Re: Another 802.3 and Ethernet Question
Hi, I had to take a look at rfc 894 (ethernet) and rfc 1042 (ieee802) from rfc 1042: " It is possible to use the Ethernet link level protocol [12] on the same physical cable with the IEEE 802.3 link level protocol. A computer interfaced to a physical cable used in this way could potentially read both Ethernet and 802.3 packets from the network. If a computer does read both types of packets, it must keep track of which link protocol was used with each other computer on the network and use the proper link protocol when sending packets. One should note that in such an environment, link level broadcast packets will not reach all the computers attached to the network, but only those using the link level protocol used for the broadcast. Since it must be assumed that most computers will read and send using only one type of link protocol, it is recommended that if such an environment (a network with both link protocols) is necessary, an IP gateway be used as if there were two distinct networks. " ... then i read rfc1122: " Every Internet host connected to a 10Mbps Ethernet cable: oMUST be able to send and receive packets using RFC-894 encapsulation; oSHOULD be able to receive RFC-1042 packets, intermixed with RFC-894 packets; and oMAY be able to send packets using RFC-1042 encapsulation. An Internet host that implements sending both the RFC-894 and the RFC-1042 encapsulations MUST provide a configuration switch to select which is sent, and this switch MUST default to RFC- 894. " On Tue, Feb 06, 2001 at 10:34:21PM -0800, John Neiberger wrote: >Okay, I have a guess...a total W.A.G., and I wasn't able to back it up with some >quick research, but here it is: > >The answer to this has something to do with ARP packets. My guess is that they >assume the presence of Ethernet_II frames when constructing ARP packets and these >would be inoperable if some other ethernet frame were being used. > >That would explain why the default *had* to be Ethernet_II. If ARP breaks, IP over >ethernet breaks. > >Am I right?? I'm going to keep digging to see if I can find some more details about >this. I may be chasing down the wrong street. Let me know if I'm even close! :-) > >John > >> >> OK, Leigh Anne, you're just going to have to come out and tell us what you >> are getting at. The suspense is killing me. &;-) >> >> The only time I've ever configured an Ethernet encapsulation, it has been >> part of the ipx network command. As we know, Novell mucked things up and >> supports four frame types, so being able to configure the frame type is >> necessary for IPX. A unique feature of IPX is that you can configure >> multiple networks on a single segment. Each of them must have a different >> encapsulation. In fact that is how you support networks with devices >> configured for different encapsulations. >> >> I don't even know that you can configure the encapsulation for IP on >> Ethernet on a router. Can you? Or is that what you're getting at. IP >> doesn't care. >> >> With IP, 99% of the world uses Ethernet V2 (dest, src, EtherType). I just >> tried to change it on my PC and I couldn't, although I think I have seen >> that capability on other PCs. But my guess is that if I did change it, the >> router could still handle it. >> >> Priscilla >> >> At 12:33 PM 2/7/01, Tony van Ree wrote: >> >Hi, >> > >> >I understood it to tell me that there is a common method used by a number >> >of manufacturers and protocols. Some other companies and protocols had >> >made some changes. The default was used as it was the most >> >common. Ethernet_II had been around for quite a while before the 802.3 >> >and almost all devices manufacturers ethernet cards and the like could >> >handle Ethernet_II but not necessarily 802.3. >> > >> >Maybe I mis understood. >> > >> >Teunis >> > >> > >> >On Tuesday, February 06, 2001 at 05:36:32 PM, [EMAIL PROTECTED] wrote: >> > >> > > I did read Priscilla's post. She addressed the issue of WHY Ethernet_II is >> > > the default frame type selected for IP, but didn't examine why IP >> > requires a >> > > default frame type in the first place. IPX uses a default frame type >> > > because different Ethernet encapsulations are not able to co-exist >> > within an >> > > IPX network -- however different Ethernet encapsulations (Ethernet_II and >> > > Ethernet 802.3) ARE able to co-exist within an IP network. As such, >> > what is >> > > the importance of a default Ethernet encapsulation for IP? >> > > >> > > That's what I've been challenging John to think about. Once he understands >> > > where the default Ethernet encapsulation comes into play, he could answer >> > > his question as to whether there "would there be a good reason to change to >> > > a >> > > different frame type, or would we only benefit from a different frame type >> > > in a non-IP environment or mixed environment". >> > > >> > > >> > > >> > > >> > >
Re: Another 802.3 and Ethernet Question
On Wed, Feb 07, 2001 at 09:22:16PM -0700, Leigh Anne Chisholm wrote: [snip] >Which leads to the question - why a default frame type, if the default frame >type isn't used as an encapsulation frame type for creating Ethernet frames >received by an end-system? The answer is mu. The default frame type means: the frame type the router uses at the Data Link layer when encapsulation has not been specifically defined. If you use the default encapsulation on a network for which the end systems are not configured, there will be no communication. You must manually configure the encapsulation to match the network's. If your real question is, why did cisco decide to use novell-ether has default? Or why did the IETF specify that Ethernet framing ought to be the default for IP networks, without looking up more references, I'd say it's largely historical and for backwards compatibility reasons. > >Essentially, it's been my understanding that the default Ethernet_II frame >encapsulation has been used where a packet originates within the router >requiring a "first-time" Ethernet encapsultion. By that, I'm referring to >telnet packets originating within the router - they need to be encapsulated >in something as they go out an Ethernet interface. Alternately, packets >received from a serial interface, token-ring interface, or FDDI interface >that needs to be "popped-into" an Ethernet frame format would use the >Ethernet_II encapsulation method. Come on... you don't really believe this... 8^) [snip] >It was just one of those things that made me go "hmm..." when I first >stumbled onto the question... > >I think I think too much. > >(-: > Best regards, Anthony _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Campus Networks
Can anyone recommend a substitute for Designing Campus Networks by Terri Quinn-Andry Not for CCDA/CCDP, but if those are suitable/comparable references I'm willing to check them out. Something I can send to a "sales" type of person would be great. TIA, ~ak. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Worthless study material
I would be interested to know if you find studying for all exams before taking any is helpful or not. I've always been the tackle one at a time kind of guy, but that's strictly for sanity's sake. --- Daniel Fey <[EMAIL PROTECTED]> wrote: > I would like to start a new discussion link of worthless study > material. I will begin with a CD of 900 practice questions from > www.wanpro.com . The questions do not just have typos they > also have bad answers. I only paid Wanpro $14.95 via Amazon > auction so I didn't send it back. I am used to seeing bad study > material so I will use it anyway. > Please let me now what else sucks as I am going for CCNP and > will be buying a lot starting Monday. My plan is to study for all 4 > exams before taking the first one. > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PCAnywhere problem with ISDN Connection
ssh tunneling can handle it. Although I found pcA faster with better screen refresh rates etc. Our developers like the file transfer capability of pcA as well. --- JCoyne <[EMAIL PROTECTED]> wrote: > The problem with VNC is it isn't encrypted. Someone can capture > your > username, password and session data with a protocol analyser. > > > Natasha <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I've used PCAnywhere with several installations and found it to > be > > nothing but problematic and bulky. > > Give VNC server a quick look-see. You'll find it to be smaller > faster > > more secure and free. > > http://www.uk.research.att.com/vnc/winvnc.html > > > > Chris Wang wrote: > > > > > > I have a problem about the caption. When performing ping from > local > office > > > to the remote location, the ISDN connection is up and > everything is > fine. > > > However, when I initiate a PCAnywhere connection from local to > the > server > > > (remote), > > > the PCAnywhere connection is up for a while (less than a > minute) and > then > > > hang up. > > > Pls. note that the ISDN connection is fine at that moment. > > > > > > Anyone experience the same problem before? > > > > > > _ > > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > -- > > Natasha Flazynski > > 440.949.1399 > > http://www.ciscobot.com > > My Cisco information site. > > http://www.botbuilders.com > > Artificial Intelligence and Linux development > > > > A bus station is where a bus stops. > > A train station is where a train stops. > > On my desk, I have a work station... > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP Multicast Addressing (corrected typo)
On Sat, Feb 10, 2001 at 03:38:35PM -0200, Circusnuts wrote: >I've not read the McGraw Hill's BUMS book yet :-) > > >I'm reading through McGraw Hill's BCMSN book. Chapter 7 deals with IP = >Multicast Addressing. I understand that class D addresses are used = >(high order bits set to 1110), but a statement used in the book confuses = >me: > >IP Multicast addresses start with 224.0.0.0 and end with 239.255.255.255 > >I'm not real keen on where the 239 came from... > >Thanks All !!! >Phil=20 > Hi Phil 239 = 1110 _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How does one decipher switch back plane numers....
Hi, --- Fears Michael S SSgt 18 CS/SCBT <[EMAIL PROTECTED]> wrote: > Q) How do they come up with this figure? > > Really what this is in reference to is the switching fabric. Many > times you > hear it reffered to as backplane capacity. The switching fabric is > the > shared highway that all bits traverse to get from one port to the > next. The > size of the switching fabric is defined by its width in bits times > the speed > in MHZ that it transmits those bits. For example: > > The Catalyst 6000 has a fabric that is 256 bits wide operating at > 62.5 > MHz/sec. 256 X 62.5 MHz = 16 Gbps. Can you explain this to me in greater detail? 256 bits * 62.5 MHz = 16,000(bits*MHz) 16,000(bits*MHz) * 1,000,000 Hz/MHz = 16,000,000,000 (bits*Hz) or 16 Gb*Hz 1 Hz = 1 Cycle/sec Therefore, 16 Gb*Cycles/sec or (dropping "cycles") 16 Gb/sec IOW, 16 Gbps What would totally clarify for me is if 1 bit is transmitted per Hz (per cycle)? Is that always the case? __END__ TIA, anthony __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Campus Networks
Ah...I hope it's not too good, then I'll have to buy 2. One for me and one to give away. Thanks, --- NetEng <[EMAIL PROTECTED]> wrote: > Top-Down Network Design is a great book. > http://www.amazon.com/exec/obidos/ASIN/1578700698/o/qid=981992230/sr=8-1/ref > =aps_sr_b_1_1/103-3984995-2198223 > > Collin > > > "anthony kim" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Can anyone recommend a substitute for > > > > Designing Campus Networks > > by Terri Quinn-Andry > > > > Not for CCDA/CCDP, but if those are suitable/comparable > references > > I'm willing to check them out. Something I can send to a "sales" > type > > of person would be great. > > > > TIA, > > ~ak. > > > > __ > > Do You Yahoo!? > > Get personalized email addresses from Yahoo! Mail - only $35 > > a year! http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How does one decipher switch back plane numers....
Now that makes sense. Thank you. --- Larry Lamb <[EMAIL PROTECTED]> wrote: > Actually, it would be 256bits/cycle at a rate of 62,500,000 > cycles/sec. > > "anthony kim" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > > > Can you explain this to me in greater detail? > > 256 bits * 62.5 MHz = 16,000(bits*MHz) > > > > 16,000(bits*MHz) * 1,000,000 Hz/MHz = > > 16,000,000,000 (bits*Hz) or 16 Gb*Hz > > > > 1 Hz = 1 Cycle/sec > > > > Therefore, > > > > 16 Gb*Cycles/sec or (dropping "cycles") 16 Gb/sec IOW, 16 Gbps > > > > What would totally clarify for me is if > > 1 bit is transmitted per Hz (per cycle)? > > > > Is that always the case? > > > > > > __END__ > > > > TIA, > > anthony > > > > __ > > Do You Yahoo!? > > Get personalized email addresses from Yahoo! Mail - only $35 > > a year! http://personal.mail.yahoo.com/ > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Windows 2000 sniffer
Any reason folks don't like Network Monitor (the SMS version)? ObSniffer: windump On Mon, Feb 12, 2001 at 10:43:34AM -0800, Syed, Junaid wrote: >sniffer pro 4.5 (from network associates ) >it works like a champ on win2k > >-Original Message- >From: Christopher Supino [mailto:[EMAIL PROTECTED]] >Sent: Monday, February 12, 2001 10:12 AM >To: [EMAIL PROTECTED] >Subject: Windows 2000 sniffer > > >Can anyone recommend a good sniffer program for Windows 2000? >I am having problems attempting to run the NT version on 2000. > _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How do u block vbs like "Here you have, ;o) "
On Mon, Feb 12, 2001 at 03:43:31PM -0800, Rajeev Karamchand wrote: >Hi all > >This is out subject question how do you block >attachment like with vb scripts like "Here you have, >;o) " at exchange server. > I believe there's a KB article somewhere on their support site just tried it and http://search.support.microsoft.com/kb/c.asp came up blank in Netscape (BSDi version). Thanks billy! Off the top of my head, most Exchange aware AV apps support content filtering... Mimesweeper comes to mind. Even the El Cheapo MTA, Mdaemon, supports content filtering. Lots of Unix MTA recipes out there if you have Unix mail relays. I guess on a cisco list the ob response is: access-list 101 deny tcp any any eq smtp ;-) _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A few quick Remote Access questions
Hi Priscilla, On Tue, Feb 13, 2001 at 03:32:53PM -0800, Priscilla Oppenheimer wrote: >At 03:09 PM 2/13/01, Howard C. Berkowitz wrote: > >>You are correct that both autodiscovery (for LANs) and autoconfigure >>(for modems) both do things necessary to get the physical and data >>link layers to work. The interface types and protocols are very >>different, and were in all probability developed by different people >>who didn't talk to one another. As far as I can tell, CLI developers >>have no equivalent of Martha Stewart as arbiter of good taste and >>grammar. > >I'm afraid you are right about there being no Martha Stewart for the CLI. >The CLI is not consistent or intuitive, and it can be confusing. Sometimes >there are hyphens and sometimes there aren't. Sometimes there are key words >followed by a parameter, and sometimes you can just enter the parameter. >Words (such as autoconfigure) get used inconsistently. Archaic words, such >as arpa and iso, are still used as parameters. > >I used to work with a documentation writer at Cisco who made it her mission >to report bugs in CLI consistency, but she was fighting a losing battle. >Cleaning up the CLI was not considered a feasible or important job. She >moved to Juniper. Seriously. I am a major fan of Cisco products, but their >CLI can be confusing to learn. > >Priscilla Sigh. Sometimes I wonder if the 800lb gorilla of networking cares about the end user at all. I hope some day IOS will attain a level of consistency and elegance I know is in cisco's realm of achievability. What we now know of as IOS will some day be a primitive artefact for historical interest only. anthony _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FYI: Docs CD on Win2K
On Tue, Feb 13, 2001 at 03:44:58PM -0500, Rik Guyler wrote: >I have had issues with the doc CD on Win2K, despite applying the registry >fix. I finally broke down and called TAC and the following is what they >sent back to me. > >BTW: the search.ini edit was what cured my ills. ;-} > >Rik Anyone know if their doc cd works under Unix or Linux? The Sybex books, much to my horror, do NOT. Even the PDF files require a Windows unlocking plugin that doesn't work. File this under D for Disappointed... anthony ps. they could do the routersim and exam sims in java and please everybody...but no.. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
This is all well and good for the big time players, ISPs, big corps yadda yadda yadda, and companies with cash to burn like so much old toilet paper. The Small and Midsized Business market (SMB) almost always can accomplish what they want with free Unix or Linux for layer 3 and cheap stackable switches with or without 802.1q support. So my obligatory cisco alternative: www.zebra.org On Tue, Feb 13, 2001 at 04:00:36PM -0600, William E. Gragido wrote: >There ServerIronXL Layer 4-7 switches are pretty cool boxes as well. >Foundry is also pretty nice in that their command line interface is awfully >reminiscent of Cisco's. The transition from one to the other should not be >too difficult. > >-Original Message- >From: Christopher Kolp [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, February 13, 2001 3:41 PM >To: 'Brant Stevens'; 'William E. Gragido'; 'Howard C. Berkowitz'; >[EMAIL PROTECTED] >Subject: RE: alternative to Cisco routers > > >Foundry prices are killer and the performance is top notch. > >We're planning a roll out with 40 OC-12 POS. Guess who our preferred >provider is? > >None other than foundry. > >-ck > > > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Brant Stevens >Sent: Tuesday, February 13, 2001 4:28 PM >To: William E. Gragido; 'Howard C. Berkowitz'; [EMAIL PROTECTED] >Subject: RE: alternative to Cisco routers > > >Not to mention Foundry... > >Brant I. Stevens >Internetwork Solutions Engineer >Thrupoint, Inc. >545 Fifth Avenue, 14th Floor >New York, NY. 10017 >646-562-6540 > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >William E. Gragido >Sent: Tuesday, February 13, 2001 2:47 PM >To: 'Howard C. Berkowitz'; [EMAIL PROTECTED] >Subject: RE: alternative to Cisco routers > > >Riding on the coat tails of Howard's comments, there are also other players >out there like Lucent(home of the Nexibit N64000 Terabit Switch Router and >the Ascend product lines), Avici, Charlette's Web, Nortel etc., that offer >carrier grade solutions. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Howard C. Berkowitz >Sent: Tuesday, February 13, 2001 1:20 PM >To: [EMAIL PROTECTED] >Subject: Re: alternative to Cisco routers > > >A few comments, in which I think I am being reasonably objective. > >On this list, people periodically speak of the joys of Cisco, because >it offers end-to-end solutions. That is a very enterprise-oriented >view. > >Much more than in the enterprise space, carriers/ISPs tend to _want_ >multivendor solutions. There are several reasons. They are >protected, to some extent, from bugs in the hardware or software of a >specific implementation. Next, if they have several qualified >vendors, they can get some protection against delivery backlogs from >one of them. The larger provider also can play competitive discount >and service games with the vendors. > >In this market, Juniper has the advantage of having built a product >as carrier-oriented from the ground up. There's a lot of bloat in IOS >due to the perception or need for legacy, usually >enterprise-oriented, features. Independent reviewers, such as the >Tolly group, have indicated that Junipers may have as good or better >throughput than equivalent Cisco products. > >No one vendor owns the entire carrier router space. Cisco's >advertising that ninety-some percent of the traffic in the internet >goes over the equipment of one company doesn't necessarily mean the >core bandwidth, but that the traffic at some point hits an enterprise >or carrier Cisco device. In any case, I prefer the variant of this >slogan I saw in someone's .sig (hoping I don't hit a filter) >"ninety-some percent of the p*rn*graphy in the Internet goes through >the equipment of one company." Said comment could be equally true of >Cisco's routers or Nortel's optics. > >Juniper and Cisco both make fine products. > > >>John, >> >>I went to a BGP study session and the instructor said that major ISP use >>Juniper router to run BGP. Hope this help. PEACE >> >> >>Raheem >> >> >>>From: John Chambers <[EMAIL PROTECTED]> >>>Reply-To: John Chambers <[EMAIL PROTECTED]> >>>To: [EMAIL PROTECTED] >>>Subject: alternative to Cisco routers >>>Date: Tue, 13 Feb 2001 08:09:59 -0500 >>> >>>Anyone who have experience with Juniper routers would like to comment on >>>its performance (M20 and 40 >>>series) in comparison to Cisco GSR 12000s. My company is in the process >>>of evaluating Juniper products >>>because we are not very happy with Cisco performance. Our router >>>crashes almost every week which is >>>unacceptable and Cisco didn't provide much help other than giving us >> >buggy IOS code. >>> > >_ >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > >___
Re: alternative to Cisco routers
Hi Howard, --- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > >This is all well and good for the big time players, ISPs, big > corps > >yadda yadda yadda, and companies with cash to burn like so much > old toilet > >paper. The Small and Midsized Business market (SMB) almost always > can > >accomplish what they want with free Unix or Linux for layer 3 and > >cheap stackable switches with or without 802.1q support. > > > >So my obligatory cisco alternative: > >www.zebra.org > > And, in a non-information technology related SMB, who installs and > supports it? Good question. I think under 1,000 employees is reasonable for a mid-sized company. Less than 400 is a rough estimate for a small company. These companies tend to already have people taking care of their NT/Novell servers. Typically they already have file servers, print servers, and sometimes a router or two. Maybe an Exchange server, Groupwise, or perhaps they've thrown together a home grown solution with qmail plus mysql plus cucipop. Throw in some switches to hook it all together. Maybe no 802.1d or VLANs in the mix, but still, a sustainable technology environment. I don't think it's too much of a stretch for their in-house staff to maintain Linux or FreeBSD. College grads are already familiar with these free systems, or ought to be. Presumably, in-house staff should already know OSI, TCP/IP, and IPX. Thus, the learning curve isn't too much of a stretch. And routing isn't too difficult, really. Especially in small environments: Anyone reasonably intelligent who knows TCP/IP intimately, can manage routing, or a firewall for that matter. Or learn how to. Anyone reasonably adept with a CLI can learn IOS. (IOS, in fact, is a far more primitive environment than the Unix shell.) I've worked for small companies. The limited resources require sysadmins who can wear several hats and learn quickly. It's just the nature of the beast, nasty, brutish, but for expediency's sake, as variegated as the business needs require. Just my humble opinion, anthony __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
You seem tense. If you search the web, you will find many companies already running linux or freebsd and have no problems with full BGP views. It really isn't too difficult maintaining T1s either. CCN? plus linux isn't mutually exclusive so I don't see the hubbub. The "correct" solution on a cisco list is what cisco says is the correct solution. That I'll grant you. We are merely extending our horizons and discussing possibilities. CCN?s on this list (myself included) need not feel threatened. And finally, I disagree with regard to cost. You can't get a 3640 with 128MB DRAM for under a thousand. Ok, *maybe* you can snag a used one cheap, perhaps cut a deal somewheres, but I did not intend this to be a MY OS is better than IOS war. Let's not go there. --- dre <[EMAIL PROTECTED]> wrote: > I disagree, Linux is a bad choice! A Cisco 3640 > router would cost about the same and I'd like to see > you get a full BGP table with Linux for the same > hardware cost. plus, linux doesn't have CEF or > any of the standard stuff that comes with IOS > (or JunOS for that matter). > > The SMB market does what they will, and who > cares anyways? They have *no* market share, > they aren't Internet players, they aren't market > players, they are NOTHING. what they DON'T > NEED is another strange weird solution that I would > only put into a lab ; they need something standard, > something that works, something that will scale, > something that will perform up to their needs, > and something that most $20/hour NT admins > could configure. > > I am all for (ok not for Linux, but for FreeBSD > maybe) an open source OS for research or inside > a lab where others are familiar with it. But > suggesting Linux routers for a SMB (or Enterprise, > or Service Provider) in a production, real environment > is insane. Don't get me wrong, I like Zebra, it's a good > tool. But I would never run it if my mom and pop > needed a "router" solution for their new cybercafe. > > The "correct" solution for SMB is a 1600 or 1700 > series router. For what you say "most" SMB's > a 1605-R (Single WAN, Dual Ethernet) and two > Catalyst 1900 switches would be more than > sufficient and would cost less in time/effort > alone for the initial setup. > > Choose one person out the 165,000 CCNA > certified people, and I'm sure at least 90% of them > could configure this environment for 802.1Q, HSRP, > remote management, NAT, Firewall (Secure Integrated > Software built-in to the router), or VPN (IPSEC, L2TP, > PPTP/MPPE). That's what they are trained to do. > > Show me a Linux certification or training program > that discusses T1 cards or Zebra installation/configuration. > And then give me some numbers... Yeah I thought so. > > -dre > > "anthony kim" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > This is all well and good for the big time players, ISPs, big > corps > > yadda yadda yadda, and companies with cash to burn like so much > old toilet > > paper. The Small and Midsized Business market (SMB) almost always > can > > accomplish what they want with free Unix or Linux for layer 3 and > > cheap stackable switches with or without 802.1q support. > > > > So my obligatory cisco alternative: > > www.zebra.org > > > > On Tue, Feb 13, 2001 at 04:00:36PM -0600, William E. Gragido > wrote: > > >There ServerIronXL Layer 4-7 switches are pretty cool boxes as > well. > > >Foundry is also pretty nice in that their command line interface > is > awfully > > >reminiscent of Cisco's. The transition from one to the other > should not > be > > >too difficult. > > > > > >-Original Message- > > >From: Christopher Kolp [mailto:[EMAIL PROTECTED]] > > >Sent: Tuesday, February 13, 2001 3:41 PM > > >To: 'Brant Stevens'; 'William E. Gragido'; 'Howard C. > Berkowitz'; > > >[EMAIL PROTECTED] > > >Subject: RE: alternative to Cisco routers > > > > > > > > >Foundry prices are killer and the performance is top notch. > > > > > >We're planning a roll out with 40 OC-12 POS. Guess who our > preferred > > >provider is? > > > > > >None other than foundry. > > > > > >-ck > > > > > > > > > > > >-Original Message- > > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > > >Brant Stevens > > >Sent: Tuesday, February 13, 2001 4
RE: alternative to Cisco routers
--- John Nemeth <[EMAIL PROTECTED]> wrote: > On Jul 7, 4:07am, "Fowler, Robert J." wrote: > } > } However it might be a good choice for someone who is building a > home lab. It > } is much cheaper to piece together some computers and throw zebra > on it than > } to buy several routers. I've never used Zebra but it sounds like > if you had > } some existing equipment and wanted to expand on that, couldn't > afford to buy > } another router but had some old PC's it would be the way to go, > since > } speed/reliability wouldn't be a real factor in a home lab. Any > thoughts? > > Although, you may learn something about the protocols, you > won't > learn anything about real routers. You definitely need to get > hands on > with real routers. Zebra could be used to simulate a secondary > router > in a multi-router experiment, but it isn't sufficient by itself. > > }-- End of excerpt from "Fowler, Robert J." Hi John, Is a real router a device which routes layer 3 packets? Or a device "specifically designed" to route layer 3 packets. Your statement implies the latter. Whereas I believe the former. You *will* learn about real routers because the pc is a real router. You may *not learn* anything about IOS or $VENDOR's routers. And before the hate mail floods my inbox, learning cisco's routers is a *good* thing. you can't ignore the 800lb gorilla. anthony __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
Intersting thread. I didn't know cisco defined a small business so strictly. Is that an exam question? :) Of course the bottom line is, you make technology recommendations on what the business can handle, what they require, and what they can afford. At some intersection of this triad, an answer may surface. I am fortunate in that my experience with networking people have all been with knowledgable and clever folks. --- John Nemeth <[EMAIL PROTECTED]> wrote: > On May 31, 7:43pm, anthony kim wrote: > } --- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > } > >paper. The Small and Midsized Business market (SMB) almost > always > } > can > } > >accomplish what they want with free Unix or Linux for layer 3 > and > } > >cheap stackable switches with or without 802.1q support. > } > > > } > >So my obligatory cisco alternative: > } > >www.zebra.org > } > > } > And, in a non-information technology related SMB, who installs > and > } > supports it? > } > } > } Good question. > } > } I think under 1,000 employees is reasonable for a mid-sized > company. > } Less than 400 is a rough estimate for a small company. These > > Your numbers are a little off. Cisco defines them as: > > SOHO -- Small Office / Home Office: 1-20 users > Small Business: 20-100 users > Medium Business: 100-500 users > > I would tend to go along with these numbers. > > } companies tend to already have people taking care of their > NT/Novell > > Medium businesses certainly. However, small businesses may or > may > not. Many of them will contract out the higher end stuff. > > } I don't think it's too much of a stretch for their in-house staff > to > } maintain Linux or FreeBSD. College grads are already familiar > with > } these free systems, or ought to be. Presumably, in-house staff > should > > There's a big difference between playing with them at home and > knowing how to handle production systems. Also, unless they went > to > vocational or technical schools, they won't have any operations > training. > > } already know OSI, TCP/IP, and IPX. Thus, the learning curve isn't > too > > That's a big presumption. > > } And routing isn't too difficult, really. Especially in small > } environments: Anyone reasonably intelligent who knows TCP/IP > } intimately, can manage routing, or a firewall for that matter. Or > > How many people know TCP/IP intimately? Probably fewer then > you > think. > > Firewalls are specialty items that still require knowledgable > people. Unless you like either having people break into your > network > or having your network break. > > } I've worked for small companies. The limited resources require > } sysadmins who can wear several hats and learn quickly. It's just > the > } nature of the beast, nasty, brutish, but for expediency's sake, > as > } variegated as the business needs require. > > That's true, but they don't necessarily have to know > everything. > Some of the more complex stuff could be farmed out. > > }-- End of excerpt from anthony kim > On May 31, 7:43pm, anthony kim wrote: > } --- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > } > >paper. The Small and Midsized Business market (SMB) almost > always > } > can > } > >accomplish what they want with free Unix or Linux for layer 3 > and > } > >cheap stackable switches with or without 802.1q support. > } > > > } > >So my obligatory cisco alternative: > } > >www.zebra.org > } > > } > And, in a non-information technology related SMB, who installs > and > } > supports it? > } > } > } Good question. > } > } I think under 1,000 employees is reasonable for a mid-sized > company. > } Less than 400 is a rough estimate for a small company. These > > Your numbers are a little off. Cisco defines them as: > > SOHO -- Small Office / Home Office: 1-20 users > Small Business: 20-100 users > Medium Business: 100-500 users > > I would tend to go along with these numbers. > > } companies tend to already have people taking care of their > NT/Novell > > Medium businesses certainly. However, small businesses may or > may > not. Many of them will contract out the higher end stuff. > > } I don't think it's too much of a stretch for their in-house staff > to > } maintain Linux or FreeBSD. College grads are already familiar > with > } these free systems, or ought to be. Presumably, in-house staff > should >
RE: alternative to Cisco routers
--- John Nemeth <[EMAIL PROTECTED]> wrote: > } > } Is a real router a device which routes layer 3 packets? Or a > device > } "specifically designed" to route layer 3 packets. Your statement > } implies the latter. Whereas I believe the former. > > The latter. A PC make be able to route packets, but that > doesn't > make it a real router. The hardware device is going to be faster > (especially at the high end), more reliable, require much less > maintenance (which makes it cheaper in the long run), and easier to > install and setup (not to mention take up far less space). John, you've just added qualifications to the definition of a real router. Am I correct then in saying you believe a real router is a) a device that routes layer 3 packets b) a device strictly designed to route layer 3 packets c) a device that routes layer 3 fast and reliably d) all of the above The cisco exam answer is: d) I'm just too damn liberal with my definitions so would have chosen a) > I'm a > huge > fan of UNIX and will tend to run just about everything on UNIX > systems, > but even I realise that UNIX host based systems are not the correct > solution for every problem. Agreed. > > } You *will* learn about real routers because the pc is a real > router. > } You may *not learn* anything about IOS or $VENDOR's routers. > > That is the purpose of getting Cisco certs... > > }-- End of excerpt from anthony kim Thus our raison d'etre. anthony __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: alternative to Cisco routers
--- John Nemeth <[EMAIL PROTECTED]> wrote: > On May 31, 9:58pm, anthony kim wrote: > } --- John Nemeth <[EMAIL PROTECTED]> wrote: > } > } > } > } Is a real router a device which routes layer 3 packets? Or a > } > device > } > } "specifically designed" to route layer 3 packets. Your > statement > } > } implies the latter. Whereas I believe the former. > } > > } > The latter. A PC make be able to route packets, but that > } > doesn't > } > make it a real router. The hardware device is going to be > faster > } > (especially at the high end), more reliable, require much less > } > maintenance (which makes it cheaper in the long run), and > easier to > } > install and setup (not to mention take up far less space). > } > } John, you've just added qualifications to the definition of a > real > } router. Am I correct then in saying you believe a real router is > } > } a) a device that routes layer 3 packets > } b) a device strictly designed to route layer 3 packets > } c) a device that routes layer 3 fast and reliably > } d) all of the above > } > } The cisco exam answer is: d) > } I'm just too damn liberal with my definitions so would have > chosen a) > > I would say d). Here's an analogy for you. You can > insert/remove > Philips (and, some other) screws by using a small slotted > screwdriver. > Does that make the slotted screwdriver a Philips screwdriver? > > }-- End of excerpt from anthony kim Point taken if hardware were all we're talking about. May I proffer a analogy? Cisco markets themselves as a seller of IOS (I've read this but can't find a reference, sorry). They sell software, routing software, and are adept at what they do. Their "router" is the entire package and you get a good deal. You get IOS in flash plus nvram plus working memory set plus the requisite hardware which equal a router. Basically, you get a layer 3 switching "appliance". Consider firewalls. Is a firewall "appliance" a real firewall whereas Checkpoint on HP-UX not a "real" one? Or a DNS Internet Appliance. Is BIND or djbdns on my OpenBSD box not a DNS server? Should I opt for the DNS appliance (say, 3DNS) because it was designed from the bottom up to perform one single function? Is a Web Cache Internet Appliance real? Whereas a squid cache merely posing? I hope I don't come across as playing a semantics game. That is not my intention. anthony __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: switching types
Are there other benchmarks for ACLs? I'm revisiting my config and want it just so... --- Brian Lodwick <[EMAIL PROTECTED]> wrote: > I really enjoyed this link and appreciate your reply, for everyone > else read > through this article this link goes for a nice look at different > switching > types. > http://www.nwc.com/1004/1004ws2.html > > > >From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > >Reply-To: "Howard C. Berkowitz" <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Re: BPX going out of style? > >Date: Wed, 14 Feb 2001 10:30:27 -0500 > > > > >John Nemeth said, > > > > > > >On Jul 6, 1:28pm, "Brian Lodwick" wrote: > > >} > > >} I have heard many tales of how ATM will explode soon, will be > >partenered > > >} perfectly with DSL, and everyone will implement it, but I just > haven't > >seen > > >} it. I like the idea of improving technologies your engineering > and > >support > > >} staff are familiar with (Not counting new technology with old > names > >like > > >} IPv6). I hope this is able to work out, and isn't too far down > the > >road. > > > > > > IPv6 is coming. There are just too many shortcomings in > IPv4 that > > >can't be solved using hacks. The biggest being the lack of > address > > >space. It really isn't a question of "if" but rather "when". > > > >Some of the "killer apps" that have moved IPv6 into high gear > include > >the decision by the third generation wireless people to use V6 as > >their basic protocol, which, as we speak, is being built into > >handsets. > > > > > > > >} Is there any talk of using smaller tags in IP to create big > pipes > >similar to > > >} ATM's VCI's so that you could lower the ip address & > mask-lookup > >processor > > >} overhead on backbone IP routers? I think this would be a neat > idea. > >Even > > > > > > You've just described MPLS. > > > > > >} though the CAM table is fast the router must still read the > entire > >address > > >} and mask. Small pipe identifiers could be inserted into the ip > header > >and > > >} extracted at the gateways and lookup would be lowered. Like > xtags on > >VLANS. > > > > > > IP headers are only 20 bytes and aren't much of a problem. > The > > >real problem is with compression, encryption, access lists, etc. > Check > > >out this URL for a study on what happens when access lists are > used: > > >http://www.nwc.com/1004/1004ws2.html > > > > > >}-- End of excerpt from "Brian Lodwick" > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
--- Mark Nguyen <[EMAIL PROTECTED]> wrote: > > On a related note, in my home lab I have 25xx's and Olives (PC with > JunOS, based on a unix kernel). I can easily bring the 25xx's to > its > knees while not even breaking a sweat on the Olives. I heard > rumors > that Olives are equivalent to 4700's, but I have not confirmed that > in > testing. > > -- > Mark Nguyen > Juniper Networks > Senior Network Engineer > Eastern Region IT/POC Mark Pardon my Juniper ignorance. What is an Olive and how much do they cost? __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SMB and opportunities (was Alternative to Cisco Routers)
--- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote: > >Anthony Kim continued, > >Intersting thread. I didn't know cisco defined a small business so > >strictly. Is that an exam question? :) > > Historically, commercial data networking started with mainframes > interconnected with leased lines. These machines were either in > large enterprises or in academic/research institutions. SNA, for > example, gave extensive operational control, and needed a > considerable staff to support it. > > I've seen a market research report that said: > > in 1982, 86% of networking customers could build and support their > own networks > in 1996, 14% of customers could do so. I really don't agree with these figures, but anyway... > > It's not necessarily that enterprises are more or less clueful -- > it's that the enterprises that get into communications are much > smaller or more poorly budgeted. The distinction has been made that > networking began with the Fortune 500, but now has spread to the > Fortune 5,000,000. > > As business dependence on networking grows, the smaller companies > have the alternatives: > > Without internal or external network support staff, > wait for a major failure (hard downtime, or inability to service > their customers) and go into bankruptcy. > > Hire from a scarce pool of qualified (certified?) people and watch > their margins go down, if they don't have enough networking > activity > to keep these (expensive) people busy. Go into bankruptcy. > > Buy networking products that are as turnkey as possible. > > Buy support, which may or may not stay within their margins. SMBs go bankrupt with and without technology failure - I'd be interested to know if there were statistical correlation. Back to the point, is it so either/or? Is it so? SMB without support staff or SMB with support staff who are overpriced and underbusy? There's more going on in this sector than that, I think. It has been my experience with SMBs, they tend to manage on their own and prefer it that way. There will always be the clueless and the clued. Like the naked and the dead. But most businesses fall between half-dressed and mummified. > > > >Of course the bottom line is, you make technology recommendations on > >what the business can handle, what they require, and what they can > >afford. At some intersection of this triad, an answer may surface. > > > >I am fortunate in that my experience with networking people have all > >been with knowledgable and clever folks. > > > > > It has long been a valid assumption that no one ever went broke by > underestimating the intelligence or taste of the public. In fact, you grow quite rich. anthony __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Lab Tax Write Off
On Wed, Feb 14, 2001 at 08:12:50PM -0500, Steve Barone wrote: >Are router's/switche's/isdn simulator's purchased for the home lab >tax deductible. Also, are the ciscopress textbook's tax deductible >expense. > >Is anyone else claiming these on the Federal Taxes? > Read Publication 508 Tax Benefits for Work Related Education "The education maintains or improves skills needed in your present work" However, "education that relates to work you may enter or return to in the future is not qualifying education." Unqualified education is education that will help you obtain a new trade. So if you already a systems person, and your employer has not reimbursed you for your education, you can deduct these expenses. Deductible expenses Tuition, books, supplies, lab fees, transportation, etc Read the entire publication. BTW, IANATAXL. anthony _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: alternative to Cisco routers
--- Kenneth <[EMAIL PROTECTED]> wrote: > I don't think Cisco, in any way, will beat a Linux box in pricing. > > As far as performance go, if you look at it in an objective way, the > advantage of a cisco router wouldn't matter that much for a company of > under > 100 people. > > I love Cisco but there is a time and a place when it comes to > implementing > their solution. In fact, Foundry switches that I had tested kicked their > butt but we ended up going with a Cisco switch because my boss "knows" > the > Cisco reputation. Being an engineer, I can only give him facts and > figures > and its up to the people signing the checks to decide who they want to > go > for. > been there, done that, didn't even get a lousy t-shirt. we all feel your pain. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fw: Number of new CCIE's (off topic)
On Thu, Feb 15, 2001 at 01:14:03PM -0500, mtieast wrote: > >Sorry, I must rant. > [snipped to conserve bandwidth] There is a point inside this rant. Discussing the merits and rationale of CCIE appears to be on topic. At least for me. Folks such as myself, whose ambitions are vague, and are attempting the cisco track, need to determine if CCIE is the right answer. I hope to read not just technical HOW-TOs, but open discussion on cisco certification issues as well here. Thank you, anthony _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Another strange routing behaviour
--- "Deloso, Elmer G (WPNSTA Yorktown)" <[EMAIL PROTECTED]> wrote: > Hi, all. > I might have posted something similar to this not too long ago but I > might > not have beed specific enough. Here's the story: > > HostA ---Router1---Router9HostB > > If i traceroute from within Router1 to HostB, it goes through. Which leads me to believe Router 9 is not filtering high UDP packets, ICMP Time Exceeded, or ICMP Destination Port Unreachable. > But if i do the same from HostA, it stops at Router9. Router 9 may be filtering ICMP echo reply packets. (Echo request packets go through because Host B's traceroute stops at Router 1 not at 9.) A Windows host uses ICMP Echo (instead of high port UDP) packets when using "tracert". Everyone else traceroutes normally. > The same thing happens when tracerouting from HostB's end, it stops > at Router1. I wonder if it's the access-lists? > So i checked with another network that also has a route to Router9, > ans the same story happens. From the Router-Y the trace gets to > HostB. But from Host-Y it stops at Router9. > Has anyone else seen this and figured out the cause? Check if "ping" from the routers to each of the hosts works. __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and NAT with VPN
Firewalls route packets unless you have some sort of firewalling bridge or proxy server. I'm not even going to get into "eGaps". Wish I could help you with PIX. --- Allen May <[EMAIL PROTECTED]> wrote: > OK maybe this is a terminology misunderstanding on my part, but I have > about > 15 route statements in my PIX and use a pix->pix vpn using IPSec. > route > > One of the VPNs set up here had something a little weird where we had to > set > up statics for VPN to work but that's something I'll be working on > solving > at a later time. Just for grins try setting up a static statement for > one > of the workstations trying to get through and see if it stops using NAT. > > You'll find the IPSec user guide on the cisco website very useful for > more > info on this. > > Allen > - Original Message - > From: "Groupstudy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, February 16, 2001 2:38 AM > Subject: Re: PIX and NAT with VPN > > > > The PIX does not route. Period. > > > > - Original Message - > > From: Kenneth <[EMAIL PROTECTED]> > > Newsgroups: groupstudy.cisco > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, February 15, 2001 6:35 PM > > Subject: Re: PIX and NAT with VPN > > > > > > > I'm totally foreign to PIX but I'm just wondering, maybe it's > possible > to > > > use policy-based routing on PIX? > > > > > > "Rick Holden" <[EMAIL PROTECTED]> wrote in message > > > 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]... > > > > I have a PIX firewall that is being used for a VPN as well. The > problem > > is > > > > all the inside addresses are being translated to public addresses > even > > > when > > > > the traffic is destine for the VPN tunnel. I tried the following > > commands > > > > but this seems to block all translations. > > > > (real IPs have been replaced for security) > > > > > > > > access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 > > > > 255.255.255.0 > > > > nat (inside) 0 access-list nonat > > > > global (outside) 1 172.16.10.1 net 255.255.255.255 > > > > > > > > I also tried using DENY in the access list > > > > access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0 > > > > 255.255.255.0 > > > > This didn't work either. > > > > > > > > How can I can the traffic destined for the Internet to be > translated > and > > > the > > > > traffic destined for the VPN not be translated? > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewalls and VPNs
A device can best be described by its chief function. You can use a PIX as a router, just allow everything through. In fact you can use a router as a firewall, be selective with access lists. Terminology is flexible as long as you're pragmatic about function. On Fri, Feb 16, 2001 at 10:52:06AM -0800, Dan West wrote: >PIX - sounds like a router to me - packet forwarding >based on layer 3 addressing. It has extra security >features and all of a sudden it's a >firewall...marketing fluff? or accurate description??? >who will uncover this mystery ;> > >--- mtieast <[EMAIL PROTECTED]> wrote: >> I think this comes from the fact that cisco >> instructors in class say that >> the Pix is not a router. I have heard this as well >> when I had the class. >> >> I know the Pix is not a router, but does it route? >> Well, if making decisions >> about where to send traffic based on layer 3 info is >> routing then I would >> argue it does route. It does not forward traffic >> based on layer 2 info so >> .. >> >> It routes traffic to the appropriate interface. Can >> someone else shed some >> light as to why this is said. If it doesn't route >> the traffic it recieves >> what does it do? >> >> >> >> -Original Message- >> From: haroldnjoe <[EMAIL PROTECTED]> >> Newsgroups: groupstudy.cisco >> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >> Date: Friday, February 16, 2001 12:41 PM >> Subject: Firewalls and VPNs >> >> >> >I've read here a couple of times that PIX's don't >> route. Period. In light >> of >> >this I'm left a little confused as to a proposed >> network map I was given >> >recently. >> > >> >The core layer router is a 3640 linking all of our >> branch offices together. >> >From the 3640, there is an ethernet connection to a >> PIX 515R. From the >> PIX, >> >there is another ethernet connection to a 1750 >> router. The 1750 connects >> via >> >T1 to our ISP. There is yet another ethernet >> connection from the PIX to >> the >> >isolation lan, on which resides an internet >> mail/web server and a VPN 3000 >> >concentrator. >> > >> >If PIX's don't route, what subnet is the isolation >> lan going to sit on? As >> >I understand it, the PIX will be providing NAT >> functionality for the 3640 >> >and everything behind it. So I would assume that >> the T1 and ethernet >> >interfaces on the 1750, the outside interfaces on >> the PIX, and everything >> in >> >the isolation lan including the VPN concentrator >> will have to have public >> IP >> >addresses which will be given to us by our ISP. >> The way the map is layed >> >out, it looks to me like the isolation lan would >> have to be on its own >> >subnet. >> > >> >What am I missing? If the PIX doesn't route, do >> it's ethernet interfaces >> >reside on the same subnet as the isolation lan? If >> so, then the ethernet >> >interface on the 1750 must also be on that subnet, >> right? >> > >> >This is the proposed network map that Cisco's >> presale engineers gave me. >> >I'm sure it's a solid design, but I'm still trying >> to work out the details >> >so that I understand what I'm implementing (always >> a good thing, I think). >> > >> >Thanks for your time, >> > >> >[EMAIL PROTECTED] >> > >> > >> >_ >> >FAQ, list archives, and subscription info: >> http://www.groupstudy.com/list/cisco.html >> >Report misconduct and Nondisclosure violations to >> [EMAIL PROTECTED] >> > >> >> _ >> FAQ, list archives, and subscription info: >> http://www.groupstudy.com/list/cisco.html >> Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] > > >= >from The Big Lebowski... > >The Dude: You sure he won't mind? >Bunny: Dieter doesn't care about anything. He's a nihilist. >The Dude: Ohhh, that must be exhausting... > >__ >Do You Yahoo!? >Get personalized email addresses from Yahoo! Mail - only $35 >a year! http://personal.mail.yahoo.com/ > >_ >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does a PIX Route (was Re: Firewalls and VPNs)
Does your pix have a default route? Does your pix forward packets between subnets? Logically, then, the pix routes. Call it what you will, when forwarding between disparate networks, you route. I suppose cisco misunderstands the term "route" too. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/pix42apa.htm#xtocid88422 Here's from Cisco: route Command The following are the extensions to the route command: The routing table has been improved to let you specify the IP address of a PIX Firewall interface in the route command. If the route command statement uses the IP address from one of the PIX Firewall unit's interfaces as the gateway IP address, PIX Firewall will ARP for the destination IP address in the packet instead of ARPing for the gateway IP address. PIX Firewall also does not accept duplicate routes with different metrics for the same gateway. In version 5.1(1), the CONNECT route entry is supported. (This identifier appears when you use the show route command.) The CONNECT identifier is assigned to an interface's local network and the interface IP address, which is in the IP local subnet. PIX Firewall will use ARP for the destination address. The CONNECT identifier cannot be removed, but changes when you change the IP address on the interface. You can now enter duplicate route command statements with different gateways and metrics. You can now enter static route command statements with virtual subnets; for example: route outside 10.2.2.8 255.255.255.248 192.168.1.3 route outside 10.2.2.8 255.255.255.255 192.168.1.1 --- Jason <[EMAIL PROTECTED]> wrote: > As someone said yesterday: The PIX will not route, period. It will NAT > (including NAT 0), but it will not route packets between different > networks. > If you need routing off any interface on a PIX, you need a router there. > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > Cisco resources: http://r2cisco.artoo.net/ > > > "anthony kim" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > A device can best be described by its chief function. You can use a > > PIX as a router, just allow everything through. In fact you can use a > > router as a firewall, be selective with access lists. Terminology is > > flexible as long as you're pragmatic about function. > > > > > > On Fri, Feb 16, 2001 at 10:52:06AM -0800, Dan West wrote: > > >PIX - sounds like a router to me - packet forwarding > > >based on layer 3 addressing. It has extra security > > >features and all of a sudden it's a > > >firewall...marketing fluff? or accurate description??? > > >who will uncover this mystery ;> > > > > > >--- mtieast <[EMAIL PROTECTED]> wrote: > > >> I think this comes from the fact that cisco > > >> instructors in class say that > > >> the Pix is not a router. I have heard this as well > > >> when I had the class. > > >> > > >> I know the Pix is not a router, but does it route? > > >> Well, if making decisions > > >> about where to send traffic based on layer 3 info is > > >> routing then I would > > >> argue it does route. It does not forward traffic > > >> based on layer 2 info so > > >> .. > > >> > > >> It routes traffic to the appropriate interface. Can > > >> someone else shed some > > >> light as to why this is said. If it doesn't route > > >> the traffic it recieves > > >> what does it do? > > >> > > >> > > >> > > >> -Original Message- > > >> From: haroldnjoe <[EMAIL PROTECTED]> > > >> Newsgroups: groupstudy.cisco > > >> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > > >> Date: Friday, February 16, 2001 12:41 PM > > >> Subject: Firewalls and VPNs > > >> > > >> > > >> >I've read here a couple of times that PIX's don't > > >> route. Period. In light > > >> of > > >> >this I'm left a little confused as to a proposed > > >> network map I was given > > >> >recently. > > >> > > > >> >The core layer router is a 3640 linking all of our > > >> branch offices together. > > >> >From the 3640, there is an ethernet connection to a > > >> PIX 515R. From the > > >> PIX, > > >
Re: Firewalls and VPNs
Anyone can confirm that a PIX decrements TTL? On Sat, Feb 17, 2001 at 11:35:46AM -0500, Howard C. Berkowitz wrote: >This is a less marketing-speak and more technically driven >terminology problem than router versus switch, but, again, I fall >back on there being no such thing as a router. There are L3 route >determination and L3 packet forwarding functions. > >In the case of the PIX, we have what the IETF is loosely calling a >"midbox". It does not have route determination, but it does have >packet forwarding. It also has NAT with higher-layer awareness, >stateful packet screening, etc. > >I honestly don't know if the PIX decrements the TTL field when it >rewrites a packet header. It has to recompute the IP header checksum >(and, indeed, TCP/UDP checksums) if it is NAT'ing, not just >inspecting. > > From my point of view, I'd like the midbox to decrement TTL, to give >any chance of a traceroute being meaningful. Of course, if the PIX >does NAT, a traceroute is useless. > >>As someone said yesterday: The PIX will not route, period. It will NAT >>(including NAT 0), but it will not route packets between different networks. >>If you need routing off any interface on a PIX, you need a router there. >> >>-- >>Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ >>List email: [EMAIL PROTECTED] >>Homepage: http://jason.artoo.net/ >>Cisco resources: http://r2cisco.artoo.net/ >> >> >>"anthony kim" <[EMAIL PROTECTED]> wrote in message >>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >>> A device can best be described by its chief function. You can use a >>> PIX as a router, just allow everything through. In fact you can use a >>> router as a firewall, be selective with access lists. Terminology is >>> flexible as long as you're pragmatic about function. >>> >>> >>> On Fri, Feb 16, 2001 at 10:52:06AM -0800, Dan West wrote: >>> >PIX - sounds like a router to me - packet forwarding >>> >based on layer 3 addressing. It has extra security >>> >features and all of a sudden it's a >>> >firewall...marketing fluff? or accurate description??? >>> >who will uncover this mystery ;> >>> > >>> >--- mtieast <[EMAIL PROTECTED]> wrote: >>> >> I think this comes from the fact that cisco >>> >> instructors in class say that >>> >> the Pix is not a router. I have heard this as well >>> >> when I had the class. >>> >> >>> >> I know the Pix is not a router, but does it route? >>> >> Well, if making decisions >>> >> about where to send traffic based on layer 3 info is >>> >> routing then I would >>> >> argue it does route. It does not forward traffic >>> >> based on layer 2 info so >>> >> .. >>> >> >>> >> It routes traffic to the appropriate interface. Can >>> >> someone else shed some >>> >> light as to why this is said. If it doesn't route >>> >> the traffic it recieves >>> >> what does it do? >>> >> >>> >> >>> >> >>> >> -Original Message- >>> >> From: haroldnjoe <[EMAIL PROTECTED]> >>> >> Newsgroups: groupstudy.cisco >>> >> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >>> >> Date: Friday, February 16, 2001 12:41 PM >>> >> Subject: Firewalls and VPNs >>> >> >>> >> >>> >> >I've read here a couple of times that PIX's don't >>> >> route. Period. In light >>> >> of >>> >> >this I'm left a little confused as to a proposed >>> >> network map I was given >>> >> >recently. >>> >> > >>> >> >The core layer router is a 3640 linking all of our >>> >> branch offices together. >>> >> >From the 3640, there is an ethernet connection to a >>> >> PIX 515R. From the >>> >> PIX, >>> >> >there is another ethernet connection to a 1750 >>> >> router. The 1750 connects >>> >> via >>> >> >T1 to our ISP. There is yet another ethernet >>> >> connection from the PIX to >>> >> the >>> >> >isolation lan, on which resides an internet >>> >>
RE: IP Protocol 89?
--- "Buri, Heather H" <[EMAIL PROTECTED]> wrote: > Chris, > > I believe all the routing protocols have their own unique port > identifiers. Close. IP routing protocols *may* use layer 4 sockets for data. But for identification is the IP protocol type. > I am reading Doyle's Routing TCP/IP Vol 1 right now and it discusses all > of > the routing protocols in some detail. RIP uses port 520, IGRP/EIGRP use > protocol 9. Doyle does give examples of packet captures on each of the > different protocols and the port/protocol does indeed show up in the > routing > protocol packet header. Overall, I am finding this an extremely good > book. > I can see now why so many recommend it. > > I don't have a lot of experience manipulating the routing protocols in > such > a way as you mention below but I don't see why it could not be done > based on > the fact that they do use known port/protocol id's. > > Someone else may be able to shed some additional light on this for you. > > Heather Buri > > -Original Message- > From: Kane, Christopher A. [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 23, 2001 9:38 AM > To: '[EMAIL PROTECTED]' > Subject: IP Protocol 89? > > > In trying to understand OSPF in much more detail, I am reading RFC 2328. > Several times Mr. Moy refers to OSPF as " IP Protocol 89". I checked the > "RFC/Port Number" page that I reference often > (http://www.networksorcery.com/enp/default0301.htm) and found that > indeed > OSPF is IP Protocol 89. I have not seen this before. Sure, I've worked > with > TCP/UDP port numbers, but this is the first time I've paid attention to > the > fact that the protocols themselves have numbers too. This is > interesting. read RFC 1700 IP header has an 8 bit protocol type field > Should I look at 89 as a number that can be manipulated as I would 23 > (telnet) or 69 (tftp)? Can someone explain where these numbers are used? Define manipulate? > Are > they found in headers? As networkers, are we concerned with these > numbers? > Does anyone commonly filter based on a protocol's number? Or is getting > this > granular an exercise in futility for a network engineer? > access-list 101 permit ospf any any where "ospf" is the IP type is one example. HTH. __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
LOL
I was flipping through the Sybex CCDA Study Guide and came upon this in the discussion of LAPB: "Information frames (I-frames) Transport upper-layer information and a bit (no pun intended) of control information. I-frames schlep both send and receive sequence numbers, and relate to jobs such as sequencing, flow control, error detection, and recovery." schlep! Purchase of a CCDA Study Guide online, $30. Yiddish technical jargon, priceless. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: juniper and cisco
On Mon, Feb 26, 2001 at 03:11:15PM -0800, Net Bum wrote: >It seems from talking to both Juniper and Cisco sales reps that > >Cisco's strategy is: > bash, bash, bash Juniper... Yep, same goes for their take on Foundry, Extreme, and on and on. I get chills when I think how similar cisco is to Microsoft... _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
cisco like microsoft? (was Re: Juniper
I just found it curious. If you look at these market leaders, you'll find an eerie similarity in how their product lines incorporate technology acquisition. The ability to subsume heterogeneous technologies may indicate why these two have done so well (and one might argue, the fear of dethronement as a cause to why they react so bitterly to competition): For a full rundown of cisco acquisitions visit http://www.cisco.com/warp/public/750/acquisition/summarylist.html For a full rundown of microsoft acquisitions visit http://www.vcnet.com/bms/departments/catalog/yrcatalog.shtml (microsoft doesn't seem to have their acquisition summary anywhere I could find on their site.) One could make similar statements about any other $BIG_COMPANY but I believe there is no coincidence that market leaders succeed because they can adapt new technologies and incorporate them successfully in their product line. Before people start leaping off the deep end of the Rational pool, I am speaking as a cisco fan, not as a microsoft one. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cisco like microsoft? (was Re: Juniper
BTW, I love the monikers on this list. Anyhow, my impression comes from sales in our discussion of relative merits of Foundry and Extreme's offerings. Instead of offering insight, I was deluged with FUD. What I was looking for was why an end-to-end cisco solution was a better fit. YMMV, of course. --- ramius <[EMAIL PROTECTED]> wrote: > I don't get where the "bitter" in the competition comes from. That's > business. The major difference between Cisco and Microsoft is what is > done > with the aqusitions afterwards. Microsoft uses the "you will be > assimilated" > strategy, changing the ways that the bought companies work to conform to > Microsoft and even changing the way they do "whatever is is they're > doing." > Cisco on the other hand, lets the aquistions keep doing what they know > how > to do--that's what made them successful in the first place. There is > definitely a more hands-off approach. > ramius > > > "anthony kim" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I just found it curious. If you look at these market leaders, you'll > > find an eerie similarity in how their product lines incorporate > > technology acquisition. The ability to subsume heterogeneous > > technologies may indicate why these two have done so well (and one > > might argue, the fear of dethronement as a cause to why they react so > > bitterly to competition): > > > > For a full rundown of cisco acquisitions visit > > http://www.cisco.com/warp/public/750/acquisition/summarylist.html > > > > For a full rundown of microsoft acquisitions visit > > http://www.vcnet.com/bms/departments/catalog/yrcatalog.shtml > > (microsoft doesn't seem to have their acquisition summary anywhere I > > could find on their site.) > > > > One could make similar statements about any other $BIG_COMPANY but I > > believe there is no coincidence that market leaders succeed because > > they can adapt new technologies and incorporate them successfully in > > their product line. > > > > Before people start leaping off the deep end of the Rational pool, I > am > > speaking as a cisco fan, not as a microsoft one. > > > > _ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Vunerabilities to be announced in IOS
Question: is the "guessable TCP sequence number process" a flaw in the randomization of the ISN? --- Robert Padjen <[EMAIL PROTECTED]> wrote: > Slightly OT. > > Cisco is announcing a number of security holes in > certain versions of the IOS, likely tomorrow. A number > of them are starting to get exposure in the security > press already, and ISPs have been briefed and should > have patches and other temporary fixes in place > already. Enterprise customers (some larger ones) were > briefed today and have already taken steps to thwart > attacks. > > The two biggest threats in my mind are: > > - A default SNMP RW string of ILMI. > - A guessable TCP sequence number process - this could > be used to hack BGP and other router processes. > > There are a number of others. Most of us will be same > because the attacks need access - for example, you > deny SNMP from the untrusted networks, right? Thus, > ILMI is just another guess at the password/string. BGP > should only accept packets from the neighbor, so > again, a non-issue hopefully. > > The biggest reason for posting this here is for those > studying security - the next few days should be very > interesting to watch. > > = > Robert Padjen > > __ > Do You Yahoo!? > Get email at your own domain with Yahoo! Mail. > http://personal.mail.yahoo.com/ > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2500 series e0 fullduplex?
Neil is correct. Fast ethernet can be used in a shared medium environment (repeaters, fast hubs) that don't support full-duplex. http://www.cisco.com/warp/public/cc/so/neso/lnso/lnmnso/feth_tc.htm --- SAIF <[EMAIL PROTECTED]> wrote: > 100mbps is not ethernet be sure its fast ethernet ,also their is no > collisions in fast > ethernet ,its colliision free and this is only possible if u have one > way to send and > one way to recieve data simultaneously :) i am sure u got the idea > secondly in ethernet there are collisions and if there are colliisions > Can u use one to > send and one way to recieve simultaneously with collisions so if u cant > the result is > ethernet works in half duplex mode and fast ethernnet works in full > duplex > if u have any thing different than me plz share with us > waiting ur reply > Saif > > Neil Schneider wrote: > > > It is NOT true that ethernet is half and fastethernet is full duplex. > > Either 10Mbps or 100Mbps ehternet can be run in half or full duplex > mode. > > And offhand I don't know if the 2500 AUI port will do full ethernet. > > > > -- > > Neil Schneider > > MCT MCSE CCSI CCNP > > > > "SAIF" <[EMAIL PROTECTED]> wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > NO ITS ETHERNET PORT AND WORKING HALF DUPLEX ONLY ,U SEE CISCO GIVES > > FASTETHERNET PORTS > > > SPECIALLY IN THEIR ROUTERS SPECIALLY IN 4XXX SERIES AND U KNOW > ETHERNET > > WORKS IN HALF > > > DUPLEX AND FASTETHERNET WORKS IN FULL DUPLEX SO THE RESULT IS AUI > PORT IS > > HALF DUPLEX > > > ETHERNET NOT AUTO SENSE AND IF U WANT AUTOSENSE 10/100 BASE T GO TO > ANY > > OTHER ROUTER > > > ,CHECK THE ROUTER;S MANUAL :) > > > HOPT IT WILL HELP > > > IS IT ? > > > > > > Turfis wrote: > > > > > > > Is the Ethernet AUI port on the 2500 series Cisco routers Full > Duplex > > > > compatible? Does it autonegoiate? Can you hard code the > interface for > > > > half/full/auto? Thanks! > > > > > > > > _ > > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cert Difficulty Comparison.
To be fair, the CCNA is an entry level exam. If you are experienced, it is a piece of cake. Cisco has designed the exam for Level 1 support opportunities. Learn well and good luck on your journey. --- Craig Lindstrom <[EMAIL PROTECTED]> wrote: > Hi, > I'm just starting my Cisco Cert and I was wondering if anyone else is > surprised how easy the Cisco tests are. I always hesitated doing the > Cisco > certs because I heard they were "hard". Not that I mind a challenge, > its > just I'm a little busy right now. Anyway, I just started a week and a > bit > ago. I took the CCNA the Monday before last, and switching last Monday. > I > felt the exams were quite easy. I passed both with scores well into the > 900s and didn't spend that much time studying. I work full time and > teach > during the evenings, so all I studied was a little on Sat and Sun. I'm > not > the sharpest knife in the drawer, did I just luck out on questions, or > take > the easy test first, or are all the test about the same difficulty? > > I seem to see folks pooh-pooh the MCSE but I feel like the MS tests are > much > harder than the Cisco ones. MS tests cover a large range of topics > where > the Cisco test are a really small subset of topics. Does anyone else > feel > that way or am I just way up in the night? I've decided to do a test a > week > until I finish the CCNP, does this sound nuts? Anyway I am just trying > to > see what other folks think. > > A little mystified, > Craig Lindstrom > MCT MCSE+I CCNA(as of last week!) SOB:) > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fw: BCMSN: VLAN ID How many bits? 10 or 15 ??
I think there is some confusion between ISL and IEEE 802.1q. Remember Cisco ISL VLAN ID field is 10 bits i.e. 2^10 or 1024 possible (0-1023) Just *think* about how many bits in an IEEE 802.1q frame it takes to make 4096 VLANs. --- Gopinath Pulyankote <[EMAIL PROTECTED]> wrote: > [Couldn't post this to the newsgroup, hence sending it to you directly] > > "Gopinath Pulyankote" <[EMAIL PROTECTED]> wrote in message news:... > How about this ? This says 10-bit VLAN ID ! > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/s > witch_c/xcisl.htm > > Frame Tagging in ISL > > With ISL, an Ethernet frame is encapsulated with a header that > transports > VLAN IDs between switches and routers. A 26-byte header that contains a > 10-bit VLAN ID is prepended to the Ethernet frame. > > --Gopinath > > > ""Brant Stevens"" <[EMAIL PROTECTED]> wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > Information on ISL header... taken from > > > http://www.cisco.com/warp/public/741/4.html > > > > > > VLAN - Virtual LAN ID > > > The VLAN field is the virtual LAN ID of the packet. It is a 15-bit > value > > > that is used to distinguish frames on different VLANs. This field is > often > > > referred to as the "color" of the packet. > > > > > > Information on 802.1Q packet... taken from > > > > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 > > > t/121t3/dtbridge.htm#xtocid114535 > > > > > > The tag is stored in the following two octets and it contains 3 bits > of > > user > > > priority, 1 bit of Canonical Format Identifier (CFI) and 12 bits of > VLAN > > ID > > > (VID). The 3 bits of user priority are used by the standard 802.1p; > and > > the > > > CFI is used for compatibility reasons between Ethernet type networks > and > > > Token Ring type networks. The VID is the identification of the VLAN, > which > > > is basically used by the standard 802.1Q and, being on 12 bits, it > allows > > > the identification of 4096 VLANs. > > > > > > > > > Brant I. Stevens > > > Internetwork Solutions Engineer > > > Thrupoint, Inc. > > > 545 Fifth Avenue, 14th Floor > > > New York, NY. 10017 > > > 646-562-6540 > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of > > > Gopinath Pulyankote > > > Sent: Wednesday, February 28, 2001 1:49 PM > > > To: [EMAIL PROTECTED] > > > Subject: BCMSN: VLAN ID How many bits? 10 or 15 ?? > > > > > > > > > Hi all, > > > The Cisco Press book BCMSN by Karen Webb says the VLAN ID is 15 > bits, > > > but I read somewhere else its 10 bits. > > > Which is correct ?? > > > TIA > > > --Gopinath > > > > > > > > > _ > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > _ > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to > [EMAIL PROTECTED] > > > > > > > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fw: BCMSN: VLAN ID How many bits? 10 or 15 ??
Sorry, I didn't mean to imply you personally were confused. Come to think of it, ALL the documentation should be clearer. Particularly if you think about the 15bits plus the 1bit BPDU field in the ISL are so close to the 2 bytes in an 802.1q VLAN Identifier header (3 Priority, 1 CFI, 12 ID)...which was the direction I thought people were heading towards... On Wed, Feb 28, 2001 at 03:04:13PM -0800, Gopinath Pulyankote wrote: >My Q was related to ISL only. IEEE 802.1q has 12 bits, that's clear. >After reading some of the replies, I can summarize ISL's VLAN ID as: >15 bits are allocated for the field but only 10 are used now. > >"anthony kim" <[EMAIL PROTECTED]> wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> I think there is some confusion between ISL and IEEE 802.1q. >> Remember Cisco ISL VLAN ID field is 10 bits i.e. 2^10 or 1024 possible >> (0-1023) >> >> Just *think* about how many bits in an IEEE 802.1q frame it takes to make >> 4096 VLANs. >> >> >> >> --- Gopinath Pulyankote <[EMAIL PROTECTED]> wrote: >> > [Couldn't post this to the newsgroup, hence sending it to you directly] >> > >> > "Gopinath Pulyankote" <[EMAIL PROTECTED]> wrote in message news:... >> > How about this ? This says 10-bit VLAN ID ! >> > >> > >> > >> >http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/s >> > witch_c/xcisl.htm >> > >> > Frame Tagging in ISL >> > >> > With ISL, an Ethernet frame is encapsulated with a header that >> > transports >> > VLAN IDs between switches and routers. A 26-byte header that contains a >> > 10-bit VLAN ID is prepended to the Ethernet frame. >> > >> > --Gopinath >> > >> > > ""Brant Stevens"" <[EMAIL PROTECTED]> wrote in message >> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > > > >> > > > Information on ISL header... taken from >> > > > http://www.cisco.com/warp/public/741/4.html >> > > > >> > > > VLAN - Virtual LAN ID >> > > > The VLAN field is the virtual LAN ID of the packet. It is a 15-bit >> > value >> > > > that is used to distinguish frames on different VLANs. This field is >> > often >> > > > referred to as the "color" of the packet. >> > > > >> > > > Information on 802.1Q packet... taken from >> > > > >> > > >> > >> >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121 >> > > > t/121t3/dtbridge.htm#xtocid114535 >> > > > >> > > > The tag is stored in the following two octets and it contains 3 bits >> > of >> > > user >> > > > priority, 1 bit of Canonical Format Identifier (CFI) and 12 bits of >> > VLAN >> > > ID >> > > > (VID). The 3 bits of user priority are used by the standard 802.1p; >> > and >> > > the >> > > > CFI is used for compatibility reasons between Ethernet type networks >> > and >> > > > Token Ring type networks. The VID is the identification of the VLAN, >> > which >> > > > is basically used by the standard 802.1Q and, being on 12 bits, it >> > allows >> > > > the identification of 4096 VLANs. >> > > > >> > > > >> > > > Brant I. Stevens >> > > > Internetwork Solutions Engineer >> > > > Thrupoint, Inc. >> > > > 545 Fifth Avenue, 14th Floor >> > > > New York, NY. 10017 >> > > > 646-562-6540 >> > > > >> > > > -Original Message- >> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf >> > Of >> > > > Gopinath Pulyankote >> > > > Sent: Wednesday, February 28, 2001 1:49 PM >> > > > To: [EMAIL PROTECTED] >> > > > Subject: BCMSN: VLAN ID How many bits? 10 or 15 ?? >> > > > >> > > > >> > > > Hi all, >> > > > The Cisco Press book BCMSN by Karen Webb says the VLAN ID is 15 >> > bits, >> > > > but I read somewhere else its 10 bits. >> > > > Which is correct ?? >> > > > TIA >> > > > --Gopinath >> > > > >> > > > >> > > > __
Re: Acess list (only for me)
access-list 1 permit 192.168.1.52 line vt 0 4 login password secret access-class 1 in HTH. Your homework: how would you hash this password so it doesn't show up in clear text with sh runn? Have fun. On Thu, Mar 01, 2001 at 05:28:54PM -0800, jeongwoo park wrote: >didn't work >anyway thanks for your reply. >J > >""Johnny Sun"" <[EMAIL PROTECTED]> wrote in message >000601bf73a6$f70f3e80$[EMAIL PROTECTED]">news:000601bf73a6$f70f3e80$[EMAIL PROTECTED]... >> Hi Jeongwoo, >> >> Just change the access-list like this: >> access-list 101 permit tcp host 192.168.1.52 any eq telnet >> >> regards. >> >> Johnny Sun >> >> >> -Original Message- >> ·¢¼þÈË: jeongwoo park <[EMAIL PROTECTED]> >> ÐÂÎÅ×é: groupstudy.cisco >> ÊÕ¼þÈË: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >> ÈÕÆÚ: 2001Äê3ÔÂ1ÈÕ 16:47 >> Ö÷Ìâ: Acess list (only for me) >> >> >> >Hi all >> >I am playing with 3620 router that has an ethernet. >> >There are several hosts hanging off the ethernet. >> >I want nobody but myself to telnet to this router. >> >So, I made access list as following; >> > >> >access-list 101 permit tcp host 192.168.1.52 eq telnet any >> >! >> >ip access-group 101 in >> > >> >192.168.1.52 is my ip address >> > >> >I couldn't telnet in. >> >What am I missing? >> > >> >Thanks in adv. >> > >> > >> > >> >-- >> >jeongwoo >> > >> > >> >_ >> >FAQ, list archives, and subscription info: >> http://www.groupstudy.com/list/cisco.html >> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >> >> _ >> FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] >> > > >_ >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: FW: Change in CCIE Lab Price
If the cost of the lab went up to $2500 - I think most people would still pay. (Oops, did I just write that?) I don't think it's an attempt to reduce the number of candidates vs. a recognized stream for added revenue. As a cynic, I think it has very little to do with rising costs. Supply and demand at work, I think. --- Craig Columbus <[EMAIL PROTECTED]> wrote: > I find this quite annoying. You can't tell me that with the increased > volume of registrations Cisco isn't making more money than ever off the > exam. I assume that this is a feeble attempt to reduce the number of > candidates scheduling the lab. For those whose company is paying the > bill, > the extra $250 won't make any difference. For those who are funding > everything personally, it's just a burden; they've come too far to let > the > extra $250 stop them. In any case, it just gives me that much extra > incentive to pass on the first ($1000) try. > > Just my $0.02... > Craig > > At 07:07 PM 3/1/2001 -0800, you wrote: > >I just got this, which may be of interest to some... > > > >- > > > >March 1, 2001 > > > >Dear CCIE Candidate, > > > >We are contacting you to confirm that you are currently scheduled for a > >CCIE lab exam and that we will soon be implementing some program > >changes that may have an impact upon you. > > > >After a rigorous evaluation of our current cost structure, we find it > >necessary to increase our CCIE Lab exam fee to reflect our current cost > >of doing business. The present $1,000 lab fee has been in effect since > >the CCIE organization was first launched in 1993. Effective on April 1, > >2001, we will begin charging customers $1,250 US per lab attempt, (plus > >any applicable local taxes). > > > >Since you have already received an email confirmation from Cisco > >regarding the current lab fee of $1,000 US (plus any applicable taxes), > >we would be happy to honor that price as long as we receive payment no > >later than March 31, 2001. If we receive payment from you following > that > >date, the new lab fee will apply. If you decide to pay after April 1, > >2001 this email will also serve as a new confirmation. > > > >_ > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
