RE: Wireless AP Chaining [7:66270]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What about layer 3 segmentation? You do not want to shoot broadcasts trough all your repaters. The problem is, using repeaters wil give you a hub-like environment. When using bridges full frames are stored and forwarded. Martijn - - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Williamson, Paul Verzonden: woensdag 26 maart 2003 19:15 Aan: [EMAIL PROTECTED] Onderwerp: Wireless AP Chaining [7:66270] Anyone know the maximum number of Wireless AP's you can chain of a single wireless bridge ie Switch ---copper--- AP ~~~air~~~ AP ~~~air~~~ AP Does cisco make an AP that supports this Thanks - - -Paul PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. Version: PGP 8.0 iQA/AwUBPvh+lHdq56XWk+VyEQLx/wCeLUTgVcjRlPouIme3QkH6hr2XANQAoPeT G+DzAbnjMoAjam8DNxM6VlKP =BLub - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBPvh+oXdq56XWk+VyEQIWigCgs/FTfryrjL/4f+I/rArOJBg0uN0An08m fLRgnpDia8HH7io5k5clhDzF =uWDp -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71258t=66270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Wireless AP Chaining [7:66270]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What about layer 3 segmentation? You do not want to shoot broadcasts trough all your repaters. The problem is, using repeaters wil give you a hub-like environment. When using bridges full frames are stored and forwarded. Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Williamson, Paul Verzonden: woensdag 26 maart 2003 19:15 Aan: [EMAIL PROTECTED] Onderwerp: Wireless AP Chaining [7:66270] Anyone know the maximum number of Wireless AP's you can chain of a single wireless bridge ie Switch ---copper--- AP ~~~air~~~ AP ~~~air~~~ AP Does cisco make an AP that supports this Thanks - -Paul PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. Version: PGP 8.0 iQA/AwUBPvh+lHdq56XWk+VyEQLx/wCeLUTgVcjRlPouIme3QkH6hr2XANQAoPeT G+DzAbnjMoAjam8DNxM6VlKP =BLub -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71257t=66270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Can this nat be done on a pix?? [7:63281]
Tried Nat 0 (inside) access-list_nat0 Nat 1 rest ip traffic to outside(nat id 1 same as global (int) id 1) Access-list_nat0 do not nat to ip range 2nd interface Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Robert Perez Verzonden: dinsdag 18 februari 2003 19:15 Aan: [EMAIL PROTECTED] Onderwerp: Can this nat be done on a pix?? [7:63281] Please help, I went with PIX instead of CP and I cannot find a way to do this now!!! Setup PIX 515E-ur - | PIX inside PIX intf2| | 192.168.25.0/24 10.178.25.25/16 | | | | | | Inside get nat when | | going to intf2 | Network Network I want the following NAT setup to happen: If src inside=any, dst intf2=10.178.10.10 then xlate src=10.178.70.20 If src inside=any, dst intf2=10.178.10.11 then xlate src=10.178.80.30 If src inside=any, dst intf2=10.178.10.12 then xlate src=10.178.90.40 otherwise if src inside=any, dst intf2=any then no Xlate I do not want to use statics because there are alot of different boxes and there is no router in this setup that can perform the nat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63284t=63281 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Site to Site VPN Monitering on PIX [7:62676]
You want to use PDM. That is easy. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Verzonden: vrijdag 7 februari 2003 23:46 Aan: [EMAIL PROTECTED] Onderwerp: Site to Site VPN Monitering on PIX [7:62676] I have setup Site to Site VPN between our corporate PIX 515 and our developers PIX 501, i want to moniter the VPN traffic of these Site to Site VPN connections. Please tell me what tools are available to accomplish this. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62709t=62676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco IPSec Tunnel Lifetime [7:62374]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The isakmp policy 10 lifetime XXX lifetime seconds Specify how many seconds each security association should exist before expiring. Use an integer from 120 to 86,400 seconds (one day). Acording to doccd Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Leo Song Verzonden: maandag 3 februari 2003 21:33 Aan: [EMAIL PROTECTED] Onderwerp: Cisco IPSec Tunnel Lifetime [7:62374] Hi, Is it possible to configure the IPSec tunnel never expired on Cisco PIX? A little bit weird, and we got such interesting request. Thanks. Leo Version: PGP 8.0 iQA/AwUBPj7YiXdq56XWk+VyEQJTlwCghOjRztt137gVr2diEvactz4VikkAoKsa HVpC4aQ7MX3chuIc7xPxIGqB =OHQt -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62380t=62374 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Possibly duable with NAT? [7:62373]
See my old post. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does not work. Pls state the tcp port you want map per internal ip As in (off the top of m hat) ip nat inside source static tcp 10.22.5.4 25 209.10.248.134 25 ip nat inside source static tcp 10.22.5.5 80 209.10.248.134 80 Can also use interface ethernet1 or dialer1 as in ip nat inside source static tcp 10.22.5.4 25 interface dialer1 25 Ofcourse introduced after somewhere 11.2??? Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Router Kid Verzonden: zaterdag 1 februari 2003 15:47 Aan: [EMAIL PROTECTED] Onderwerp: NAT QUESTION [7:62313] Please can someone tell me if multiple Private Static IPs can be NAT'ed to one Public IP address. when i try to did that it gave me an error Router(config)#ip nat inside source static 10.22.5.5 209.10.248.x % 209.10.248.x already mapped (10.22.5.4 - 209.10.248.x) - -- This is what i am trying to acheive. ip nat inside source static 10.22.5.4 209.10.248.134 ip nat inside source static 10.22.5.5 209.10.248.134 (want to add this entry) Thanks in Advance! Version: PGP 8.0 iQA/AwUBPjvvE3dq56XWk+VyEQIltgCeO+LWICqQGRAqYS0ZADucixLEURMAoKvo 0pzzIySMB3sPOly/XK+nwhB2 =u8LN -END PGP SIGNATURE- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Cisco Newbie Verzonden: maandag 3 februari 2003 21:27 Aan: [EMAIL PROTECTED] Onderwerp: Possibly duable with NAT? [7:62373] I would like to know if is possible to do the following: I have a router that is currently doing NAT. I have a client who is trying to access an inside routable IP address of x.x.x.80 on a specific port. I need to be able to redirect the clients request to a different IP that sits behind a firewall on my LAN. Is this possible via NAT? Thanks. - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62382t=62373 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NAT QUESTION [7:62313]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does not work. Pls state the tcp port you want map per internal ip As in (off the top of m hat) ip nat inside source static tcp 10.22.5.4 25 209.10.248.134 25 ip nat inside source static tcp 10.22.5.5 80 209.10.248.134 80 Can also use interface ethernet1 or dialer1 as in ip nat inside source static tcp 10.22.5.4 25 interface dialer1 25 Ofcourse introduced after somewhere 11.2??? Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Router Kid Verzonden: zaterdag 1 februari 2003 15:47 Aan: [EMAIL PROTECTED] Onderwerp: NAT QUESTION [7:62313] Please can someone tell me if multiple Private Static IPs can be NAT'ed to one Public IP address. when i try to did that it gave me an error Router(config)#ip nat inside source static 10.22.5.5 209.10.248.x % 209.10.248.x already mapped (10.22.5.4 - 209.10.248.x) - -- This is what i am trying to acheive. ip nat inside source static 10.22.5.4 209.10.248.134 ip nat inside source static 10.22.5.5 209.10.248.134 (want to add this entry) Thanks in Advance! Version: PGP 8.0 iQA/AwUBPjvvE3dq56XWk+VyEQIltgCeO+LWICqQGRAqYS0ZADucixLEURMAoKvo 0pzzIySMB3sPOly/XK+nwhB2 =u8LN -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62314t=62313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RADIUS command accounting [7:61990]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Windows 2000 ias works fine. Free when you already bought the product ;-) http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml aaa-server RADIUS protocol radius aaa-server partnerauth protocol radius aaa-server partnerauth (inside) host 172.18.124.196 cisco123 timeout 5 Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Jim Newton Verzonden: maandag 27 januari 2003 23:07 Aan: [EMAIL PROTECTED] Onderwerp: RADIUS command accounting [7:61990] I know that for the longest time Cisco didn't support aaa accounting of commands to be sent to a RADIUS server. It was supported via TACACS+ but not RADIUS. I have seen recently that this has changed (in O'Reilly's book on hardening routers and in a couple different lists). Does anyone have any information on this? Is it true? What is the minimum version of IOS (I have heard 12.2)? Do you need a specific RADIUS server? I know that moving to TACACS+ would fix my problem, but staying with Radius would be preferable. TIA Version: PGP 8.0 iQA/AwUBPjWv8Xdq56XWk+VyEQK2bACbBS/TGN6NjvFebQ7H/VqaNocc95kAoNYh X4yQnwXihV+KP7co/MOX62Wr =6ao8 -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61991t=61990 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: can't fix 100 speed on 3550 gigabite switch [7:61933]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The WS-C3550-12T 10-10/100/1000BaseT ports and 2 GBIC ports Has no 100 setting on the GBIC. What do you have on the other side to want to set the speed at 100? Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Richard Campbell Verzonden: maandag 27 januari 2003 2:42 Aan: [EMAIL PROTECTED] Onderwerp: can't fix 100 speed on 3550 gigabite switch [7:61933] Hi.. I found that I can't set my gigabit switch port speed to 100? Why?? How to do it??? cat35-L8-1#conf t Enter configuration commands, one per line. End with CNTL/Z. cat35-L8-1(config)#int gi0/12 cat35-L8-1(config-if)#speed 100 ^ % Invalid input detected at '^' marker. cat35-L8-1(config-if)#speed ? nonegotiate Do not negotiate speed cat35-L8-1(config-if)#speed cat35-L8-1#sh ver Cisco Internetwork Operating System Software IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(6)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2001 by cisco Systems, Inc. Compiled Tue 09-Oct-01 21:46 by devgoyal Image text-base: 0x3000, data-base: 0x00617E14 ROM: Bootstrap program is C3550 boot loader cat35-L8-1 uptime is 3 weeks, 5 days, 16 hours, 46 minutes System returned to ROM by power-on System image file is flash:c3550-i5q3l2-mz.121-6.EA1/c3550-i5q3l2-mz.121-6.EA1.bin cisco WS-C3550-12T (PowerPC) processor (revision A0) with 65526K/8192K bytes of memory. Processor board ID FAA0611V022 _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Version: PGP 8.0 iQA/AwUBPjWxGHdq56XWk+VyEQJU9ACgk8hvlt0MZ+iBS49l0pExfhSyT6MAnR+1 a462f5sKQwtuut9a1vKMkN3W =7Ip4 -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61992t=61933 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Dynamic Natting [7:61584]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For example: Internet nat outside E1 nat outside Router 1600 E0 nat inside Network inside DG 10.x.99.100 Internal customers lans ip nat inside source list 100 interface Ethernet1 overload Nat list access-list 100 permit ip 10.x.99.0 0.0.0.255 any access-list 100 permit ip 10.x.100.0 0.0.0.255 any access-list 100 permit ip 10.x.101.0 0.0.0.255 any access-list 100 permit ip 10.x.102.0 0.0.0.255 any Customer LANs ip route 10.x.100.0 255.255.255.0 10.x.99.100 ip route 10.x.101.0 255.255.255.0 10.x.99.100 ip route 10.x.102.0 255.255.255.0 10.x.99.100 - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Hyman, Craig Verzonden: woensdag 22 januari 2003 17:13 Aan: [EMAIL PROTECTED] Onderwerp: Dynamic Natting [7:61584] ALL- Has anybody been able to do dynamic natting with a 1601R router using IOS 120221a? Have you been able to use multiple subnets( customer IP;s) and run them through one Nat address? Craig Hyman SRS Implementation Team Tier 2 Support [EMAIL PROTECTED] Broomfield Office 303-272-2661 Virtual Office Phone Number 303-604-0037 SkyPager Number 1-888-860-5913 - -Original Message- From: Silju Pillai [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 3:40 PM To: [EMAIL PROTECTED] Subject: RE: How to setup Pix site-to-site VPN with overlapping [7:50255] HI David, I have a link for you. It may help you a bit. It says NAT the existing addresses to a different address at both sites (although the document says one bcoz of the concentrator). http://www.cisco.com/warp/public/707/vpn_pix_private.html. If you are trying this ust tell me if it works or not. regards Silju Version: PGP 8.0 iQA/AwUBPjBYdHdq56XWk+VyEQLpjgCbB3oFZ5RXaO+rXphAaFZIPQExc9MAoPWy w00hZZlvoka9CV4zwuscI0By =dOl9 -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61718t=61584 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: QOS on 2621xm [7:61353]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nope, The only engineering you can do is at the cpe, where your traffic goes out and comes in. Thais makes that you at best can configure QOS at the BOTTLENECK, that may be your remote office router. If not applicable, than the agregation point (HQ) will be the next best. I still would say that you carefully analyse the traffic patterns and look at the bottlenecks. That is the no 1 point to do business. Martijn - -Oorspronkelijk bericht- Van: Julian Pentermann [mailto:[EMAIL PROTECTED]] Verzonden: dinsdag 21 januari 2003 6:58 Aan: mjans001 Onderwerp: Re: QOS on 2621xm [7:61353] would the isp have to do anything or would i just impliment the qos on my router? Thanks for the help - - Original Message - From: mjans001 Newsgroups: groupstudy.cisco Sent: Tuesday, January 21, 2003 12:53 AM Subject: RE: QOS on 2621xm [7:61353] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may need to use Priority Queueing, and hardcode telnet High prio based on an access-list. Normal traffic despools after telnet queue is empty. If you are sure that there will always be bandwitfh left for other traffic, PQ will do fine. That is one way of using it. During transmission, PQ gives priority queues absolute preferential treatment over low priority queues; important traffic, given the highest priority, always takes precedence over less important traffic. Packets are classified based on user-specified criteria and placed into one of the four output queues-high, medium, normal, and low-based on the assigned priority. Packets that are not classified by priority fall into the normal queue. Figure 7 illustrates this process. Congestion Management Overview http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c /qcpart2/qcconman.htm Why Use Priority Queueing? PQ provides absolute preferential treatment to high priority traffic, ensuring that mission-critical traffic traversing various WAN links gets priority treatment. In addition, PQ provides a faster response time than do other methods of queueing. Although you can enable priority output queueing for any interface, it is best used for low-bandwidth, congested serial interfaces. Considerations When choosing to use PQ, consider that because lower priority traffic is often denied bandwidth in favor of higher priority traffic, use of PQ could, in the worst case, result in lower priority traffic never being transmitted. To avoid inflicting these conditions on lower priority traffic, you can use traffic shaping or CAR to rate-limit the higher priority traffic. PQ introduces extra overhead that is acceptable for slow interfaces, but may not be acceptable for higher speed interfaces such as Ethernet. With PQ enabled, the system takes longer to switch packets because the packets are classified by the processor card. PQ uses a static configuration and does not adapt to changing network conditions. Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Julian P Verzonden: maandag 20 januari 2003 9:02 Aan: [EMAIL PROTECTED] Onderwerp: QOS on 2621xm [7:61353] Hi We would like to prioritize incoming traffic on our 256k internet link to uunet .We need to give telnet at least 64k incoming bandwidth. Any ideas on the best way to do this ? Thanks in advance Julian Version: PGP 8.0 iQA/AwUBPix7Bndq56XWk+VyEQJ+/ACfS2LZO44i+6Y+cRg37a/ApiovJtgAoLvz kS6ZvDnOtSXEqAAi/6u1v+p4 =nXJB -END PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBPi2VbHdq56XWk+VyEQIPOQCfTguOnPMduMdxWbRuzbadddit3esAn3/6 vmrK61ZimecTbrS2DXPX3Jwo =FsQK -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61482t=61353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic separate by protocol [7:61431]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Us ecustum queueing, you do nat want to starve queues with prio queueing. Weigted fair(normal default is not going to cut it for your exact needs. Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Frederico Madeira Verzonden: dinsdag 21 januari 2003 4:11 Aan: [EMAIL PROTECTED] Onderwerp: Traffic separate by protocol [7:61431] How i separe traffic in my 2600 router by protocol. Ex: I have a frame-relay circuit of 64Kb cir 32Kb and i wnat to have: 10Kb for http 10Kb for smtp/pop3 5Kb for ftp and the remain for all others. How i make this configuration ?? i must to make in the concentrator router or in all routers on my wan ?? Tanks Fred Version: PGP 8.0 iQA/AwUBPi29wHdq56XWk+VyEQIO2gCgor7jlAbjxM1TYTzP061vg9bg41UAnRDN prUeh04GJhIbrtO55xMtTdwp =2+cA -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61510t=61431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: backup to line ISP [7:61355]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 2 boxes? Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens GeorgeB Verzonden: maandag 20 januari 2003 9:45 Aan: [EMAIL PROTECTED] Onderwerp: backup to line ISP [7:61355] Hello I need to find a way if our frame -relay to ISP went down auto switch to DSL for redundency. Thank you for any thoughts, George Version: PGP 8.0 iQA/AwUBPi2+N3dq56XWk+VyEQIAogCeNbPSw/RubHpxONHrIlygsmGhf4sAn3jj W64KZAXcfA5cSS56VrSaGM4/ =V8+c -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61512t=61355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: backup to line ISP [7:61355]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Do we need to fail-over outgoing traffic only? We can do that from a hosts standpoint. A second default gateway. A destination-unreachable from the box that has the downed link should do the trick. You also can give the cisco box an extra Eth intf. I assume no L3 switch in front? Then an extra 3 eth box should do it. Martijn - -Oorspronkelijk bericht- Van: George Mansoor [mailto:[EMAIL PROTECTED]] Verzonden: dinsdag 21 januari 2003 22:39 Aan: mjans001 Onderwerp: RE: backup to line ISP [7:61355] Yes one Cisco one none Cisco router - -Original Message- From: mjans001 [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 1:40 PM To: George Mansoor; [EMAIL PROTECTED] Subject: RE: backup to line ISP [7:61355] - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 2 boxes? Martijn - - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens GeorgeB Verzonden: maandag 20 januari 2003 9:45 Aan: [EMAIL PROTECTED] Onderwerp: backup to line ISP [7:61355] Hello I need to find a way if our frame -relay to ISP went down auto switch to DSL for redundency. Thank you for any thoughts, George Version: PGP 8.0 iQA/AwUBPi2+N3dq56XWk+VyEQIAogCeNbPSw/RubHpxONHrIlygsmGhf4sAn3jj W64KZAXcfA5cSS56VrSaGM4/ =V8+c - -END PGP SIGNATURE- -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBPi2/9ndq56XWk+VyEQIvCACgpr0dVLN/H4iUNtw6+GJs17NiFvQAniyj M5wEAe4VA08pjZJetKhDBHat =Q6Hc -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61513t=61355 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Traffic separate by protocol [7:61431]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry for the typos. Custom Queueing. - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens mjans001 Verzonden: dinsdag 21 januari 2003 22:39 Aan: [EMAIL PROTECTED] Onderwerp: RE: Traffic separate by protocol [7:61431] - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Us ecustum queueing, you do nat want to starve queues with prio queueing. Weigted fair(normal default is not going to cut it for your exact needs. Martijn - - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Frederico Madeira Verzonden: dinsdag 21 januari 2003 4:11 Aan: [EMAIL PROTECTED] Onderwerp: Traffic separate by protocol [7:61431] How i separe traffic in my 2600 router by protocol. Ex: I have a frame-relay circuit of 64Kb cir 32Kb and i wnat to have: 10Kb for http 10Kb for smtp/pop3 5Kb for ftp and the remain for all others. How i make this configuration ?? i must to make in the concentrator router or in all routers on my wan ?? Tanks Fred Version: PGP 8.0 iQA/AwUBPi29wHdq56XWk+VyEQIO2gCgor7jlAbjxM1TYTzP061vg9bg41UAnRDN prUeh04GJhIbrtO55xMtTdwp =2+cA - -END PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBPi3AFHdq56XWk+VyEQKpMwCcCAJ7Gwb8K3lukDIFkGlcqHibTY8AoOzc bDmr7/OnEHkR+ouzyi+zPOhs =g1sD -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61514t=61431 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Voice Over Internet [7:61467]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nice reading, maybe applicable: Look into next hop resolution protocol, where the dynamic host registers itself at the static host. http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/stlvp_cg.pdf Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens neil K. Verzonden: dinsdag 21 januari 2003 20:10 Aan: [EMAIL PROTECTED] Onderwerp: Re: Voice Over Internet [7:61467] I have a couple of questions more. 1) The IP addressing. The Ip address is assigned dynamically by Service Provider and also the running NAT on the router, will it be an issue. 2) In that case VPN would be a better choice or not. Neil Bruce Enders wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Neil, In broad brushstrokes the answers are sort of: 1. Variable delay is the worst enemy of Voice QoS. Queuing delays are sometimes very common in ISP-to-ISP connections. Putting Voice traffic on the Internet is a risky proposition if you have significant concerns regarding Voice quality. Making sure that each remote has significant bandwidth for the VOIP traffic is the first step. ISPs may be capable of providing some levels of QoS, but may be reluctant to do so. Most ISPs have significantly less queuing delay within their network than they do across connections to other ISPs. (VOIP across the same ISP backbone usually results in better than acceptable voice quality). It is usually the links that connect different ISPs that create the most problems. I have seen large VOIP implementations that achieved very good voice quality over a very large geographic area that was all served by one ISP. (Choose your ISP wisely). 2. VPN could hurt voice quality as some concentrators inject delay into the audio streams. Check the delay specs on any VPN concentrator you are thinking about using to see how much delay you can expect to have to deal with. 3. Solution? Most new Cisco routers and switches support QoS configurations that enhance the probability of achieving good voice quality within a network. I do not know the specs on their VPN concentrators off the top of my head. HTH Bruce neil K. wrote: Hi Guys, I have a few questions regarding implementing VoIP. 1) Can I have different remote offices run VoIP if they have (DSL access of Cable modem access) to the Internet, I mean running VoiP over internet as there wouldn't be any QoS.I am not sure about the Quality of Voice in that case.Also can the service provider of DSL or Cable provide us with some kind of QoS so that the Voice quality can be improved. 2)Will implementing a VPN solution help in running VoIP and how and what are the different solutions and what vendors should I be looking at. 3) Does Cisco have a solution for this. Thanks in advance. Neil. K. -- Bruce Enders Email: [EMAIL PROTECTED] Chesapeake NetCraftsmeno:(410)-280-6927, c:(443)-994-0678 1290 Bay Dale Drive, Suite 312 WWW: http://www.netcraftsmen.net Arnold, MD 21012-2325 Cisco CCSI# 96047 Efax 443-331-0651 Version: PGP 8.0 iQA/AwUBPi3E4Xdq56XWk+VyEQKRaQCgs+Uul6YIxocqc/XHtZu+YvA++OgAn0Ku gCmGuhIxzZUBQ1A7vG2wvmau =OqwR -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61515t=61467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Token Ring/HSRP Question [7:61359]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Seems that after 11.3(9) they fixed a few bugs regarding HSRP. You can try it. http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/rn113m/rn113mnt.htm#xtocid25 .2eu c MArtijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Simon Watson Verzonden: maandag 20 januari 2003 11:08 Aan: [EMAIL PROTECTED] Onderwerp: Token Ring/HSRP Question [7:61359] Hi Guys I'm going to a client's site that has a 2513 router with 11.3(11a) IOS (image is c2500-ds-l_113-11a.bin). 2 things: I'm looking to set up HSRP on the router, should I have any issues with that level of software ?Also are there an issues I should be aware of when configuring HSRP on token ring routers ?? Thanks in advance Simon. - Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* Version: PGP 8.0 iQA/AwUBPi3HR3dq56XWk+VyEQJSSwCgoyJ1D/+pXgdipbJ+6xW4DiiwIj0AoO8m n9jRny4WKcn+HQ+oy4vM5jyy =3WHB -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61517t=61359 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Confusion on CISSP requirements [7:60997]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I stand firm behind Will's post. Martijn Jansen CISSP etc. www.wortell.nl - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens William Gragido Verzonden: dinsdag 14 januari 2003 18:24 Aan: [EMAIL PROTECTED] Onderwerp: RE: Confusion on CISSP requirements [7:60997] Not necessarily Scott. You've got to be able to prove (in others words have documentable proof), that you've worked for a cumulative total of 4 years in the security field. Now, the caveat is that your work can be spread amongst the ten domains or relegated to one as long as your total time meets the minimum criteria. Then you are eligible to test. Once you test and pass, you must then be sponsored by a CISSP in good standing. Shoot me a note with any questions, Will Gragido CISSP CCNP CIPTSS CCNA CCDA MCP blah blah blah NSC www.ins.com - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Sent: Monday, January 13, 2003 6:44 PM To: [EMAIL PROTECTED] Subject: OT: Confusion on CISSP requirements [7:60997] I'm a CCIE with over 4 years of experience in networking and a college degree. Each position I have had required a small percentage of security related work. Does that satisfy the requirements or are they asking for 100% security work? Any help greatly appreciated. Version: PGP 8.0 iQA/AwUBPi3H0ndq56XWk+VyEQK0dgCeIcxQJ9SP1PWxATSQ8/DRcBx7mp0AnRCw KzEAqYs83YjxNpwMPomn/Lxw =6s/J -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61519t=60997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Concetrator #3030 [7:58982]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 There is like a failover setting in the 3002 hardware client. The software client needs to dial in again, the second/backup ip. Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens neil K. Verzonden: woensdag 11 december 2002 18:16 Aan: [EMAIL PROTECTED] Onderwerp: VPN Concetrator #3030 [7:58982] Hi All, Few questions regarding the VPN Concentrator 1. what do I do for Redundancy, ( VPN Redundant Bundle) 2. Load balancing 3. Where to put the Concentrator ( prefer putting the VPN Concetrator behind Firewall).What are issues I will have to consider if I put the concentrator behind Firewall. Thanks, Sunil Version: PGP 8.0 iQA/AwUBPi3Irndq56XWk+VyEQLceQCgxuZ/wMidJNS1cvEC71ERrjRJDwcAn1h4 GfDWR3RKOJKORSoieVp4UEj6 =gMi+ -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61522t=58982 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX NAT bypass [7:61338]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/mr.htm#1032129 Usage Guidelines The nat command lets you enable or disable address translation for one or more internal addresses. Address translation means that when a host starts an outbound connection, the IP addresses in the internal network are translated into global addresses. Network Address Translation (NAT) allows your network to have any IP addressing scheme and the PIX Firewall protects these addresses from visibility on the external network. The nat outside option lets you enable or disable address translation for the external addresses. The nat if_name 0 access-list acl_name command lets you exempt traffic that is matched by the access-list command statements from the NAT services. Adaptive Security remains in effect with the nat 0 access-list command. The extent to which the inside hosts are accessible from the outside depends on the access-list command statements that permit inbound access. The if_name is the higher security level interface name. The acl_name is the name you use to identify the access-list command statement. With PIX Firewall software version 5.3 and higher, there is no longer a restriction on having the nat 0 command (Identity NAT) and the nat 0 access-list command configured at the same time. Both the nat 0 command and the nat 0 access-list command may be configured concurrently. The access-list option changes the behavior of the nat 0 command. (Without the access-list option, the command is backward compatible with previous versions.) The nat 0 command implemented the identity feature; this new version of the command disables NAT. Specifically, the new behavior disables proxy ARPing for the IP addresses in the nat 0 command statement. http://www.cisco.com/warp/public/707/28.html Define the inside group to be included for NAT: nat (inside) 0 175.1.1.0 255.255.255.0 disabled nat nat (inside) 1 10.1.6.0 255.255.255.0 enabled nat - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Michael Vasilenko Verzonden: zondag 19 januari 2003 17:21 Aan: [EMAIL PROTECTED] Onderwerp: PIX NAT bypass [7:61338] Hello! I need to implement unidirectional traffic flow with NAT bypass through PIX. Any help, links, config examples would be fine. Thanks. - -- Michael Vasilenko Version: PGP 8.0 iQA/AwUBPixvCXdq56XWk+VyEQLNdACbBN+D0sbxbYj8M3pPIWC7q09Gk40AoNnZ CR9mRTQti3JfttFfnetjP0X7 =+Rd7 -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61412t=61338 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: QOS on 2621xm [7:61353]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You may need to use Priority Queueing, and hardcode telnet High prio based on an access-list. Normal traffic despools after telnet queue is empty. If you are sure that there will always be bandwitfh left for other traffic, PQ will do fine. That is one way of using it. During transmission, PQ gives priority queues absolute preferential treatment over low priority queues; important traffic, given the highest priority, always takes precedence over less important traffic. Packets are classified based on user-specified criteria and placed into one of the four output queues-high, medium, normal, and low-based on the assigned priority. Packets that are not classified by priority fall into the normal queue. Figure 7 illustrates this process. Congestion Management Overview http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart2/qcconman.htm Why Use Priority Queueing? PQ provides absolute preferential treatment to high priority traffic, ensuring that mission-critical traffic traversing various WAN links gets priority treatment. In addition, PQ provides a faster response time than do other methods of queueing. Although you can enable priority output queueing for any interface, it is best used for low-bandwidth, congested serial interfaces. Considerations When choosing to use PQ, consider that because lower priority traffic is often denied bandwidth in favor of higher priority traffic, use of PQ could, in the worst case, result in lower priority traffic never being transmitted. To avoid inflicting these conditions on lower priority traffic, you can use traffic shaping or CAR to rate-limit the higher priority traffic. PQ introduces extra overhead that is acceptable for slow interfaces, but may not be acceptable for higher speed interfaces such as Ethernet. With PQ enabled, the system takes longer to switch packets because the packets are classified by the processor card. PQ uses a static configuration and does not adapt to changing network conditions. Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Julian P Verzonden: maandag 20 januari 2003 9:02 Aan: [EMAIL PROTECTED] Onderwerp: QOS on 2621xm [7:61353] Hi We would like to prioritize incoming traffic on our 256k internet link to uunet .We need to give telnet at least 64k incoming bandwidth. Any ideas on the best way to do this ? Thanks in advance Julian Version: PGP 8.0 iQA/AwUBPix7Bndq56XWk+VyEQJ+/ACfS2LZO44i+6Y+cRg37a/ApiovJtgAoLvz kS6ZvDnOtSXEqAAi/6u1v+p4 =nXJB -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61420t=61353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Study group Amsterdam, The Netherlands [7:61347]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anybody interested in forming a RS LAB study group in The Netherlands, Amsterdam. Have no date, aiming on summer. Have more hardware than they do in Brussels. ;-) Pls contact off-line. Martijn Jansen -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBPismhHdq56XWk+VyEQJMegCfQfezfLSjYY/AhcQmx1/Yk+IN0P4AnAl9 K+nurBWqCHFXj7PLCodYUr/O =Vjed -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61347t=61347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Exam...(CSPFA) [7:61293]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would do the MCNS first at least. Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Gunjan Mathur Verzonden: zaterdag 18 januari 2003 9:02 Aan: [EMAIL PROTECTED] Onderwerp: PIX Exam...(CSPFA) [7:61293] Hi, I'm CCNA and now thinking for Cisco Secure PIX Firewall Advanced. I wanted to know about the value of this exam. is this is in demand and help me to get better jobs... I'm in India and don't know whether in India this would help me to get a good opportunity.. TIA... __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Version: PGP 8.0 iQA/AwUBPikiAHdq56XWk+VyEQLNLACfQfgmvm6C//0ARCgXMid7+6JVOmgAn2xi 5xqd7+HjYLkZt7xiT0EoehHL =Am7V -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61294t=61293 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: URGENT: Modem Authentication Failure [7:61292]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I do not have lots of debug experience in that area, but maybe can help a little. The message Call Handle failed for Modem 5/2 Does not seem to worry, see Configuring Dialin with the NM-8AM or NM-16AM Analog Modem Module Sample Debugs Output http://www.cisco.com/warp/public/471/nm-xam_dialin.html#9 Where it is standard debug output for a succeeded call. The message Received authen response status FAIL (3) Does worry me. Triple check that nothing changed in the radius/tacacs config. Common Problems in Debugging TACACS+, PAP and CHAP http://www.cisco.com/warp/public/480/tacacs_pppdebug.html Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Hamid Ali Asgari Verzonden: zaterdag 18 januari 2003 8:34 Aan: [EMAIL PROTECTED] Onderwerp: URGENT: Modem Authentication Failure [7:61292] Hi everybody, Today I have encountered a strabge problem. I have a 3660 router with NM-16AM modules. Nothing has been changed. Suddenly we got complains from users tht they cannot connect. I have checked the AAA server. But there is nothing wrong. Here is my debug log: - --- Call Handle failed for Modem 5/2 %LINK-3-UPDOWN: Interface Async163, changed state to up TPLUS: Queuing AAA Authentication request 634 for processing TPLUS: processing authentication start request id 634 TPLUS: Authentication start packet created for 634(testuser) TPLUS: Using server XY.XY.XY.250 TPLUS(027A): connected to server XY.XY.XY.250 TPLUS: response received for AAA request 634 TPLUS: Received authen response status FAIL (3) %LINK-5-CHANGED: Interface Async163, changed state to reset %LINK-3-UPDOWN: Interface Async163, changed state to down Call Handle failed for Modem 5/2 %LINK-3-UPDOWN: Interface Async163, changed state to up TPLUS: Queuing AAA Authentication request 637 for processing TPLUS: processing authentication start request id 637 TPLUS: Authentication start packet created for 637(testuser) TPLUS: Using server XY.XY.XY.250 TPLUS(027D): connected to server XY.XY.XY.250 TPLUS: response received for AAA request 637 TPLUS: Received authen response status FAIL (3) %LINK-5-CHANGED: Interface Async163, changed state to reset - --- Any comments? I couldn't find what the FAIL(13) error code means. And also I don't know what causes Call Handle failed for Modem 5/2. I get this for a lot of my modems on my console.Thanks in advance, Hamid Version: PGP 8.0 iQA/AwUBPikla3dq56XWk+VyEQKphACfa6B8lpmTQ3Yt6D18Vb8Kxk6aEdUAoNbu ITDsRaSUCQlsXdkQFM5zARCH =EO/E -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61295t=61292 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Client+IOS [7:59283]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For example in http://www.cisco.com/warp/public/707/ios_usr_rad.html Is, like I said, ANOTHER ip range used than in the LAN. Configuring Router to VPN Client, Mode-Config, Wild-Card Pre-Shared Key with NAT http://www.cisco.com/warp/public/707/25.shtml Speaks of interface Serial1 ip address 10.2.2.1 255.255.255.0 no ip directed-broadcast ip nat inside ! And ip local pool ourpool 10.2.1.1 10.2.1.254 So diff ip ranges works. Than !--- Except the private network to private network traffic !--- from the NAT process. access-list 101 deny ip 10.2.2.0 0.0.0.255 10.2.1.0 0.0.0.255 access-list 101 permit ip 10.2.2.0 0.0.0.255 any route-map nonat permit 10 match ip address 101 Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens JM Verzonden: maandag 16 december 2002 12:35 Aan: [EMAIL PROTECTED] Onderwerp: VPN Client+IOS [7:59283] Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Version: PGP 8.0 iQA/AwUBPhoJc3dq56XWk+VyEQK89gCg3+KCCkku2715DESXMZKofwxptnsAoMdU Y0VwPf1Hyx9CaBuNqOreI30C =vomy -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60466t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: O/T more campus design issues [7:60136]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Priscilla, For startup (win 9x) you must put wins in place. The Netbios node type is covered in a prev thread. You can do a include statement in the client lmhosts file that refers to a lmhosts file at the DC for (example the netlogon share or on a random server) for scaling issues. Browsing: Older Windows boxes make lousy browsing masters. They elect all the time, startup/shut. Also the LANMAN processes are not that tuned for that role. So putting NT on the segment (for file/print) trough multi-home or vlan tags is recommended, sure when there are al lot of win 9x clients. Make that WINS, and you are OK. I've seen that work fine. My 2 eurocents Martijn - -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Verzonden: donderdag 2 januari 2003 23:16 Aan: [EMAIL PROTECTED] Onderwerp: O/T more campus design issues [7:60136] You all remember my very simple campus network re-design that I've been helping out with? It sure has been keeping me humble. ;-) So we upgraded the single subnet to two subnets and two VLANs. Everything is working OK except for Windows networking. The PCs on the new subnet can't find a domain controller for authentication. So, you can feel free to yell at me for not gathering more information on the symptoms, but the client hasn't told me much. ;-) But does this ring a bell with anyone? Are there standard recommendations on how to handle this in a subnetted VLANed internetwork. I'm not too well informed on Windows networking. My co-author wrote that chapter in my troubleshooting book. Thank-you so much! Priscilla Version: PGP 8.0 iQA/AwUBPhVcXndq56XWk+VyEQJtxACfTnxxXhn1VNAYEa5IO9YXPwQBLc4AoPkR 4Hx1X4WCHL0K29snGvn3agg/ =8zm5 -END PGP SIGNATURE- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60200t=60136 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VPN Client+IOS [7:59283]
Last time iot worked for me I used another private range (than i use in the lan) for the vpn clients, and had to triple check my access-lists, especially the one that encrypts from lan to vpn client. Make sure that your vpn headend (2600) is the default gateway for that vpn client lan, or give away a static route per server. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Jacek Malinowski Verzonden: maandag 16 december 2002 22:53 Aan: [EMAIL PROTECTED] Onderwerp: Re: VPN Client+IOS [7:59283] I have 4 interfaces: Serial 0/1 - public IP for example 1.1.1.1 fast 0/1 -public IP for example 2.2.2.2 fast 0/0 -LAN IP : 192.168.1.1/24 My ip address pool for VPN : 192.168.1.170-192.168.1.190 On VPN padlock i haver Ip address from router for example 192.168.1.170 but I can't ping any address on LAN. I don't know I am using the newest VPN Client : vpnclient-win-is-3.6.3.Rel-k9 I have ip nat inside on Fast 0/0 and outside on ser 0/1 but without doesn't work to :(. Ben Woltz wrote: The IP address that your VPN Client gets from the router, are you advertising that route through your network? JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello I am trying to run VPN beetwen VPN Client 3.6.2.A and Cisco 2651. On Cisco router I have: Software with 3DES/IP PLus/FW/IDS - Version 12.2(11)T2 Router has 4 interfaces: serial 0/1 - Internet here I gave cryptomap fasteth 0/1 -DMZ fasteth 0/0 -LAN ( here I want to be tgrough VPN) I have the same configuration like in TAC help : http://www.cisco.com/warp/customer/471/ipsecrouter_vpn.html VPN Client can login inside router, and I have ipaddress from router, but I don't see anything. I can't ping. I have question ? Where am Im inside the router ? I am in, but I don't see anything. When I will have : ip access-list out on fast0/0 (LAN) what should I enable ? I have nat inside on fast 0/0 and outside on ser 0/1 Regards JM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59352t=59283 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Mac network [7:58945]
Always harcode L2 speeds with mac, especially on the switch and server. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Dwayne Saunders Verzonden: woensdag 11 december 2002 17:32 Aan: [EMAIL PROTECTED] Onderwerp: Mac network [7:58945] Hi all Mac users I have a small problem with a network that I was asked to look at there is 6 end user machines and 1 server all connected via a switch the problem is that when connected to the switch network transfers to and from the server are very slow i.e. 100meg file take approx 18 minutes Now I have swapped the cheap $100 switch out and replaced it with a another one from the supplier still the same problem I then replaced the switch with a hub and now everything flies along The Mac's are running 9.2 os and from what I can see without doing a network capture there is speed and duplex conflict these settings cant be changed on this os. So any help with this would be greatly appreciated. Regards D'Wayne Saunders Data Network Administrator Phone: +61 8 8950 7742 Mobile: +61 412 832 322 Fax: +61 8 8952 1112 www.lasseters.com.au World's First Government Licensed and Regulated Online Casino... *** This email message (and attachments) may contain information that is confidential to Lasseters Online. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Lasseters Online are neither given nor endorsed by it. *** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59228t=58945 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco 675 DSL ATM Setting [7:59225]
Group, anybody experience with the 675 series? I am trying to put a vpi of 8 in the config but it does not accept it, goes to 4. http://www.cisco.com/univercd/cc/td/doc/product/dsl_prod/c600s/600inop/r config.htm#xtocid1095515 Says In CBOS version 2.3 or earlier, the VPI count is 1 to 4. In later versions, the VPI count is 1 to 8. But i cannot config it Config that is NOT accepted: set interface wan0-0 disable write set interface wan0-0 vpi 8 set interface wan0-0 vci 48 set interface wan0-0 enable Write OS Version nsrouter.c675.2.4.6.bin I need to set 8/48 vpi/vci fot the telco in the netherlands. Any ideas? Had no luck on usenet. Martijn Cheers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59225t=59225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How to change the default Telnet port of a router [7:58647]
I started using ssh. I think TheraTherm also has a free client. I placed some effort in not using standard port 22 ssh. ip ssh authentication-retries 2 ip ssh port 2500 rotary 1 line vty 0 4 access-class 199 in rotary 1 transport input telnet ssh no access-list 199 access-list 199 permit tcp 000x any eq telnet (inside) access-list 199 permit tcp any any eq 2500 (from outside?) Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Simon Cheng Verzonden: donderdag 5 december 2002 20:24 Aan: [EMAIL PROTECTED] Onderwerp: How to change the default Telnet port of a router [7:58647] Hi, can anyone tell me is that possible to change the default telnet port no. on a cisco router? Say I dont want to use tcp port 23 to telnet to my company router. Simon Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58815t=58647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX 501 and MSN Messanger Voice / Video Chat [7:58809]
I agree. Nat some ports to inside, see if they telnet or something. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Verzonden: maandag 9 december 2002 20:39 Aan: [EMAIL PROTECTED] Onderwerp: PIX 501 and MSN Messanger Voice / Video Chat [7:58809] Guys I have just installed PIX 501 at my home network, i can not do VOICE / VIDEO chat through MSN Messanger / Net Meeting. For testing i am permitting IP ANY ANY on outside Interface. Still same issue, Let Me know if you know the fix or work around to this problem. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58816t=58809 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: more VPN fun... [7:58818]
Am working on the IOS version of what you are doing. We better keep each other posted. In a few weeks I am bound to roll out multi ios to (pix head-end) 3des ipsec hub/spoke. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Edward Sohn Verzonden: maandag 9 december 2002 21:44 Aan: [EMAIL PROTECTED] Onderwerp: more VPN fun... [7:58818] anyone have any working configs of a PIX set up for a site-to-site IPSec tunnel with another PIX (at a remote site), as well as set up for mobile user VPN access (through dialup/dsl/cable/etc)? the client will user secure VPN client 3.0 for windows. i have the docs from CCO, but someone told me that their config for the remote user is wrong and does not work right. appreciate your help. please email me directly. ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58822t=58818 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Graphical Bandwidth Utilization [7:58819]
Check this. Not really a log analyser, but nice realtime internet traffic stats features for pix (if that is the only edge device). http://www.stonylakesolutions.com/sls/insideout.jsp Does a lot, cheap verion also. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Patrick Matthews Verzonden: maandag 9 december 2002 22:43 Aan: [EMAIL PROTECTED] Onderwerp: Re: Graphical Bandwidth Utilization [7:58819] Thanks for the responses - New Question: A good Realtime Log analyzer for our Pix and 2651 Internet Router Syslog's. One that would preferrably run on Win2k (Not absolutely neccessary though). One that is capable of detecting portscans and the like as close to Real time as possible. Thanks in advance John McCartney wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When I was at an ISP we used MRTG. There are many available on the Internet, some require a server. HTH's Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58847t=58819 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Graphical Bandwidth Utilization [7:58819]
Webtrends (now NetIQ) should do a good job (a large suite), but tested it only for a day on IOS. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Patrick Matthews Verzonden: maandag 9 december 2002 22:43 Aan: [EMAIL PROTECTED] Onderwerp: Re: Graphical Bandwidth Utilization [7:58819] Thanks for the responses - New Question: A good Realtime Log analyzer for our Pix and 2651 Internet Router Syslog's. One that would preferrably run on Win2k (Not absolutely neccessary though). One that is capable of detecting portscans and the like as close to Real time as possible. Thanks in advance John McCartney wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... When I was at an ISP we used MRTG. There are many available on the Internet, some require a server. HTH's Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58846t=58819 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Block MSN Messenger [7:57595]
AOL instant messenger can be blocked by filtering out the following I.P. addresses: 205.188.3.160. 205.188.3.176, 205.188.5.204, 205.188.5.208, 205.188.7.164, 205.188.7.168, 205.188.7.172 205.188.7.176, and DNS name of login.oscar.aol.com which is used to login to aol instant messenger. block yahoo messenger msg.sc5.yahoo.com msg.yahoo.com MSN gateway.messenger.hotmail.com This should resolve most of your messenger blocking issues. If you need anything else, let me know. -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Mears, Rob Verzonden: dinsdag 19 november 2002 18:28 Aan: [EMAIL PROTECTED] Onderwerp: RE: RE: Block MSN Messenger [7:57595] Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -Original Message- From: vikramjskeer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram Lidiya White wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. Ahed Naimi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... gt; Dear All; gt; gt; Is there any way to block MSN Messenger by using the access-list statements gt; on an IOS Cisco router. gt; gt; Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents Valufon, Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58302t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Block MSN Messenger COMPLETE [7:58304]
Sorry my 11th finger seemed to hit send. From several lists, but not tested thouroughly http://www.groupstudy.com/archives/cisco/200206/msg00480.html Block Kazaa Kazaa connects to other peers running Kazaa, on port 1214. So, the best way to block Kazaa downloads is to reject incoming and outgoing data packets-both TCP and UDP packets-on this port. Block Gnutella clients The P2P apps, which use the Gnutella network connect to peers on ports 6346 and 6347. AOL instant messenger can be blocked by filtering out the following I.P. addresses: But BLOCK internal DNS server AOL's DNS first BLOCK out from /32 to 205.188.0.0/16 port = 53 aim.aol.com login.oscar.aol.com 64.12.161.153bucp1-vip-m.blue.aol.com 64.12.161.185bucp2-vip-m.blue.aol.com 152.163.214.75 bucp-r01.blue.aol.com 152.163.214.76 bucp-r02.blue.aol.com 152.163.214.108bucp-r03.blue.aol.com 152.163.242.24 152.163.241.120 152.163.241.128 152.163.241.96 205.188.1.56 205.188.3.160 205.188.3.176 205.188.4.106 205.188.5.204 205.188.5.208 205.188.7.164 205.188.7.168 205.188.7.172 205.188.7.176 205.188.147.114 205.188.147.113 205.188.147.114 205.188.148.180 205.188.148.181 AOL Instant Messenger - Ok, I have been able to block this one with pretty solid results. I had to pretty much block 1 class C's worth of addresses in the 64 region of AOL's address range, but have not heard any complaints thus far. The program is pretty damn smart about getting around rules in your firewall. It will try and use FTP, TELNET, HTTP, FINGER, NETBIOS over IP, APPLETALK over IP, 1080 (SOCKS), 1024, Lotus Notes (TCP 1352) and a few others. I pretty much locked the subnet down but AIM was somehow getting through. I finally figured out that my CheckPoint firewall was allowing DNS traffic outbound in my rule base above rule 1. I had to go to the Properties section and disable the implicit access to DNS (TCP/UDP 53). Once I did that, it killed AIM altogether. DNS name of login.oscar.aol.com which is used to login to aol instant messenger. block yahoo messenger msg.sc5.yahoo.com msg.yahoo.com msg.edit.yahoo.com messenger.yahoo.com http.pager.yahoo.com cs.yahoo.com Default Port: 5050 216.136.175.145 216.136.224.213 216.136.224.214 216.136.225.11 216.136.225.12 216.136.225.35 216.136.225.36 216.136.225.83 216.136.225.84 216.136.226.117 216.136.226.118 216.136.131.93 216.136.175.142 216.136.175.143 216.136.175.144 access-list 101 deny ip 10.1.4.0 0.0.0.255 216.136.0.0 0.0.255.255 access-list 101 deny ip 10.1.4.0 0.0.0.255 66.163.0.0 0.0.255.255 access-list 101 deny ip 10.1.4.0 0.0.0.255 64.58.0.0 0.0.255.255 Test first. MSN gateway.messenger.hotmail.com Messenger uses port 1863, but if you block it then it can automatically switch to port 80. 1. Add the following registry key into client machines either through login script or similar: HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client\PreventRun=1 This will prevent Messenger from running, whether or not it is installed. Because this key isn't modified during a Messenger install/re-install/upgrade, and isn't removed if the software is uninstalled, this should work for you. Nov. 9, and there were multiple login servers, where in the past there was only one. By Nov. 29, it appeared that there were login servers at addresses 64.4.13.17 64.4.13.170 through 64.4.13.190. Microsoft may be adding even more in the future. I was still able to block MSN Messenger with just default filter exceptions and the Access Rule listed above, but should a new version of MSN Messenger come out that is able to slip by the proxy rules, try redirecting an entire subnet. Redirecting subnet 64.4.13.160 (255.255.255.224) will prevent traffic from reaching all addresses from 64.4.13.161 through 64.4.13.191. (Changing that subnet to 64.4.13.128 and the subnet mask to 255.255.255.128 would expand the blocking to 64.4.13.129 through 64.4.13.255). Block ICQ/AIM traffic block out from any to any port = 5190 block in from any to any port = 5190 web.icq.com ads.icq.com login.icq.com cb.icq.com icq.mirabilis.com http.proxy.icq.com Work in progress. (from several posts) Martijn Jansen -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] Namens Mears, Rob Verzonden: dinsdag 19 november 2002 18:28 Aan: [EMAIL PROTECTED] Onderwerp: RE: RE: Block MSN Messenger [7:57595] Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -Original Message- From: vikramjskeer [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very
RE: Need Help ( DNS Server)
Hi, Check client hostname and domain name in local IP-stack. PER interface DNS resolution can done in NT, but normally PER DOMAIN/PER MACHINE. So check local IP settings. Browse trough hostname AND domain name of the DNS server locally (ipstack) also. Cheers, Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Shahid Muhammad Shafi Verzonden: maandag 5 februari 2001 4:10 Aan: [EMAIL PROTECTED] Onderwerp: Need Help ( DNS Server) I m just running a DNS server with Microsoft DNS manager and I got 8 clients on the subnet. The problem i having here is that I can ping all the clients from DNS Server using their FQDN but when I try to ping the DNS server from the clients they ping it only when I give the Hostname i.e Labserver but they dont ping it whaen i try using Labserver.itplab.com Any suggestions??? Thanks in advance Shahid __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routers for home lab
Do not forget that practicing with reverse telnet is HANDY for the lab (do not kill me if I am not right) so a 2509/11 would do great, only it has 2s and 1e. I am getting pretty used to telnetting into my 4 other routers/1 switch trough my 2511.. octal cable. Believe ccieprep.com has a labdocument where they state the use of the reverse telnetting, also every CCIE book comes back on the subject. Cheers Martijn http://www.ccprep.com/resources/news/archives/ccielab.zip -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens kz Verzonden: woensdag 7 februari 2001 3:13 Aan: [EMAIL PROTECTED] Onderwerp: routers for home lab hi i want to make a home lab of my own as a preparation for the CCIE lab test. what kind of routers and switches do i need to build such lab? I already have 4 2500 (2 2501s, 2503, 2523) routers and 1 Catalyst 5000. any advice is highly appreciated kz _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Merging two companies
Why don't you combine nat with 2 or 3 extra IP's in a dmz. The road from 1 to 2 would look like this. c1 NAT--FW-- vpn --FW--dmz- IP1 / ip2 / ip3 -dmz--- nat --- c2 10.x packet dest ip1/2/3 say 25.x 25.x server maps share/port/server to internal ip 10.x The dmz ip's can map internal c2 servers with shares, caching /forwarding mail servers etc. Just a braindunp, maybe tunable. #;-) Cheers, Martijn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1200 Catalyst for CCNP lab?
Group, I would like to know if it is a good buy to get a few Catalyst 1200's for switching certification. Has anyone used them, and are they any use for the exam. The 1900 with Enterprise I already have has IOS and the syntaxes etc on the 1200 look different, but support building VLAN's, TRUNK's etc. Cheers Martijn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPSec help
What you could use is a separate OR double tunnel, for example (some extra public IP's) network private nat (here) to public ip (behind FW=DMZ) vpn FW ipsec(here) source internet vpn FW ipsec dest nat (here) from public ip to private ip (behind FW=DMZ) network private This chapter shines a in-dept light on the topic, and also explains a pass-trough vpn scenario. http://www.microsoft.com/TechNet/win2000/win2ksrv/reskit/intch09.asp Cheers, Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Ricky Gomez Verzonden: woensdag 31 januari 2001 16:43 Aan: '[EMAIL PROTECTED]' Onderwerp: IPSec help Hey all, I'm trying to implement IPsec in my existing network but we are using NAT. In order for the Encapsulating Secure Payload (ESP) and Authentication Header (AH) protocol to exit out my network the packet cannot be modified, in which it is being modified due to Network Address Translation (NAT), so the connection is terminated. Does anyone know what appliance I need to invest in, in order to make this work? Ricky Gomez LAN/WAN ENGINEER Email: mailto:[EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WAN switching Exam
http://cramsession.brainbuzz.com/cramsession/cisco/ccna_ws/ sorry. Cheers -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens mjans001 Verzonden: dinsdag 16 januari 2001 14:58 Aan: Stuart Laubstein; [EMAIL PROTECTED] Onderwerp: RE: WAN switching Exam Try the QA forum here. Cheers. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Stuart Laubstein Verzonden: dinsdag 16 januari 2001 14:13 Aan: '[EMAIL PROTECTED]' Onderwerp: WAN switching Exam Are there any good books for the CCNA Wan switching exam? Is it a useful cert in any case--ie are companies looking for it at all or even know it exists? The exam outline looked pretty much like CCNA with some of the stuff from CCNP thrown in but not much. Has anyone actually taken the test? thanks stu _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco router purchase FW: Home CCNP lab
A little from the archives Cheers Martijn Jansen -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Chris Larson Verzonden: vrijdag 24 november 2000 21:28 Aan: Elias Aggelidis; Michael Ross; [EMAIL PROTECTED] Onderwerp: Re: Home CCNP lab Actually you could get by just fine with 2 or 3 2500 series and a Cat 1900. The CAT 1900 has basically the same OS as 5000. Make sure the 2500's have a couple serial (use them as a frame relay or X.25 switch) and to test ISDN you will need an ISDN interface and ISDN simulator. - Original Message - From: Elias Aggelidis To: Michael Ross ; [EMAIL PROTECTED] Sent: Friday, November 24, 2000 12:44 PM Subject: Re: Home CCNP lab Hi, I do not think that you need to setup a LAB to pass the CCNP. But if you would like to do it you must have a 55xx, 36xx, 7xx, 25xx and maybe a 4xxx Regards - Original Message - From: Michael Ross To: [EMAIL PROTECTED] Sent: Friday, November 24, 2000 1:51 AM Subject: Home CCNP lab G Day I am currently looking at setting up a home lab to self study CCNP. I would be most appreciative if any one would be able to assist me by advising what equipment would be required and avaiable to carry out most of the labs. I am in Australia and am willing to purchase second hand equipment. Hopefully the Aussie dollar will improve for exchange rates. Regards, Michael. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco router purchase FW: 2523 or 2522 for homelab
RE: 2523 or 2522 for homelabIn addition to the archives I found for you: A dual 2501 lab is good for starters because of the 2 serials a piece, and the ethernet connection. For BCRAN you will need ISDN interfaces though ( 2 2503's). At the moment articles surface about dialing through the aux port that every 25* router posesses. Then DDR/backup and Snapshot routing should work also. (Then no BRI needed, but you may to leartn a little about the complex world of ISDN signaling). Do not want to dive too deap into routing here, as every BSCN, CCIEprepbook etc. book lists them fine, the labs show the amount of routers you need. One is fine for basics, 2 for routing basics, 3 for 3/4 of all routing, then you go to 4-5-6 etc CAT 5000. My lab I ordered at Netfix.com has a 2509 for reverse telnetting, 2 serials, 1 Eth, x async 2521 for working as a frame switch, 4 serials, 1 TR, BRI 2514 with 2 serials and 1 TR, 1 Eth. Nice package with all cabling, trancievers, TR equipment etc. 1603 for ETH/BRI already there. Later more can be added, if your budget allows. You will want to watch IOS versions, I believe you will need atleast 11.2, enterprise plus version if possible for Exterior routing. Try to look in the future, what labs do belong to that future, then start building, IOS/memory can be upgraded (ebay), but no ports added (if not buying 2524/2525). My 2nd 0.2c as a beginner. Martijn MCP 18x CCNA -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Han Nguyen Verzonden: donderdag 16 november 2000 13:54 Aan: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Onderwerp: RE: 2523 or 2522 for homelab The different is the Fixed LAN port: Ethernet for 2522 and Token Ring for 2523. Cisco 2522/CPA2522 1 Ethernet port with a selectable AUI connection or 1 Ethernet 10BaseT connection 1 ISDN BRI port (RJ-45) 2 high-speed synchronous serial ports 8 low-speed asynchronous/synchronous serial ports Cisco 2523/CPA2523 1 Token Ring STP port or 1 Token Ring UTP port 1 ISDN BRI port (RJ-45) 2 high-speed synchronous serial ports 8 low-speed asynchronous/synchronous serial ports Any router with Token Ring port is usually much cheaper than the one with Ethernet port. If you only use it as a Frame-Switch, then the 2523 can do the same job as the 2522. Han. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 15, 2000 9:24 PM To: [EMAIL PROTECTED] Subject: 2523 or 2522 for homelab Hi,Group My small homelab have 2 2501s , and I want to add a Frame-Switch ,but I have some questions Why the 2522 is much more expensive than the 2523? They are just the same except the Fixed Lan Port, but I found a 2522 costs $2xxx ,and the 2523 costs just $1xxx on www.iqsale.com. If I use the routers in the homelab, can a 2523 do the lab than one 2522 can do?IMHO, 2523 is more suitable for the homelab,because it's cheaper,Please correct me,thanks a lot. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Writing on 26/1
Carl, go get it, keep the level of concentration . ;-) Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Celliers, Carl Verzonden: donderdag 25 januari 2001 14:54 Aan: '[EMAIL PROTECTED]' Onderwerp: Writing on 26/1 Im writing CCIE Written tomorrow. Hold thumbs for me. Carl ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Question about Napt
Hi Fred. I don't have the answers, but came across a nice NA(p)T article. I'll be watching while this also has my interest. http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html Quote: The Cisco Secure PIX Firewall series supports port address translation (PAT) with "port-level multiplexing"---a method to further conserve IP addresses. With PAT, users' inside local addresses are automatically converted to single outside local addresses using different port numbers to distinguish between each translation. More than 64,000 inside hosts can be served by a single outside IP address with PAT. http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pie_ds.htm Somewher else it states 64.000 TCP-connections at the same time. Not the theory, but some info after all. Cheers, Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Fred Danson Verzonden: donderdag 25 januari 2001 15:07 Aan: [EMAIL PROTECTED] Onderwerp: Question about Napt Hi, I was reading RFC3022 about Napt last night, and I still dont understand one thing about it. From what I understand is that Napt allows you to use one single globally unique IP address on the WAN interface of your router, and then a large number of local addresses inside your network which aren't globally unique. Now the router will be able to translate the different traffic streams coming from the WAN according to the port on the packet. So if host A inside the network wanted to communicate with Host B which is on a different outside network, it would directly address the outside site, and the router would catch the packet enroute and change the source IP address to the router WAN interface IP address and also change the source port to a port of the router's discretion. Normally, from what I understand, ports are used to multiplex streams of traffic across a link. If Host A was using two applications and wanted to start a second session with Host B. Would the router allow this? The RFC states "While not a common practice, it is possible to have an application on a private host establish multiple simutaneous sessions originating from the same tuple of (private address, private TU port). In such a case, a single binding for the tuple of (private address, private TU port) may be used for translation of packets pertaining to all sessions originating from the same tuple on a host. How exactly would the applications know which traffic stream was for itself? Also, how many local hosts can the router assign to a single IP address before it has to use a second IP address? Could a company of 10 use a single IP address for NAPT? or would it need to use more than one? Thanks in advance, Freddy _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCNA Exam results
You will see the computer-based test results direct after the last question. Cheers Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens True Dwyer Verzonden: donderdag 25 januari 2001 22:23 Aan: '[EMAIL PROTECTED]' Onderwerp: CCNA Exam results About how long does it take to get the exam results back? Is it instant feedback or is there a period of time you have to wait? I'm planning on taking it this summer, and if I don't pass, there is a local class starting in fall that I can take to help. __ True Dwyer Information Systems Administrator Integrated Design, Inc. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE Practice lab ISDN
Eric, I am in the same ship as you are and seriously thinking of taking 2 (TWO!) BRI lines at home with SEPARATE d-channels, because the telco takes shortcuts on that one. I am building my lab for CCNP and CCIE (If heaven supports me) I have been studying Caslows book, Cisco press CCIE Design and case studies, and I think you really need to go for 2 lines or a full SIMULATOR (group has discussed that one enough) of about 2000$. With this cert, practice is the key, not the cramming I'm used to. my .02c as a beginner Martijn Jansen MCP 18x CCNA -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Eric Gunn Verzonden: woensdag 24 januari 2001 1:08 Aan: [EMAIL PROTECTED] Onderwerp: CCIE Practice lab ISDN Hello, I am going to be taking out a loan and buying a CCIE practice lab early next month. I have a question about ISDN in a CCIE practice lab. I have an ISDN line at home which I use for Internet access. Is 1 Cisco isdn router enough for purposes of lab practice? Or is it a good idea to have 2 ISDN routers and an ISDN simulator to configure both ends of an ISDN connection? In this type of scenario is the money spent on an ISDN simulator better spent in other areas? Thank You, -Eric Gunn _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: WAN switching Exam
Try the QA forum here. Cheers. Martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Stuart Laubstein Verzonden: dinsdag 16 januari 2001 14:13 Aan: '[EMAIL PROTECTED]' Onderwerp: WAN switching Exam Are there any good books for the CCNA Wan switching exam? Is it a useful cert in any case--ie are companies looking for it at all or even know it exists? The exam outline looked pretty much like CCNA with some of the stuff from CCNP thrown in but not much. Has anyone actually taken the test? thanks stu _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 1600 password recovery
Hy, this FREE package works Great! no hyperterminal bugs... http://hp.vector.co.jp/authors/VA002416/teraterm.html Used it also IN Terminal server session, or with more windows open, remebers your keystrokes etc.. martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Paver, Charles Verzonden: maandag 8 januari 2001 17:59 Aan: '[EMAIL PROTECTED]' Onderwerp: 1600 password recovery Hi all! I am unable to recover my password on my Cisco 1600 router. I know it says to press the break key, but that does not work. OS is Windows nt 4.0, Spack 6a. I pressed shift-ctrl-6 as well as break repeatedly during the first 10 seconds, but didnt get into rommon mode. Anyone know how to do this? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Entering Rommon mode
try the http://www.cisco.com/warp/public/474/pswdrec_2500.html luck martijn -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Roberts, Timothy Verzonden: donderdag 4 januari 2001 22:49 Aan: '[EMAIL PROTECTED]' Onderwerp: Entering Rommon mode How do you enter rommon mode on a 4000? I want to upload an IOS image via console. Thanks _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 98 testing.......off subject of cisco
Jen, Depends on what your goals are, only 1 or 2 certs, stsp basics, you should/can do 98 and W2kP or W2k Server. A 6-12 months of rough study for MCSE W2k, yes can do. 98 http://www.microsoft.com/trainingandservices/exams/examasearch.asp?PageID=70 -098 2000 http://www.microsoft.com/trainingandservices/exams/examasearch.asp?PageID=70 -215 http://www.microsoft.com/trainingandservices/exams/examasearch.asp?PageID=70 -210 retirement http://www.microsoft.com/trainingandservices/default.asp?PageID=mcpPageCall =retiredSubSite=examinfo prep http://www.microsoft.com/trainingandservices/default.asp?PageID=mcpname=exa m So http://www.microsoft.com/trainingandservices/ should do the trick. Also Cramsession.com (NOT DUMP SITE)is VERY NEWBIE good on explaining Cert's. Luck Martijn CCNA MCSE W2k MCSE+I -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Jennifer Cribbs Verzonden: donderdag 4 januari 2001 16:50 Aan: [EMAIL PROTECTED] Onderwerp: 98 testing...off subject of cisco I realize this is not along the cisco lines, but I was wondering if anyone knows if the 98 test for mcse is still valid. I have had the nt and the 98 courses plus net essentials, but never tested. I realize nt has since been retired, but I can't find anything on-line anywhere about the 98 test. Is this still a good test to take or has everyting gone to 2000 track? Thanks, Jen Cribbs [EMAIL PROTECTED] Have a Good Day!! Jennifer Cribbs [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MCNS Power Points
http://www.cisco-users.org/downloads.htm -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Verzonden:donderdag 7 december 2000 0:01 Aan: Cisco Onderwerp:MCNS Power Points Group, Does anybody know where I can get the MCNS 2.0 or PIX Power Point Presentations? Thanks! Christopher J. Dosch [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Free Cisco Alarm Clock
Thanxs, kee m comming mmj MCSE+I CCNA -Oorspronkelijk bericht-Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Luke EverettVerzonden: woensdag 8 november 2000 19:49Aan: [EMAIL PROTECTED]Onderwerp: Free Cisco Alarm Clock Fill out the form before December 15th to receiveyour free alarm clock: http://www.cisco.com/pcgi-bin/lm/buffer/offer/listening/clock/1430_jumpc/-XXX-XX Luke Everett MCP+I,MCSE,CCNA
Exchange XML - off list freebie
GET READY FOR EXCHANGE 2000! MCPERS: Get a FREE copy of XML Pocket Reference by Robert Eckstein from NetIQ. XML is the Extensible Markup Language used in Exchange 2000. Quantities limited. http://www.missioncritical.com/sponsor.asp?id=32 Set Exchange on autopilot to start your Active Directory and Exchange 2000 migration TODAY. Nobody does Windows 2000 migration better. Nobody. Greetings martijn MCSE+I CCNA _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Blocking Web Radio
Would you mind listing the ones you have? thxs mmj CCNA and studying MCSE+I -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Duchin Sent: Thursday, September 21, 2000 6:45 PM To: [EMAIL PROTECTED] Subject: Blocking Web Radio Anybody know what ports the following use: Spinner Real Audio any others? I already have them for Napster and Gnutella Cheers, Jeff **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]