E-MAIL in any manner whatsoever is strictly prohibited.


***

[GroupStudy removed an attachment of type image/jpeg which had a name of
Glacier Bkgrd.jpg]
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73870&t=73769
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Loopback Interface [7:73305]

[Wilmes, Rusty]

n_guide_chapter09186a0080087da4.html#3302

-Original Message-
From: Robert Edmonds [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 05, 2003 9:47 AM
To: [EMAIL PROTECTED]
Subject: Re: Loopback Interface [7:73305]


You gentlemen have pointed out some good uses for loopback interfaces.
However, my dilema still remains that I have yet to have somebody solidly
explain loopback interfaces in a way that my simple mind can understand.  I
have also been unsuccessful in finding any website that accomplish this.
Any takers?

Robert

""p b""  wrote in message
news:[EMAIL PROTECTED]
> terminate iBGP sessions on
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73568&t=73305
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: PIX License upgrade procedure [7:73769]

[Wilmes, Rusty]

whew.  I got ours about 3-4 mos ago.  I thought I was going to have to have
a little chat w/ my reseller...

-Original Message-
From: Joshua Vince [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 5:59 AM
To: Wilmes, Rusty; [EMAIL PROTECTED]
Subject: RE: PIX License upgrade procedure [7:73769]


About 1-2 months.

Notice the link:

3DES/AES Encryption License (Free)

Josh

-Original Message-
From: Wilmes, Rusty [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 11, 2003 8:57 AM
To: Joshua Vince; '[EMAIL PROTECTED] '
Subject: RE: PIX License upgrade procedure [7:73769]


 
h - how long has it been free ?
-Original Message-
From: Joshua Vince
To: [EMAIL PROTECTED]
Sent: 8/11/2003 4:04 AM
Subject: RE: PIX License upgrade procedure [7:73769]

It is free now.

http://www.cisco.com/cgi-bin/Software/FormManager/formgenerator.pl

You will need a CCO login.

Josh

-Original Message-
From: Hitesh Pathak R [mailto:[EMAIL PROTECTED] 
Sent: Saturday, August 09, 2003 6:58 AM
To: [EMAIL PROTECTED]
Subject: PIX License upgrade procedure [7:73769]


Hi ,

I just need to know what is the procedure if I want to upgrade my PIX
license to enable VPN-3DES feature (which is presently disabled). Either
thru CCO or by the mean of TAC case with Cisco ?? Is it free from Cisco
or chargeable ??

Many thanks in advance

Thnx

Hitesh


**Disclaimer

Information contained in this E-MAIL being proprietary to Wipro Limited
is 'privileged' and 'confidential' and intended for use only by the
individual  or entity to which it is addressed. You are notified that
any use, copying or dissemination of the information contained in the
E-MAIL in any manner whatsoever is strictly prohibited.


***

[GroupStudy removed an attachment of type image/jpeg which had a name of
Glacier Bkgrd.jpg] **Please support GroupStudy by purchasing from the
GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and
subscription info: http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73877&t=73769
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Amazing Spanning Tree [7:74594]

[Wilmes, Rusty]

i think he has...

forw.   \   /blked
/---\
switch1 switch2
 \/
blked/  \forw.

not that it makes any sense to me either.  it would seem logical that one
entire link would be blocked and one forwarding.

-Original Message-
From: Reimer, Fred [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 10:48 AM
To: [EMAIL PROTECTED]
Subject: RE: Amazing Spanning Tree [7:74594]


Think of it like this.  Each switch is supposed to block redundant ports
leading to the root bridge.  Say Switch1 and Switch2 are interlinked, and
also have downlink connections to the root bridge, like this:

Switch1 -- Switch2
   |  |
   |  |
Core1 -- Core2

Say Core1 is the root bridge.  Assuming equal cost links (All Gigabit ports)
and no tweaking, what link would be blocked?  It should be the inter-link
port between Switch1 and Switch2 on Switch1's side.  Now, this is not
exactly how it works, but if it helps you can think of it like, since
Switch1 blocked its port going to Switch2, Switch2 can't "See" the root
bridge on that port, so it keeps it open.  Like I said, that's not exactly
how it works, but if it helps you understand what port gets blocked then so
be it.  I'd suggest reading the IEEE docs though.  They are a little hard to
follow, because of the similar terms it uses (too many "Designated" for my
taste), but it is the definitive text on the topic.

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Curious [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 02, 2003 12:02 PM
To: [EMAIL PROTECTED]
Subject: RE: Amazing Spanning Tree [7:74594]

Hello friends, I want to thank every answer to this post. I knew that a port

with spanning tree in blockin state has not any relation with being "down",
I
was surprised with some answers. What surprised me, is that one port were in
forwarding state and the port in front be in blocking state. For me, there
is
no sense in having one port in forwarding state when the port in front is in
blocking
state, why not both in blocking state?? I know that RFC's stablish the rules
but
I want to understand the sense. 

Thanks again!!
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74681&t=74594
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: RE: Slow Browsing via 500 Pix firewall [7:74583]

[Wilmes, Rusty]

this may be silly but did you do a "sho debug" to see if any debugs were
running?  I had accidentally left a debug crypto ipsec running after trouble
shooting a vpn. that drastically slowed down everything.


-Original Message-
From: Mark
To: [EMAIL PROTECTED]
Sent: 9/3/2003 8:46 PM
Subject: Re: RE: Slow Browsing via 500 Pix firewall [7:74583]

Is the problem related to a slow initial connection to a Web Server? If
so
then it could be an IDENT protocol problem (TCP port 113 connection
coming
back to you from the server). Try putting "service resetoutside" on the
PIX
and see if the problem still persists.

Mark
CCIE R&S, Security
Lab Technician
GigaVelocity.com

- Original Message -
>From: "Jurkouich, Brett, CNTR, DCAA" 
>Reply-To: "Jurkouich, Brett, CNTR, DCAA" 
>To: [EMAIL PROTECTED]
>Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
>Date: Tue, 2 Sep 2003 18:20:06 GMT
>
>Try turning off the port 80 inspecting with the "no fixup protocol http
>80" command
>
>-Original Message-
>From: Faisal [mailto:[EMAIL PROTECTED]
>Sent: Monday, September 01, 2003 1:38 AM
>To: [EMAIL PROTECTED]
>Subject: Slow Browsing via 500 Pix firewall [7:74583]
>
>
>Hi All,
>I am having problem of slow or interminnent browsing through pix
>firewall. If I bypass the traffic speeds are fine. But if all that
>traffic is going via firewall then it becomes extremely slow. Please
>anybody can help me how to sort this out.
>
>Regards
>Faisal
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74784&t=74583
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: OT Gibberish in email [7:74740]

[Wilmes, Rusty]

I've been trying to scrounge up the time to build one of these...

http://lawmonkey.org/anti-spam.html

combination of bayesian and razor on openbsd acting as an MTA.

About 1/2 our staff installed freeware screensaver (read: gator) on their
computers and our spam has gone through the roof.



-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2003 2:36 PM
To: [EMAIL PROTECTED]
Subject: RE: OT Gibberish in email [7:74740]


Reimer, Fred wrote:
> 
> It is an attempt by the SPAMers to avoid SPAM software that
> takes a hash of
> the SPAM and blocks SPAM on machines based on these hash
> values.  There are
> some anti-SPAM "solutions" out there that basically relies on
> the users to
> mark email as SPAM.  When they do, the client machines send the
> hash of the
> SPAM up to the service provider, which shares these hashes with
> all other
> subscribers.  So, if the same exact SPAM is sent to another
> user it would
> automatically get blocked.  These random characters change the
> hash value,
> and hence this method of blocking SPAM is ineffective.
> 
> Use a Bayesian filter program for your SPAM.  I have 3755
> emails in my "Junk
> Mail" folder now, and I empty it out last on July 18th.  Check
> out
> www.Junk-Out.com.
> 
> Fred Reimer - CCNA

Someone should develop a SPAM filter that looks for certain types of
randomness within a message. This would be difficult, but certainly not
impossible. You'd have to be pretty creative about it but it ought to be
possible to devise an algorithm that could detect that sort of random
line--often found in the subject line--and flag it as SPAM.

I haven't heard of a Bayesian filter before. I'm going to go find out more
about that right now.

John
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74752&t=74740
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: OT Gibberish in email [7:74740]

[Wilmes, Rusty]

compelling indeed!  I wish someone would make an enterprise level spyware
remover (or integrate one into virus scanning).  The best one I've seen is
spybot but it's not exactly something I'd rollout in a business environment
(of course, it might be easier to manage that than to manage gator on every
9x client.

-Original Message-
From: Brian [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 04, 2003 10:55 AM
To: [EMAIL PROTECTED]
Subject: RE: OT Gibberish in email [7:74740]


There's a compelling argument for scheduled virus and spyware
scans/updates..


Brian

The path to a desireable destination
is often more difficult than the path to stay where you are.

On Thu, 4 Sep 2003, Wilmes, Rusty wrote:

> I've been trying to scrounge up the time to build one of these...
>
> http://lawmonkey.org/anti-spam.html
>
> combination of bayesian and razor on openbsd acting as an MTA.
>
> About 1/2 our staff installed freeware screensaver (read: gator) on their
> computers and our spam has gone through the roof.
>
>
>
> -Original Message-
> From: John Neiberger [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 03, 2003 2:36 PM
> To: [EMAIL PROTECTED]
> Subject: RE: OT Gibberish in email [7:74740]
>
>
> Reimer, Fred wrote:
> >
> > It is an attempt by the SPAMers to avoid SPAM software that
> > takes a hash of
> > the SPAM and blocks SPAM on machines based on these hash
> > values.  There are
> > some anti-SPAM "solutions" out there that basically relies on
> > the users to
> > mark email as SPAM.  When they do, the client machines send the
> > hash of the
> > SPAM up to the service provider, which shares these hashes with
> > all other
> > subscribers.  So, if the same exact SPAM is sent to another
> > user it would
> > automatically get blocked.  These random characters change the
> > hash value,
> > and hence this method of blocking SPAM is ineffective.
> >
> > Use a Bayesian filter program for your SPAM.  I have 3755
> > emails in my "Junk
> > Mail" folder now, and I empty it out last on July 18th.  Check
> > out
> > www.Junk-Out.com.
> >
> > Fred Reimer - CCNA
>
> Someone should develop a SPAM filter that looks for certain types of
> randomness within a message. This would be difficult, but certainly not
> impossible. You'd have to be pretty creative about it but it ought to be
> possible to devise an algorithm that could detect that sort of random
> line--often found in the subject line--and flag it as SPAM.
>
> I haven't heard of a Bayesian filter before. I'm going to go find out more
> about that right now.
>
> John
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74822&t=74740
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html