Re: Split tunelling on PIX 520 [7:47898]
split-tunnel is the command, set per group. -TV Simer Mayo wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How do (or can) you enable split tunnelling on PIX 520? Thanks SM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47903t=47898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Permit Ping access thru PIX FW [7:47193]
All interfaces can see all, regardless of security. Karagozian Sarkis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... HI all BCMS book says: permit ping access thru the PIX Firewall with the conduit permit icmp any any command, letting hosts on the inside ping outside hosts. Does this mean I can't ping the dmz interface?? and it only allows pings from inside Interface to the Outiside global hosts ?? for example: ping outside 4.22.122.xx (able to ping) But, ping dmz 199.16.1.3 (Not able to ping) Thanks Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47221t=47193 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: serial interface down/down or up/down [7:47101]
Hi Priscilla, I have actually had this scenario (multiple times), but due to the Telco's misconfiguration. Specifically we were expecting b8zs/esf. Unfortunately I can't confirm which was configured incorrectly, but I can confirm that going through all of the different combinations available at the router you will get all combinations on the serial interface (up/up, down/up and down/down). I can also confirm, you will not establish connectivity, regardless. I believe either b8zs/esf or sf/ami are the only valid combinations. At least that is all I've ever worked with. Hope this helps, -TV Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group Study, While writing some questions for a practice test, I found myself questioning what I thought was the right answer. Here's the scenario: A Cisco router serial interface is correctly connected with a good V.35 cable to the data port on the DSU side of a CSU/DSU. The CSU/DSU has been misconfigured for the framing method (SF instead of ESF). The framing doesn't match what the provider is using. (The question refers to a CSU/DSU that is external to the router, not one that is built into the router.) Will the Cisco router serial interface be down/down or up/down? And, would the answer be any different if the question has to do with misconfiguring the encoding (AMI versus B8ZS)? If you have real-world experience with this, that would help. I have read the Cisco documentation and the troubleshooting charts, etc. Thanks Priscilla Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47107t=47101 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: LAN(ADSL) to LAN(ADSL) VPN Router Config [7:47085]
Here is a in production example of a 2610 one static Internet IP using a split-tunnel to a dynamic IP 1720 with basically the same config; except the ip on the dialer is ip address negotiated. -TV hostname 2610 ! ! ! clock timezone EST -5 clock summer-time EST recurring ip subnet-zero no ip source-route no ip rcmd domain-lookup ! ! ! no ip bootp server ip ssh time-out 120 ip ssh authentication-retries 3 vpdn enable ! vpdn-group pppoe request-dialin protocol pppoe ! ! crypto isakmp policy 1 hash md5 authentication pre-share crypto isakmp key whatever address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set dynamictunnel esp-des esp-md5-hmac crypto mib ipsec flowmib history tunnel size 200 crypto mib ipsec flowmib history failure size 200 ! crypto dynamic-map br1map 10 set transform-set dynamictunnel match address 125 ! ! crypto map maptrans 10 ipsec-isakmp dynamic br1map ! ! interface ATM0/0 description dsl interface no ip address atm vc-per-vp 256 no atm ilmi-keepalive atm voice aal2 aggregate-svc upspeed-number 0 bundle-enable dsl operating-mode auto no fair-queue hold-queue 224 in ! interface ATM0/0.1 point-to-point pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface Ethernet0/0 description inside Main Network ip address 192.168.28.1 255.255.255.0 no ip redirects ip nat inside half-duplex no cdp enable ! interface Dialer0 description Internet IP via pppoe and dsl ip address Inetaddress 255.255.255.0 ip access-group 180 in ip mtu 1492 ip nat outside encapsulation ppp dialer pool 1 no cdp enable ppp authentication pap callin ppp chap password 7 blahblah ppp pap sent-username blah password 7 blalalla crypto map maptrans ! ip nat inside source route-map nonat interface Dialer0 overload ip nat inside source static tcp 192.168.28.250 25 Inetaddress 25 extendable ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip pim bidir-enable ! access-list 125 permit ip 192.168.28.0 0.0.0.255 192.168.30.0 0.0.0.255 access-list 130 deny ip 192.168.28.0 0.0.0.255 192.168.30.0 0.0.0.255 access-list 130 permit ip 192.168.28.0 0.0.0.255 any access-list 180 permit ip 192.168.30.0 0.0.1.255 any log access-list 180 deny ip 192.168.0.0 0.0.255.255 any log access-list 180 deny ip 172.16.0.0 0.15.255.255 any log access-list 180 deny ip 10.0.0.0 0.255.255.255 any log access-list 180 deny ip 127.0.0.0 0.255.255.255 any log access-list 180 deny ip 255.0.0.0 0.255.255.255 any log access-list 180 deny ip 224.0.0.0 7.255.255.255 any log access-list 180 deny tcp any any eq ident log access-list 180 deny tcp any any eq 135 log access-list 180 deny tcp any any eq 137 log access-list 180 deny tcp any any eq 138 log access-list 180 deny tcp any any eq 139 log access-list 180 deny udp any any eq 135 log access-list 180 deny udp any any eq netbios-ns log access-list 180 deny udp any any eq netbios-dgm log access-list 180 deny udp any any eq netbios-ss log access-list 180 deny tcp any any eq 161 log access-list 180 deny udp any any eq snmp log access-list 180 deny tcp any any eq 162 log access-list 180 deny udp any any eq snmptrap log access-list 180 permit udp host 128.118.25.3 eq ntp any log access-list 180 deny udp any any eq ntp log access-list 180 permit ip any any log no cdp run ! route-map nonat permit 10 match ip address 130 ! KM Reynolds wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I have been trying to search CCO and the archives( think the links are down at the moment) for a IpSec VPN LAN (1720 with ADSL) to LAN (1720 with ADSL) router configuration using Pre-share keys. Can someone post or point where I can find this specfic configuration. I have not configured a ADSL interface and would like to understand this better. K Reynolds _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=47108t=47085 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IDS Questions [7:46639]
One thing the Cisco IDS has, and why we went with it is because of the host sensors, and the ability to cooralate all the hosts data with the network data. Although we haven't purchased the hosts as of yet, we know it's viable. -TV Brian Zeitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I read that the 2600 router (or definitely higher model routers) have IDS built in, but if you bought any Pix Firewall it wouldn't have IDS. Am I mistaken on this? So the most people who want IDS who cannot afford / justify (just yet) and IDS box are using Snort? I have a pix 515UR, and if I read correctly, it has the capabilities to interface to an IDS box, but it is not an IDS box itself. Also, if I use Snort as an IDS, will the pix be able to recognize it? Maybe Microsoft will come out with a tool of this nature, which is free (not really free, but included with OS) like some of the built in components in 2000. If I have some misinformation here, I have not read my 1000 page IDS book as of yet, but I am working on MCNS. I found a document that will allow me to install Snort on Windows 2000, that is my current plan for implementing IDS. Can anyone give me the pros and cons of Snort Vs. Cisco IDS system? What other alternatives should I be looking at. My company does not really need an IDS as of yet, but I am doing this just for fun and for learning about security/IDS. Hope my pro-Microsoft attitude is OK in the group. I like working on routers and security, and don't spend a lot of time tweeking around with Operating Systems. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46693t=46639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: help with vpn and pix [7:46487]
Just open the mask to include whatever new users you need. So for 31 inside ips, ip address inside 10.254.2.1 255.255.255.224 -Todd GEORGE wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi you all , imp trying to use this config from Cisco web site http://www.cisco.com/warp/public/110/pix3000.htmland I has some questions. Suppose if my network has for inside address 10.254.2.1 255.255.255.248 Those the vpn ip pool have to be in the same network as the inside address, because I only have one ip address left to use and would like tohave other users use the vpn tunnel Can I use another network like? 10.0.1.0 Which not use internally? This is a diagram of my network (10.254.2.2) (10.254.2.1)/27 7513pix--outside | LAN | Network 10.200.0.0 Now be looking at Cisco example they have a permit access-list which includes the inside network and they specify another network with a /24 mine is /27 do I have to re subnet? Imp kind of confused. Help.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46531t=46487 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Need information on Secondary Address [7:46525]
It's use is placing a second, different network, on a single interface, generally it's not a good design, but if you are aware of the routing behavior, it works. For IPX it's not recommended, subs are. Behavior is different based on the routing protocol, which these characteristics are best looked up yourself. -Todd Kris Keen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, recently failed the CID exam. I need some information on Secondary addressing, design considerations, overview, uses and so on.. Can anyone assist? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46533t=46525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CAT 3550-48 SMI Problem [7:46326]
Sounds like a STP loop, a guess; when you put the 3550 a different root bride is elected. Spanning tree disabled somewhere on the old layer 2 device? -Todd Firesox wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Folks, I have an urgent issue. My customer has network consists of about 20 sites. There are two hub sites and each hub hosts sites each. Some routers are configured to bridging as well as routing. I am replacing all the hubs at one of remote sites with all 3550 SMI switches. I know there is no physical loops. The router at the site is 2610 with T1 CSU module. The problem is as soon as I plug in the 3550SMI into the ethernet port on the router, the whole network crashes. I can run the remote site's LAN(1 MDF and 5 IDFs) thru Gig backbone just fine. I noticed as soon as the router gets connected to the 3550, serial link(T1) starts flapping and will go down after a minute or so. The router is configured to route and bridge. I have tried most basic troubleshooting such as checking for physical loops, hardcoding the switch port to 10mb half duplex, etc... I even tried to connect the router to just one 3550 smi with no other connections, and the entire network crashes. Has anyone seen a problem like this? Unfortunatelly this network is 24x7x365 facility and I only had 10 minutes to troubleshoot the problem. I could use some input on this. Thanks in advance. firesox Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46382t=46326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any advantage of dynamics NAT over PAT [7:46323]
NAT is one to one so all ports can be utilized as I sure you know, depending on the NAT device you can use outside NAT to solve the duplicate address issue -Todd Kenny Smith wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi.. May I know is there any advantage of dynamics NAT over PAT? What will happen if the dynamic NAT pool of IP address used up? And I have a problem two of the inside local address translate to the same inside global as following. Therefore two workstations will have problem connecting (50.198.164.227 and 50.198.164.227) How to prevent this? If dynamic NAT gave us this problem, why not everyone use PAT, which every IP translate to same IP with difference port. Pro Inside global Inside local Outside local Outside global --- 192.168.3.101 50.198.165.100--- --- --- 192.168.3.102 50.198.164.157--- --- --- 192.168.3.103 50.198.165.89 --- --- --- 192.168.3.104 50.198.164.197--- --- --- 192.168.3.105 50.198.164.68 --- --- --- 192.168.3.106 50.198.165.81 --- --- --- 192.168.3.107 50.198.165.82 --- --- --- 192.168.3.108 50.198.164.227--- --- --- 192.168.3.108 50.198.164.224 _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46383t=46323 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: vpn client [7:46159]
[EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... i dont have a concentrator and was wondering how can i establish a vpn connection to my internal network. i own a pix 520 and would like to connect to the internal network while im with a isp what software do i need preferably cisco Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=46165t=46159 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Design question concerning Pix, DSL, and Frame T1 [7:45857]
Yes, using statics. Wayne Jang wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I think this will work: I have a customer that would like to use two connections to the Internet (one sdsl and one frame) I want the two servers to use the DSL for Internet and the 20 users could use the Frame T1 (no BGP, not load balanced). I want to use a Cisco 1720 with a serial wic for Frame and a module for the DSL. I will than use a Pix 506e behind the router. Can I configure the Pix to recognize traffic from the servers and tag it somehow so the router will send it out the DSL side of the 1720? The traffic from users would need to do the same but exit out the T1. Is this considered routing on the Pix side, or can I use access lists in some way to make this work? A friend of mine said this could be done, but I'm a little unsure. Thanks, Wayne Wayne Jang Advanced Computer Technologies, Inc. 108 Main Street Norwalk, CT 06851 Wk 203-847-9433 Cell 203-943-6603 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45891t=45857 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: pix question [7:45639]
With the assumption that all set correctly, nat cooralates to global, etc, etc. and you cleared all caches after set up;which I would say somewhere they are not, I would run icmp debugs, take all acl's off except the one's needed for the nat/pat, and watch the packets, you'll find it. -TV Anthony Ramsey wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I appreciate any feedback to my question: I am setting up a lab environment and intially trying to configure a router and a pix behind it. my router's outside interface is connected to a cable modem and have a live ip address assigned to it. cable modempix inside hosts. the router's inside interface has a private ip add. of 172.16.1.1 /24 and the pix' outside interface is 172.161.1.2 /24. the inside interface of the pix has an ip address of 10.1.1.1 /24 and all inside hosts have that as the default gateway. securities are set up correctly on the inside and outside interfaces. I am using a global pat address, different from the one on the router's interface connected to the cable modem (no statics going on in the pix). i am unable to reach the internet even when I use the statement: conduit permit ip any any and no packets are able to reach the 172.16.1.0 network from the inside hosts not even the 172.16.1.2 address which belongs to the pix's outside interface. I have a route outside 0 0 172.16.1.2 statement as well. from the router I can ping inside hosts, with the correct route statement. hope this is enough information. please help! thanks Tony __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45643t=45639 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: V3PN's [7:45398]
I'm not sure about the marketing term, but this is a relativity new VPN solution. Basically how it works is for QOS and for MPLS VPN solutions the tagging bits/info are placed in the actual IP header that traverses the Public network AFTER the encryption. The IPSEC in GRE is mainly used for transferring Legacy packets over IPSEC. AES is also real new, which is the new DES which is 256 vice 3DES 168. -TV Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Does anyone know anything about the V3PN's out there that Cisco is hyping up? Is it based on new technology or just marketing hype. I saw two things that caught my eye: 1. It can pass multicast traffic via IPSec. Is that with GRE or some new feature? 2. It can mark voice and video once encrypted. How? That's pretty good if true. Is this marketing or new technologies/techniques I never heard of yet? Here are some links: Cisco: http://www.cisco.com/warp/public/cc/so/neso/vpn/vpne/v3pn/index.shtml Network World: http://www.nwfusion.com/news/2002/0529cisco.html I have a feeling I'm becoming a victim of a marketing department. -- RFC 1149 Compliant Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45411t=45398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: telnet terminal [7:45397]
Also has a free SSH add on. -TV . . wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... what is a popular (and free) telnet terminal for all of you using? _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45412t=45397 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix SSH to outside interface [7:45031]
If the pix is not reachable via an internet routable IP and you want to ssh through an outside router without changing anything on it, then no you can't. You have to set it up on the pix and allow it thru the outside, or connect to the outside router first. Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi all, I'm not sure whether this is possible or not , it could be a piece of cake, but I'm without a pix at the moment to try it on. If the outside interface is a private address (all registered addresses are just routed to the pix and translated to internal addresses), is it still possible to SSH to the Pix somehow? Obviously it's not possible to SSH to the outside private address over the internet, but is there a trick to do something like NAT (translating a registered address to the outside address) or port redirection. I suppose this could be done on the Internet router, but I'm trying to find a way of doing it on the pix alone. I seem to remember trying to SSH through the pix to an inside interface, and I don't think this was possible (this was for a slightly different scenario where the registered addresses were actually used on the inside network, but I'd be interested to hear ideas for that too). Any ideas? Thanks, Gaz Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=45093t=45031 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hi folks, I've been thinking about Cisco as an investment.
So by your statement you analyze/buy stocks on P/E? You must own not own a single tech stock then. World Com is 15 and Lucent and some others because they have already lost their butts. If you want to make money you have to accept risk. Of course you could be old, in which case capital preserversation it your main philosophy. "Robert Padjen" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... All - Cisco is a great company. It has one of the best developed business models in the world. Their products afford a well-rounded feature set that is first rate. ARE YOU INSANE!!! ;) Let's see. CSCO is trading at a P/E of just over 45. Companies normally trade in the area of 30, and WorldCom, etc., are at 10-15. Thus, Cisco is overvalued by 50%, and historically would price at $12/share if they were a normal company. OK, they're not, so a slight premium would be warranted (where that is between $12-18/share is unknown, but we'd likely be near the top of the range). Further, Cisco is recording P/E (price/earnings) on last quarters numbers, which could be 30% BETTER than this quarters. A lowering of up to 30% could warrant a price range of $10-14/share to hold the same P/E ratio. Since the next two quarters appear down, and lowering is more likely, you would view this as a bargin why? ;) In addition, Cisco is the largest holding of most money market funds. As the price increases it would be likely that they will sell to diversify. Look, I like the company. I think very long term they will be an IBM or a Microsoft. But short term, with any stock, don't allow a lower price than yesterday to be a measure of a bargin. If I believed that any/all of us would save Cisco with our thousand share buys I'd likely be a bit more positive, but since the loss will hurt us MUCH more than the aggrigate company or economy, please save your capital and do the analysis before investing! Kidding about the insane thing BTW. Now, for a really good investment, the Bank of Rob is taking deposits, cash only please! --- ItsMe [EMAIL PROTECTED] wrote: Myself and a few others are buying. Same story as yourself couldn't afford it before. As for going to hell in a hand basket; if Cisco went down the tubes, there would be many other things you would be worried about then the money you would be investing with now. (i.e. radiation poising from the Nuclear War :-) just my opinion "Natasha" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi gang, this is a little off topic but... I've been watching the stock price of Cisco drop from where it was to where it is now, and have been agonizing over the fact that I can actually afford some. Reading the Analyst Consensus on various sites and Cnbc it seems like we're going to hell in a hand basket. The insight that I need is, Is it slowing down as bad as they tell us? What is the life span of the average router, warranty? How often are routers, switches, etc. replaced? Is Cisco a bad investment right now? You folks are out in the trenches so any help or insight that you can offer is a help. Thanks -- Natasha Flazynski http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] = Robert Padjen __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hi folks, I've been thinking about Cisco as an investment.
Myself and a few others are buying. Same story as yourself couldn't afford it before. As for going to hell in a hand basket; if Cisco went down the tubes, there would be many other things you would be worried about then the money you would be investing with now. (i.e. radiation poising from the Nuclear War :-) just my opinion "Natasha" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi gang, this is a little off topic but... I've been watching the stock price of Cisco drop from where it was to where it is now, and have been agonizing over the fact that I can actually afford some. Reading the Analyst Consensus on various sites and Cnbc it seems like we're going to hell in a hand basket. The insight that I need is, Is it slowing down as bad as they tell us? What is the life span of the average router, warranty? How often are routers, switches, etc. replaced? Is Cisco a bad investment right now? You folks are out in the trenches so any help or insight that you can offer is a help. Thanks -- Natasha Flazynski http://www.ciscobot.com My Cisco information site. http://www.botbuilders.com Artificial Intelligence and Linux development _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: intercept and redirect
PIX, by itself doesn't route. It won't work. "Doug Roberts" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I've had a request to have our Pix firewall catch inbound traffic headed for host A and redirect it to host B. We do not have NAT enabled on the Pix (ver 5.1). Am I missing something? I don't see a way to do this. Doug == "There are a lot of interesting people here, a pretty high concentration of creative, interesting, smart people. You just have to make an effort to group them together, because they're interspersed with a lot of morons." Aimee Mann as quoted in The Onion == _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: new Microsoft exams tougher than Cisco's
I took the same exam Monday. It was lnnn, as it should being a beta. But it wasn't difficult. When its goes public, with the 40 questions or so, it will be easy. Wait till you take the CID or IE written. "Mihai Dumitru" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, group! I took 71-244 (Supporting and Mainaining a Windows NT 4.0 Network beta) today. 110 scenario-like questions in 4 hours and I think it was harder than any Cisco CCNP exam that I passed till now. It's not that the Microsoft stuff is too "difficult" to understand, it's just about the complexity of the questions. I have never understood why Cisco doesn't have more complex questions (scenarios I mean) in its exams. DCN is an exception, but compared with what I saw today, a Cisco exam is quite easy to pass. Mihai _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: How to Make Frame Relay Redundant?
We have set up a "more" redundant solution similar to your infrastructure, and the same ISP. We have one T come in from Boston, and the second from DC. We split our customer CIR across the 2. This works out nicely. From the router perspective we have another identical router set and ready to go if the first router fails. ""Raul De La Garza"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Please forgive me if this topic has already been explored. I am considering the purchase of a 3640 in order to provide Internet access to our office at 100 Mbps. I will outfit it with 2 10/100 2-port modules. I am also considering making our Frame Relay network redundant by adding two 1-port T1 w/CSU WICs, however, with only two FR lines coming in how would I make this a fault tolerant solution without having to obtain two more FR circuits? HSRP is definitely being considered. Obviously, an Ethernet hub or switch is out of the question. Any help you could provide would be greatly appreciated. Raul De La Garza III _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: old 3102 router
DB50v2 "Rizzo Damian" [EMAIL PROTECTED] wrote in message 49C181ACF35ED311A7DC00508B5AF61102E524D5@NAEXCHANGE">news:49C181ACF35ED311A7DC00508B5AF61102E524D5@NAEXCHANGE... Anyone know if a 3102 Router's serial port is the DB-60 kind of today or not so much? Damian Rizzo Senior IT Engineer Marakon Associates 203-978-6341 [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX and NAT with VPN
Use a "static" to itself, takes presidence over NAT. Or you can use NAT 0 but you can only use it once. ""Rick Holden"" [EMAIL PROTECTED] wrote in message 002001c097b6$60c466a0$[EMAIL PROTECTED]">news:002001c097b6$60c466a0$[EMAIL PROTECTED]... I have a PIX firewall that is being used for a VPN as well. The problem is all the inside addresses are being translated to public addresses even when the traffic is destine for the VPN tunnel. I tried the following commands but this seems to block all translations. (real IPs have been replaced for security) access-list nonat permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (inside) 0 access-list nonat global (outside) 1 172.16.10.1 net 255.255.255.255 I also tried using DENY in the access list access-list nonat deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0 This didn't work either. How can I can the traffic destined for the Internet to be translated and the traffic destined for the VPN not be translated? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Back to the point/ontopic Re: Thought youd enjoy this
Yes, I hear what your saying!!!... Oh, by the way, you are in the UK...hmmm... Dear Lauren, Please allow me to introduce myself. I am a highly certified and knowledgable... Sorry, couldn't resist. "Lauren Child" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... OK. Whether people found it funny isnt really on topic. What I was aiming to do was povoke a discussion on how people fely about this stuff. How do people feel if a) their cisco certified status is used to declare open season for anyone wanting a job in their area reslulting in emails like that one filling up your inbox b) people are gaining certifications and applying for jobs in their field when they havent grasped rudimentary internet skills. TTFN Lauren CCNP-ATM, CCDP certified. aka Lauren, Free career advice, feel free to grab my email from usenet and use me to save you a few minutes of your precious time. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCIE Written!!!!!!!!!!
Well, since you can't reserve the LAB until you pass, and they are booked into August, I think April is impossible. ""Shaheed, Manzur"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED].. . Group, I just passed CCIE - Routing and Switching written exam. I completed CCNP2.0 in last December. I decided to take the written exam asap while everything is still fresh in my mind. I am hoping to complete the Lab in April 2001 (too ambitious???) Thanks to this group - I have learnt a lot of things from the discussions. Regards Manzur Shaheed MSCS, CCNP 2.0, MCSE+I, CCIE - Candidate. Melbourne, Australia. CAUTION This e-mail and any files transmitted with it are privileged and confidential information intended for the use of the addressee. The confidentiality and/or privilege in this e-mail is not waived, lost or destroyed if it has been transmitted to you in error. If you have received this e-mail in error you must (a) not disseminate, copy or take any action in reliance on it; (b) please notify Australia Post immediately by return e-mail to the sender; and (c) please delete the original e-mail. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed CCIE written with a little extra stress
Wow, they must have a bad batch. This is the third time I've heard this recently. ""Joe Johonness"" [EMAIL PROTECTED] wrote in message 001201c09234$cbf59d40$[EMAIL PROTECTED]">news:001201c09234$cbf59d40$[EMAIL PROTECTED]... I passed the CCIE written today. The test crashed right in the middle = of the exam and they had to have a new one downloaded. I had to start = all over that was just great. I hope it does not happen to anybody = else. I just found a good cram for the test after I took it = unfortunately. Here it is hope it helps somebody. http://cramsession.brainbuzz.com/cramsession/cisco/ccie_written/ Joe Johonness _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Multiple Answer Question
When taking a test with a "multiple answer" implies 2 or more. I recently talked myself into selecting 2 answers based on this assumption, and felt strongly only one was correct. As far as the correct English interpretation, I believe this infers 2 or more. Is this correct? Anyone know for sure? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple Answer Question
My fault, I'm talking about the CCIE written. [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cisco exams will tell you how many selections to choose if there are more than one right answer. At least I know it was this way for the CCNA 1.0 and the BCRAN 2.0. So I would assume it would be the same for the other CCNP exams as well. I am not sure about the CCIE written. Heather Buri In a message dated 2/6/01 9:36:57 PM Central Standard Time, [EMAIL PROTECTED] writes: When taking a test with a "multiple answer" implies 2 or more. I recently talked myself into selecting 2 answers based on this assumption, and felt strongly only one was correct. As far as the correct English interpretation, I believe this infers 2 or more. Is this correct? Anyone know for sure? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cvoice
Well for cvoice for instance, you have to be a CCNP to earn the specialization: http://www.cisco.com/warp/public/10/wwtraining/certprog/special1/course.html ""UmerKhan"" [EMAIL PROTECTED] wrote in message 01c08e90$d95c17e0$3e0b80cb@pentium686">news:01c08e90$d95c17e0$3e0b80cb@pentium686... thanx for the input.but pls guide me what is the criteria for completing a certification, passing the paper or getting the certificate. and isnt the result card alone ample proof of my passing the certifiaction. how serious is the "official" as you refered to it.:) thanx umer [EMAIL PROTECTED] From: "ItsMe" [EMAIL PROTECTED] Newsgroups: groupstudy.cisco To: [EMAIL PROTECTED] Sent: Sunday, February 04, 2001 8:17 AM Subject: Re: cvoice True, you can take any test you want , but have to complete all prequisites, to be "official". ""umerkhan"" [EMAIL PROTECTED] wrote in message 004e01c08dfc$e84cdbc0$a90a80cb@pentium686">news:004e01c08dfc$e84cdbc0$a90a80cb@pentium686... Hi, can anyone tell me is it necessary to pass the ccnp certification in = order to take the cvoice 2.0 exam. i have checked with the cisco website = and only acrc (or bscn ) and ccna are written in the prequisites. a = friend of mine was telling me that you can appear for the exam but wont = get the certificate before passing the whole of ccnp , is it true.? regards, umer=20 [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: cvoice
True, you can take any test you want , but have to complete all prequisites, to be "official". ""umerkhan"" [EMAIL PROTECTED] wrote in message 004e01c08dfc$e84cdbc0$a90a80cb@pentium686">news:004e01c08dfc$e84cdbc0$a90a80cb@pentium686... Hi, can anyone tell me is it necessary to pass the ccnp certification in = order to take the cvoice 2.0 exam. i have checked with the cisco website = and only acrc (or bscn ) and ccna are written in the prequisites. a = friend of mine was telling me that you can appear for the exam but wont = get the certificate before passing the whole of ccnp , is it true.? regards, umer=20 [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Subnet question
Correct. You need 14 subnets, a block of 16. Therefore your third octet will be 176-191. "Hunt Lee" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Can anyone please explain to me how to derive the answer of this question? A company has been assigned a subnet of 172.16.176.0/20, and wants the next four available bits to create 14 subents, each containing an equal number of hosts. Which of the following could represent one of these subnets? A) 172.16.255.0/24 B) 172.16.193.0/24 C) 172.16.183.0/24 D) 172.16.16.0/24 E) 172.16.0.0/24 F) 172.16.190.0/24 Answer is C and F Regards, Hunt Lee IP Solution Analyst Cable and Wireless (Sydney) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Frame Relay OR ATM????
If your using an major ISP for your point-to-point you are probably already on an ATM backbone. ""Nabil Fares"" [EMAIL PROTECTED] wrote in message 001201c0819b$d1c0c780$[EMAIL PROTECTED]">news:001201c0819b$d1c0c780$[EMAIL PROTECTED]... Greetings all, Would like to get your thoughts on the benefits of choosing ATM over frame for the backbone. We have sites basically all over the US, and someone is recommending ATM instead of frame. We're currently using point-point ckts. for backbone connectivity. Any web site links or little summary would great. Thanks, Nabil _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whew... I passed
Convincing the VP isn't the hard part, its after you pass explaining to the VP that a $20K/year raise is warranted. Which in turn he says your are nuts, so you decide to leave... until he breaks out the agreement that says in fine print that you have agreed to pay back all training funds it you leave... Be careful! "Jim Healis" [EMAIL PROTECTED] wrote in message DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2... Well, I did it. I passed the CCIE written exam this morning. And, for just a moment, I felt the weight of the world lift off my shoulders. Then I thought about the lab exam and what I need to do to get there. Thankfully, I have a plan; it just needs to be put on paper so it can be a working document. I have posted much in the recent weeks about how I have studied to get this far, so I won't post it again. But if you have specific questions about certain areas, that won't violate the NDA, I will be happy to answer them. Now, my next challenge comes along... not the lab... convincing my boss that the company should pay for the lab exam and any needed materials for getting there. I know that I shouldn't rely on this as the means to the end; but if I can get it, why not? Anyone have any pointers on how to convince a VP that doesn't know much about the CCIE program that he should approve these things? Thanks for the wonderful humor and study tips! Jim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+
Are you sure you can configure 2 Tacacs+ servers. I thought 1 Tacacs+, and/or 1 Radius and/or local? "Eric Gunn" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... If more than 1 tacacs server is defined in a config what would happen if The user dosen't authenticate, it will NOT contact the second server correct? The only reason to have a second server assigned is if the first one is not responding, in which case the config would allow for use of the second server. Also Authentication must take place before anything can happen. I know I some of these questions are basic, I just want to verify and see if I am misunderstanding something. Thanks, --Eric _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Whew... I passed
I'm not saying I don't think you owe the company if they pay your way, by no means. I just saying to be aware of what you are agreeing to. Wow 30K to 120K, I could double my pay and not be at 120K, it may be time to move forward. Me ccnp+security, ccdp, mcse, mcp+i, n+, a+ "Dennis Laganiere" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm ready to get spammed for this, but here are some thoughts from the other side of management. If YOU paid for your own training, lab equipment, and lab attempts (probably multiple, at $1,000 piece) then I could see your asking for a huge raise. HOWEVER, if the company paid for your training, bought $15,000 to $20,000 worth of lab equipment for you to play with, and gave you the time to study, + lab attempts, +travel expenses+ god-knows-what-else, I think you owe something back, and perhaps some time served at your current rate is the least they could expect in return. If they support you through the whole process and you either leave or start barking for the stars salary-wise, the guy next to you, who's six months behind you on the same career path, won't get the price of honey for his tea. Again, these are just my $.02 --- Dennis -Original Message- From: ItsMe To: [EMAIL PROTECTED] Sent: 1/18/01 6:39 PM Subject: Re: Whew... I passed Convincing the VP isn't the hard part, its after you pass explaining to the VP that a $20K/year raise is warranted. Which in turn he says your are nuts, so you decide to leave... until he breaks out the agreement that says in fine print that you have agreed to pay back all training funds it you leave... Be careful! "Jim Healis" [EMAIL PROTECTED] wrote in message DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2">news:DF49A3EC4130D411AC1600508B608DDF01116426@DIALPAD-EX2... Well, I did it. I passed the CCIE written exam this morning. And, for just a moment, I felt the weight of the world lift off my shoulders. Then I thought about the lab exam and what I need to do to get there. Thankfully, I have a plan; it just needs to be put on paper so it can be a working document. I have posted much in the recent weeks about how I have studied to get this far, so I won't post it again. But if you have specific questions about certain areas, that won't violate the NDA, I will be happy to answer them. Now, my next challenge comes along... not the lab... convincing my boss that the company should pay for the lab exam and any needed materials for getting there. I know that I shouldn't rely on this as the means to the end; but if I can get it, why not? Anyone have any pointers on how to convince a VP that doesn't know much about the CCIE program that he should approve these things? Thanks for the wonderful humor and study tips! Jim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: WIC Confusion
A 56/64k 4 wire will only work with the same interface. Its not T1 timing signal compatable. A Fract/T1 is usually provisioned at 128K and above but is configurable at 64K with one timeslot. Its much more expensive/month so unless you know the potential for needed bandwith increases are a given, it won't warrent the added monthly expense. "David Sanderson" [EMAIL PROTECTED] wrote in message EF2576A9A885D311A4930090278A3B185C544F@EXCHANGE">news:EF2576A9A885D311A4930090278A3B185C544F@EXCHANGE... My telco has installed a 64K line. I thought I could use a T1 WIC, and set the bandwidth to 64 and/or use the command service-module timeslot 1 to run this point-to-point leased line. Is this only possible if the line is fractional T1?(the question probably should be "what is the line, 64K or fract. T1) But my telco provider says that the cisco 1602 built-in 56K module should be used for this line(the 1602 has a T1 module that I bought for this line; and of course the built-in 56K). A Cisco rep. said no, it has to be a T1 module. I also have another available module in my 3640 here at work that has a 56/64K stamped on the back of the hardware module itself. But when I show int. for that module it says 56K module(bandwidth 1544, unless I set it to 64k). Which should I use or can I use either/all if configured correctly? Can someone help clear this up? Thanks for any help. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written, 2nd try
Go get 'em, Jim! Best of luck! "Jim Healis" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, in just about 12 hours I take the CCIE written exam for the second time. The first time was just to get a handle on what I should expect (though I still held hope that I would pass). This time, however, I have made a strong effort to study. In the last four weeks I have read more material, page for page, than I did all through college. I still can't say that I know it all because sometimes I still draw a blank when someone asks me a question. But I can say that when I took that first Certification Zone practice exam I thought I was nuts for thinking I could do this, and when I took the most recent one I actually made a passing score. And now, on the eve of my exam, I think to myself if I am still crazy for continuing this path. I mean, thinking about all that I must study in addition to what I have already done makes me dizzy. But just for giggles I thought I would see how fast I could correctly configure a router, from scratch, with two Ethernet connections, two WAN connections, a routing protocol and NAT. Now I know this is a simple configuration but I was going for speed not complexity. I finished configuring the router in just under 9 minutes, and yes, it worked! I was shocked. I didn't think I was that practiced. So now I study a bit more, just to cover the basic items that I may have forgotten in my studies. I also plan on getting a good night's sleep (though I may be too nervous). And tomorrow morning I plan on passing the exam and greeting my future with open arms and a confident smirk on my face. :-) Best wishes to all! Jim _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eigrp, frame relay, and ISDN
"backup" also works very nicely in this senario also, with the dialer interfaces. ""whitaker"" [EMAIL PROTECTED] wrote in message 939a8i$cnt$[EMAIL PROTECTED]">news:939a8i$cnt$[EMAIL PROTECTED]... So here's the scenario...Numerous routers in a central site connected to other remote sites via frame-relay with backup ISDN. Question: What is the best way to implement EIGRP in this scenario? My thoughts were to run EIGRP over the frame, set up the dialer interface / bri as a passive interface, and use floating static routes (static route with higher administrative distance for ISDN backup) Thoughs, comments, suggestions, ridicules? ;-) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Firewall License R or UR ?
Only the PIX 515 has R and UR. ""A.C"" [EMAIL PROTECTED] wrote in message 9384i4$f0a$[EMAIL PROTECTED]">news:9384i4$f0a$[EMAIL PROTECTED]... Hi, Does anyone know a command on Pix Firewall 520 that shows what kind of license it has (R -UR license)? Thank you _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX failover
PIX 520's don't have a R or UR version they all support failover. ""Florin Mechetiuc"" [EMAIL PROTECTED] wrote in message 92svsr$482$[EMAIL PROTECTED]">news:92svsr$482$[EMAIL PROTECTED]... I have couple of 520 firewalls ordered a while back but I don't know if is a way to check if they are in failover bundle. To be more specific , I have one up and running but I would like to install the failover and I don't which one is ( I have other three ordered for other projects). I think it might be a way of checking on Cisco's website by having the serial number of the main firewall and then I can get the the serial number of the failover. Thanks and Happy New Year ! Florin Mechetiuc [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Frame-Relay spoke redundancy
All, We just had a second T1 installed on our 3600. Our first supplies about 20 spokes, sub-if, with various CIR's all running EIGRP with bandwidth statements. The second was provisioned via a different cloud path for redundancy. We want to "automatically" backup the primary spokes with the second T1. I can use the "backup" command but we already use this method for ISDN on some of the links, so were leaning toward a load-balancing solution. My main concern is due to the different provisioning paths the metric may be lower for the majority of the spokes on one of the T1's, thereby having an awfully lop-sided load balancing architecture. I could tweak these in via an Easter egg method, but that's a lot of work for what its worth. Is anyone running a similar configuration and want to shed some light? Thanks! _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco menu problem
#terminal length 0 A value of zero prevents the router from pausing between screens of output. ""Sylwester S. Biernacki"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for this little thing for several days and wonder if it's possible to do it like I wish. I would like to make a menu (running from autcommand) with more than one command in line "menu ExampleMenu command firstcommand; secondcommand" And submenu it's not what I seek for. In all docs which i looked in there is nothing about this item... univercd is not good place too, cause there are only few options :( If it's not possible maybe you know how to change number of lines on terminal using autocommand ? i would like to sth like this: my scripts logs on into router on special account via rsh and gets output of one command. Output is much more longer than 24 lines and IOS wait's for Enter :( If sbdy know how to do it I'll be very glad... :) -- cheers Sylwester S. Biernacki [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN COLT Question
B or C. Need both to work. You can use a dialer-group for A and various commands for D. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] .net... I'm preparing for the BCRAN exam that I plan on taking at the end of the month. I've run across a question in Cisco's COLT that has an answer--according to COLT-- that I don't agree with. Before the replies fly about the quality of the COLT, I did see the thread a while back about the quality of the questions. I've found some of their questions to be useful as long as I verify the answer ( the question) in the official Cisco press book or at CCO. Here's the question: Question 16 of 44. Which of the following is considered the primary part of the dialer profile? A. dialer pool B. dialer interface C. physical interface D. mapclass COLT's answer was A. In reading the Cisco press book, there is nothing that would lead me to a direct answer. However, I propose that it is B simply because it's what defines all of the configuration characteristics specific to a destination (page 240 of my book). Any thoughts on this? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AAA Config question
First #1 If tacas+ is first it will go to the server for authentication. If the server goes down it will use local. That's probably what you want. The local allows you to login to fix a router problem if the server is down. And #2 It looks like you are telling it to use tacacs+ for authentication, and then using a list no_tacacs to get to line (character) mode, did you set up a no_tacacs list? "Robert Yee" [EMAIL PROTECTED] wrote in message 08C6D6CAB775D411AAF2001083FC7DD50198AD@PFCMAIL">news:08C6D6CAB775D411AAF2001083FC7DD50198AD@PFCMAIL... Hi all, I'm in the process of testing out a AAA config on a router, and if successful I will be rolling this out to my network. The config seems to work very well with CiscoSecure ACS for NT 2.4. However, ther are some quircks that I'm just not sure about. The following is the config that I'm using: hostname Router1 ! aaa new-model aaa authentication login list1 local group tacacs+ aaa authentication ppp list1 local group tacacs+ aaa authorization exec list1 local group tacacs+ aaa authorization network list1 local group tacacs+ aaa accounting exec list1 start-stop group tacacs+ aaa accounting network list1 start-stop group tacacs+ enable password cisco ! username user1 password 0 cisco ! tacacs-server host 172.16.1.211 tacacs-server key 12345 ! line con 0 password cisco transport input none line aux 0 line vty 0 4 password cisco login authentication list1 Questions: 1. When I try and setup the method list (list1) for authentication with tacacs+ first then local, it does not allow local authentication, it wll only look to the tacacs+ server for validation. However, if I list local first, then tacacs+, it'll work as desired. Why is this so? Shouldn't it work the other way around also? 2. I've shosen to implement the authentication on vty sessions only by using the 'login authentication list1' command that I read on CCO. The ACS sotwre suggested that I use the combination 'aaa authen login no_tacacs enable/line con 0/ login authen no_tacas' command. However, when I tried this, it totally bombed. What did I do wrong? Thanks! Robert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: frame-relay interface-dlci
All of these questions are based on NBMA design, which is different depending on the routing protocol used. I believe they can all be answered when you look at NBMA/routing protocol. ""pierreg "" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have spent many hours trying to comprehend the exerpt bellow (from Cisco CD). Still no light. Can someone help? "This command is typically used for subinterfaces; however, it can also be used on main interfaces. Using the frame-relay interface-dlci command on main interfaces will enable the use of routing protocols on interfaces that use Inverse ARP. The frame-relay interface-dlci command on a main interface is also valuable for assigning a specific class to a single PVC where special characteristics are desired." 1. How can the command frame-relay interface-dlci enable the use of routing protocols??!!?? 2. What do they mean by "specific class"? 3. What characteristics are they talking about? Please explain AND illustrate each point... Thankfully, Pierre-Alex _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: what is the difference between tacas+ and radius
Also for accounting, Radius gives you many more options, and Radius costs nothing if you run Win2k, its part of th OS. ""David Nie"" [EMAIL PROTECTED] wrote in message 91v4j7$ni7$[EMAIL PROTECTED]">news:91v4j7$ni7$[EMAIL PROTECTED]... Hi, all Could you please tell me the difference of tacas+ and radius server? -- David Nie _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: multicast and the BSCN - a match made in hell?
I think you mean 224.0.0.5 and 224.0.0.6 which are the LSA multicast's used in OSPF, A good rule to remember is the 224.0.0.XXX subnet is basically used for all router/ routing information. It typically has a TTL of 1 meaning it will get to the first router and not passed on. "Dyland Desmarais" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Greetings all I am moving along nicely and am now beginning to learn about that wonderful protocol known as OSPF. My question is, the BSCN book from CiscoPress, when explaining OSPF, refers to multicast addresses such as 244.0.0.5 (ALLSPFRouter address) Does this book explain these addresses work, or at this point, should I just accept the fact that 244.0.0.5 is the ALLSPFRouter ip. Is their an online table I can find where the reserved multicast ip's are mapped to their function according to industry standard, or is this covered later in the CCNP course. Thanx in advance. Dyland _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pass Written
So you got a 95 or something like that, since it was easy? ""Hubert Pun"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I just past it this afternoon. not a hard test at all. the certification zone is much harder. How come I still can not receive any group mail for the last 1.5 weeks? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 224.0.0.1 and 255.255.255.255
224.0.0.1 is also not multicast past the next hop router. They have ttl of 1. The big difference is a router knows this is multicast info for them. A host doesn't look at it at all like it does a broadcast to see if its looking for them. "Jean-Michel Roberts" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi again, Sorry, but to be more specific Class D: 224.0.0.0 - 239.255.255.255. Cheers, J-M -Original Message- From: Jean-Michel Roberts [mailto:[EMAIL PROTECTED]] Sent: 18 December 2000 01:04 To: 'Hunt' Cc: '[EMAIL PROTECTED]' Subject: RE: 224.0.0.1 and 255.255.255.255 Hi, Because it's a class D address and Class D addresses are used for multicasting. Cheers, J-M -Original Message- From: Hunt [mailto:[EMAIL PROTECTED]] Sent: 18 December 2000 01:03 To: [EMAIL PROTECTED] Subject: Re: 224.0.0.1 and 255.255.255.255 Just by looking at the IP 224.0.0.1, how can you tell straight away that it is a multicast address? Hunt Chuck Larrieu wrote: 255.255.255.255 will not be passed by a router. it remains on a local segment. All hosts will act upon that address, using CPU time to pass the packets up the stack. 224.0.0.1 is the all systems multicast group. Only those devices which are members of the particular multicast group will take packets for that address and pass them up the stack for action. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of kenny Sent: Monday, December 18, 2000 12:42 AM To: [EMAIL PROTECTED] Subject:224.0.0.1 and 255.255.255.255 Hi , 224.0.0.1 = all systems 255.255.255.255 = broadcast I know that both are different BUT what is the actual difference ? Thanks guys kenairs _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+
The big network statement tends to lead me to believe you will wat an ACS also. http://www.cisco.com/warp/public/cc/pd/sqsw/sq/ ""Avran"" [EMAIL PROTECTED] wrote in message 918hdl$s5v$[EMAIL PROTECTED]">news:918hdl$s5v$[EMAIL PROTECTED]... I am configuring tacacs for a big network. Please shed some light on this process. I am unable to find any reference to TACACS+ for router access. Thank you. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Channel-group vs. Pri-group
Channel-group is how you specify the 24 64K channels/ T1 ""James Haynes"" [EMAIL PROTECTED] wrote in message 918osp$l1i$[EMAIL PROTECTED]">news:918osp$l1i$[EMAIL PROTECTED]... Does anyone know the difference between these two settings. I'm looking at a Router that has T1 controllers on it set for pri-groups and one controller that is set for a channel-group. I realize the pri-groups follow the setup I learned for the Remote Access test, however I don't remember seeing a channel-group command and searching the Cisco website just keeps giving me the command syntax for channel-group. which, by the way, looks alot like pri-group. Thx. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: clarification on BSCN
Always follow the current syllabus. This is the rule of thumb and in this case, also based on experience. ""Ragavendran K Rao (CTS)"" [EMAIL PROTECTED] wrote in message 15BC1866E5CFD111900E00A0C9A6F35E03FA2309@CTSINCSISXUC">news:15BC1866E5CFD111900E00A0C9A6F35E03FA2309@CTSINCSISXUC... is there anyone who has passed through BSCN (ACRC 2.0) ? if so, can you lemme know if the one or more of the following topics are covered ? 1. ACL 2. queueing 3. DDR 4. bridging i find these topics missing in the syllabus for BSCN, whereas they were covered in ACRC regards, This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. Visit us at http://www.cognizant.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TFTP
Hmmm, the way I read your request - a router as a tftp server, to my knowledge you, can't. You need another box for the server itself? ""Pierre-Alex"" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi Group, How do you setup a router as a TFTP server? Which routers support that feature? Thanks Pierre-Alex _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Link-4-Error??
The 4 is the logging level. Port config on both sides should be looked at for the cause. (Auto,speed,etc) Port security? Look at the MAC's. Hope that helps. ""Kim Fisk"" [EMAIL PROTECTED] wrote in message 90rgj7$6hk$[EMAIL PROTECTED]">news:90rgj7$6hk$[EMAIL PROTECTED]... The log on our 2924 switch says: %LINK-4-ERROR: FastEthernet0/1 is experiencing err Does anyone have any more specific info as to what type of error this is indicating? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]