help [7:75225]
help Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75225t=75225 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: help [7:75225]
Oops! I am moving the mailing list users to a new server and was testing the new server. I inadvertently sent one of the test messages to the active list. At 3:00 AM when stuff is not working, yelling help does not seem like a bad idea :-). By the way, the move should be done by this afternoon. Unless I get tied up with something else, you will receive a welcome message (those that read via e-mail) describing the new server. Take care, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of annlee Sent: Thursday, September 11, 2003 8:07 AM To: [EMAIL PROTECTED] Subject: Re: help [7:75225] problem? Paul Borghese wrote: help **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75249t=75225 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Mailing list conversion we are moving .... [7:75275]
If you are subscribed to this list via e-mail, we will be transitioning to a new server with new software. Within the next few hours you will receive a welcome message from the new server.Please save this e-mail as it contains your password and subscription instructions. If you never receive the welcome message, and you are receiving this list via e-mail, please send me an e-mail. If you are not receiving messages from the new server once the transition is complete, again please report it. In both cases, before you report it, please make sure it is not a problem on your end (i.e. your anti-spam filters etc.). The upgrade should take care of a number of problems including the time required to distribute mail and various digest options. Also, do not forget about our online meeting -- 8:00 PM at Chat.GroupStudy.com! Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75275t=75275 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: help [7:75225]
Oops! I am moving the mailing list users to a new server and was testing the new server. I inadvertently sent one of the test messages to the active list. At 3:00 AM when stuff is not working, yelling help does not seem like a bad idea :-). By the way, the move should be done by this afternoon. Unless I get tied up with something else, you will receive a welcome message (those that read via e-mail) describing the new server. Take care, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of annlee Sent: Thursday, September 11, 2003 8:07 AM To: [EMAIL PROTECTED] Subject: Re: help [7:75225] problem? Paul Borghese wrote: help **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75274t=75225 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
New Voice chat system for GroupStudy.com [7:75175]
We have installed a new voice chat system on GroupStudy. Go to chat.groupstudy.com for more information. You will be able to make private and moderated rooms for informal lectures or discussions. Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75175t=75175 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Cisco Professional Online Meeting tomorrow (Sept. 11) evening [7:75214]
Our first Cisco Professional online discussion will be held tomorrow evening from 8:00 PM EST to whenever. Our current plans are to meet in the GroupStudy voice chat room (room CCNP) every week to discuss topics of interest for people studying for CCNP level certifications. This first meeting we will decide on the schedule and topics of future meetings. We will also need volunteers to act as administrators of the room. Please try and test your setup before the meeting. Go to chat.groupstudy.com for instructions on how to participate. Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75214t=75214 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Exam #642-891 BSCI/BCMSN Composite Exam [7:74915]
Scott, I just took the composite exam this morning and passed. First of all, the information given on the cisco site, (http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exams/642-891.html) is incorrect. There are 88 questions, not 55-65 and the test is not 60 minutes, its' 120 minutes. To study for the exam, I used Sybex-BSCI and Sybex-Switching(copyright2003)and Sybex-CCIE study guide (copyright 2003). I highly recommend you read the CCIE study guide, also. Difficulty level on a 1-10 scale... 8 (in my opinion). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74917t=74915 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Slow Browsing via 500 Pix firewall [7:74583]
Hi, I have had similar problems in the past when one person was downloading several Linux ISO's from there PC all at once !!! They had come in early to do so. After doing a clear xlate the problem was resolved and everyone could browse at the normal speed. The person started their ISO donwloads again but at a slower speed and one at a time. If you know of a user similiar to this you can clear only their xlate and leave everyone elses alone. Hope this helps. Regards Paul ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jurkouich, Brett, CNTR, DCAA Sent: 02 September 2003 19:20 To: [EMAIL PROTECTED] Subject: RE: Slow Browsing via 500 Pix firewall [7:74583] Try turning off the port 80 inspecting with the no fixup protocol http 80 command -Original Message- From: Faisal [mailto:[EMAIL PROTECTED] Sent: Monday, September 01, 2003 1:38 AM To: [EMAIL PROTECTED] Subject: Slow Browsing via 500 Pix firewall [7:74583] Hi All, I am having problem of slow or interminnent browsing through pix firewall. If I bypass the traffic speeds are fine. But if all that traffic is going via firewall then it becomes extremely slow. Please anybody can help me how to sort this out. Regards Faisal **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74688t=74583 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Cisco ICS 7750 experiences [7:74481]
Hello, I will be rolling out IPCC express and the 7750 in early Nov. at our call center (65 agents) and HQ 27 VP exec types. These two sites will be contacted by a PtP T1 just for voice. I am a little worried about call quality; did you get the echo taken care of? Any other tips you can pass on would be great. We have very simple call flow so the IPCC I am not to worried about but the whole project could effect 70% of our revenue (the call center) which equals about 80 million so I am stressed. :( I have decide to have 1 7940 on each desk and media termination points installed on the PCs for the CC agents to use. I feel this gives them the opportunity to use basically the soft phone but not relying on the PC for the sound card. Also not all desk our on the generator so if we lose power everyone will still have a phone. All network equipment will be on the generator. I am hoping by not using the PC sound card some of the voice quality problems will not be an issue. Let me know how it goes. ~Paul~ -Original Message Snip- got it configured pretty quick and, once it was up and I was making calls across my PSTN, the only issues I had were a little echo. Other than that, it is a good system. VERY SCALABLE, yet compact. I like it. Rob Hugo Senior Network Engineer STL Technology Partners --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74574t=74481 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
GroupStudy Server [7:74437]
The server circuit breakers fired do to the continuous internet worm outbreaks. Please resend if you sent a message that did not appear on the list. Also, any recommendations for a LOW COST 1u server we may use to replace the current GroupStudy server? Thanks! Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74437t=74437 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Linux [7:74168]
Hello, Try http://linux.org or http://www.linuxcentral.com/_v3/ http://www.isu.edu/departments/comcom/unix/workshop/unixindex.html Also a good book that is not focused on one vendor is the LPIC Bible. And of course always O'Reilly has many on *nix. Also Using Linux ISBM: 078716232 Last year I went hard at learning *nix I feel it was the best move I could do. It really opens up a lot of tools and a different way of looking at computing which I found helps in every area. ~Paul~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 7:54 AM To: [EMAIL PROTECTED] Subject: Linux [7:74168] Which website(s) is the best to get the know how with Linux - beginner level --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74185t=74168 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Trunking ISl and 802.1q [7:74059]
They are very expensive! I was able to get one through our purchase of an AVVID solution at work. I got it for training and I can run home and get it for a hot spare if needed. I was told if I get my CCNP and Voice Specialist I could have it so... We did get these at a very good price. CISCO was really pushing to install the IPCC over the AVAYA 3Com solutions we where looking at. I just hope we did not jump in over our heads. But anything has to be better then the old ROLM we had. ~Paul~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Sunday, August 17, 2003 1:42 AM To: [EMAIL PROTECTED] Subject: RE: Trunking ISl and 802.1q [7:74059] How much or how did you pick up a 3550? I thought they were so expensive? Please do tell... **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74088t=74059 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Trunking ISl and 802.1q [7:74059]
Hello, Kind of confused on switch types and trunking. Do I understand correctly that WS-c2950X can not do ISL? And that WS-C2912-XL-EN can? Can 19xx do ISL or 802.1q? I am going of this link http://www.cisco.com/en/US/tech/tk389/tk390/technologies_configuration_examp le09186a00800949fd.shtml Can some point me to a 1900 link? I can seem to fine a good one. Or anything else that might help. I like to try and figure this stuff out instead of being hand feed but I am stumped. Maybe I need to walk away I have been at it all day. :) I am trying to finish putting my lab together and need to know to finish purchasing the switches. Also how many makes a good lab? Or do I need any more? How many are good to have for practicing SPT and trunking. I currently have 1-3550 (this the new PoE type) 1-1912 (enterprise edition) 1- 1201 (not sure if this good for much) I have the chance to get 2 WS-C2912-XL-EN and am not sure if I need both or just one. --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74059t=74059 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Sub topic off ILS and 802.1q post [7:74060]
Thought I should move this section. Also I really am trying to learn QoS and voice stuff in the long run. The Co I work for will be installing a 7750, 67 phones and IPCC express at one site and at our HQ 27 phones with (RSVT ..i think that's right) connected over a PTP line back to the 7750 in late Nov. And guess who is supposed to handle the whole thing. Yours truly!! I am also interested in building a SIP server and MG at home in my lab. I would rather mess with CM, anyone know of a way to get Callmanger to install on anything other then the appoved cisco systems? I have a lot of studying to do in the next couple months (year) I figure I might go ahead for the CCIE since I have all this nice green equipment at home and work to use and play with. This what I have for a lab anything I should add? 2-2610 with FXS ports 2 serial 1-2511 1-2507 1-2503 2-4500 4 serial, 2 ethernet, and 1-OC3 ATM SM card each 2 -AGS+ with a lot of ports 2 FDDI, 2 token ring, 6 Ethernet, 6 serial 1-vconsole 4 port ISDN sim (all ports active 2 U and 2 ST) 1-3550 1-1912 1-1201 I have seen several post on what should be in a lab maybe someone could put a FAQ together on lab configs for different types of studies. Or is there one some where? Thanks, ~Paul~ --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74060t=74060 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
How to study..Self or Classes [7:73624]
Hello, I have a simple question. Has anyone used Knowledgenet for thee CCNP cert? I have put together the following lab and I am not sure I should go for the classes or just do the self pace thing. Also if I self pace I am not sure I will be able to get the new exam materal. Does anyone know if CISCo Press is going to put it out? I heard they where not. I guess there is SYBEX. Are they good? Lab and thing i have missed please let me know: 2 - Cisco 2610 Router, 64/16 2 - Cisco NM-1V 1-Slot Voice Network Module 2 - VIC-2FXS 2-Port Voice Interface Card 1 - WIC-1B-S/T 1-Port ISDN/BRI WAN Interface Card (for the 2610) 1 - WIC-1B-U 1-Port ISDN/BRI WAN Interface Card (for the 2610) 1 - Vconsole 4 port 2S/T-2U ISDN Simulator (all 4 can be used at once) 1 - 2511 16/16 1 - 2503 16/16 1 - 2507 16/16 2 - Cisco 4500M Router 2 - Cisco NP-1A One-Port OC3 ATM Module 2 - Cisco NP-4T Four-Port Serial Module 2 - Cisco NP-2E One-Port Ethernet Module 2 - AGS+ with 6 Ethernet, 4 serial, 2 token ring, 2 FDDI ports each (still trying to fiuge out the type of DCE DTE cables to use on the AGS+..Any Help?) 1 - Cisco WS-C1912 Switch 1 - 3550 1 - 2950 1 - 1201 7 - PII 400 256mb ram 10gb HDD systems. OS anything from Windows 2003 Adv Server to Linux. 1 - System config with Smoothwall as a firewall (3 Nics) Thanks, ~Paul~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73624t=73624 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: How to study..Self or Classes [7:73624]
Thanks! You have said the exact reason I am going with Knowledgenet. After work it can be hard to stay focused in a book but if I have interaction along with the book I feel I can keep my mind on it. Also I am getting some help from work also with the funds sowhy not. ~Paul~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mwalie W Sent: Wednesday, August 06, 2003 11:28 PM To: [EMAIL PROTECTED] Subject: RE: How to study..Self or Classes [7:73624] Hello, Knowledgenet courses are okay, but I feel they are by far expensive. You can use the money to get equipment. The material at knowledgenet (for the Cisco courses like BSCI) is exactly what is in the Cisco course book that costs $60.00. The reason I like knowledgenet is that being interactive, I can study even when tired at night, just when reading a book is nearly impossible. I think I have come to like knowledgenet; fortunately, I have not been paying for the courses. Good Luck! Mwalie CCDP **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73658t=73624 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Back to Back Routers [7:73897]
I have a 1601 router and a 2509 to practice with. I've connected them with a DCE/DTE cable off the s0 ports on each router and set a clock rate on the DCE end, the 1601. On Sundays I can use a fiber connection with this setup. I have this coming in the e0 on the 1601. The E0 on the 2509 is crossover cabled to a PC. 10Mbps in at switch(10.140.240.1/30) --- (10.140.240.2/30) e0-1601 / s0-1601(172.16.96.1/30) --- (172.16.96.2/30)s0-2509 / e0-2509(10.140.240.161/27) (10.140.240.162/27)PC 10.140.240.160 is my inside network My problem seems to be a lack of bandwidth to the PC end. At speed test sites on the net I'm only getting about 1.6 Mbps. I think I may be bottlenecked somewhere in the router back to back setup. The configs are close to what they were originally set up as to keep my boss happy in case he needs one in a hurry. I've changed the addresses to similar types of networks but private numbers. The ethernet ports are ARPA and the serial ports HDLC. I've set bandwidth to 1Kbps at each port. I originally had the clock rate at 64000 but didn't know if that was a bottleneck. -- Router1601#sh run Current configuration: ! version 11.2(not enough memory to upgrade) service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname 1601 ! boot system flash enable secret 5 enable password 7 ! ip subnet-zero clock timezone PST -8 clock summer-time pdt recurring ! interface Ethernet0 description E0 10Mbps connection to Fiber ip address 10.140.240.2 255.255.255.252 media-type 10BaseT no cdp enable ! interface Serial0 description S0 to 2509 S0 ip address 172.16.96.1 255.255.255.252 bandwidth 1 clockrate 400 ! no ip classless ip route 0.0.0.0 0.0.0.0 64.240.140.1 ip route 10.140.240.160 255.255.255.224 172.16.96.2 logging buffered 4096 debugging snmp-server community RO ! snip Banner stuff ! end Router2509#sh run Current configuration : 2227 bytes ! version 12.1 no service single-slot-reload-enable service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service udp-small-servers service tcp-small-servers ! hostname Router2509 ! boot system flash enable password 7 ! ! clock timezone PST -8 clock summer-time pdt recurring ip subnet-zero ! interface Ethernet0 description to LAN ip address 10.140.240.161 255.255.255.224 ! interface Serial0 bandwidth 1 ip address 172.16.96.2 255.255.255.252 no fair-queue ! interface Serial1 no ip address shutdown ! no ip classless ip route 0.0.0.0 0.0.0.0 172.16.96.1 ip route 10.140.240.160 255.255.255.224 10.140.240.162 no ip http server ! end Any ideas? ... ... PC Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73897t=73897 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Access server 2511 Reverse Telnet [7:73656]
Hello, No ideas but I am getting the same problem!! I usually have to CTRL+SHIFt+6 out back to my TermServer. I try clearing the line 2 or 3 times and sometimes I can connect other wise I have to recycle the 2511 and usually I can get in but as soon as I leave line 7 or 8 (usually only happens on those lines) I can never reconnect. I to would like some help? Could it be a bad cable? ~Paul~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: Access server 2511 Reverse Telnet [7:73656] Basically I have 8 devices connected and when I reverse telnet to them all is OK, but on when I try and connect to a 2900 XL switch I get this : Termserver#telnet 192.168.1.1 2006 Trying 192.168.1.1, 2006 ..Open And thats it, nothing else. No command prompt or anything comes up on the screen I have configured telnet connections as exactly the same as all my other devices, I have IOS 12.0(5.2). --- {This E-mail scanned for viruses by Declude Virus/McAfee} Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73659t=73656 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Grand Opening . the GroupStudy.com Store! [7:73353]
In order to help pay for the services of GroupStudy.com we are opening a GroupStudy.com store, selling some of the industries best certification products! If you are in the market for some Cisco Certification materials, please check us out at: http://shop.groupstudy.com We have a number of products from Certification Zone including written test practice questions and a CCNA, CCNP lab workbook. IP Expert has offered us an exclusive discount off their CCIE workbooks. Purchase from the store and receive a 5% discount! Besides certification materials, we also have partnered with a company to sell GroupStudy t-shirts, mugs, bags, etc. So please keep us in mind for your next purchase! Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73353t=73353 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Routers and Switches [7:72852]
Survey says Ebay. We built our home lab for way under any of the other packages (includes VOIP). 10 routers and 2 switches with remote access to do labs from anywhere. Good luck and happy shopping, NT2 wrote in message news:[EMAIL PROTECTED] Hi there, Can you please advise any good resource to buy used/refurbished/cheap Cisco gear? Thanks. Bharat Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73179t=72852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: SHould I buy this CCNP lab? [7:73175]
Looks pretty good. On Ebay most of those routers go around 200 or more (unless they have gone down again). Not sure on the switch, I think the 1924 I have went for 250 with free shipping. The DTE/DCE cables are about 9 a piece. Biggest thing on the 25xx routers is the 16Mb of flash, which those have. Otherwise you have to mess with the rom chips etc. Good luck with your lab those pieces make up a good portion of my lab as well. i d wrote in message news:[EMAIL PROTECTED] 2501x2 2503x2 2514 2912 For a little over 1 grand? Does this sound like a good lab and fair price? thanks! heres the break down Each router has 16MB of DRAM and 16MB of Flash Memory Each router loaded with IOS Software version 12.2(17a) Enterprise Plus version. CISCO Catalyst WS-C2912-XL-EN switch, which offers 12 10BaseT/100BaseTX ethernet ports, loaded with latest enterprise version IOS, This Kit Includes the following items: ### Two Cisco 2501 Routers, each unit offers one Ethernet port, two serial ports ### Two Cisco 2503 Routers, each unit offers one Ethernet port, two serial ports and 1 ISDN BRI port ### One Cisco 2514 Router, offers two Ethernet port, two serial ports ### One Catalyst WS-C2912-XL-EN switch, *** Six CAT5 Ethernet Cables *** Six Ethernet Transceivers *** Five DCE/DTE Serial Crossover Cables *** One Console cable kit Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73192t=73175 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Studying for CCNP switching Need a LAB??? [7:73174]
If you want to save money, do the research and do it in pieces. If you want it all there for you, buy the bundle. It just depends on how far you want to go with your investment dollars. It also depends on if you are planning on going further then just your ccnp. I learned a ton in setting up our lab and pieceing it together router by router. Good luck with your lab building =) i d wrote in message news:[EMAIL PROTECTED] Hi I am beginning my studies for my CCNP. I work with routers and switches at work, and Before that I also took the courses. But I want to have a full CCNP lab now while I read on my own to fiddle around with, and incorporate into my Solaris/Win2000/2003/Linux network. I was wondering what equipment is necessary? Ok if someone would be so kind as to break it down by certification ex.. what i need for swithing, routing etc Then what would I need overall? Also has anyone put their CCNP lab equipment into a full network? If so what does your network look like? Did you simulate separate LAN's/Countries etc... P.S. Do you think it's better to buy it all at once or as needed for each individual test? I know I could probably get it done by just reading and through my job and previous schooling. But i really want a lab so i could turn that lab upside down. I want to be able to handle any situation, i cant very well bring down my work routers or switches, but it can be simulated in a lab without fear of knocking out an entire county. Thanks for the help. I usually see on EBAY that they sell complete CCNP labs, what do you think of going this route? Are they good? thanks sorry for the long winded post. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73191t=73174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Emails from Nobody [7:73017]
Our spool directory on GroupStudy filled causing messages to be sent out as nobody with no subject and no body. If you have received e-mails from Nobody please ignore. The complete message may be found on the message boards at www.groupstudy.com . Take care, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73017t=73017 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Emails from Nobody [7:73018]
Our spool directory on GroupStudy filled causing messages to be sent out as nobody with no subject and no body. If you have received e-mails from Nobody please ignore. The complete message may be found on the message boards at www.groupstudy.com . Take care, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73018t=73018 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Free Cisco IPv4 vulnerability seminar today 7/18 [7:72569]
Hi Everyone, Global Knowledge is offering a free seminar on the new IPv4 DoS vulnerability. I have been allowed to invite the GroupStudy members to the seminar as I think some of you will find it interesting. Here is the complete invite. Sorry for the late invite . I just found out about it myself: Foundstone Security Briefings: Cisco IPv4 Remote Denial of Service Vulnerability You're invited to a Special Web Seminar today covering this critical vulnerability. Earlier this week Cisco announced a serious vulnerability for all Cisco devices that implement and are configured to process Internet Protocol version 4 (IPv4) packets. Foundstone Labs, first to respond to this serious risk, is offering this Security Briefing as part of a coordinated effort designed to protect current customers and other organizations. This vulnerability should be considered extremely critical due to the impact and ease-of-exploitation. Devices are vulnerable to a Denial of Service (DoS) attack and although no known exploit has been yet identified, a complex purposely malicious sequence of IPv4 packets targeted to a vulnerable Cisco switch or router can cause the processing interface to stop processing traffic. This vulnerability can be executed by remote unauthenticated users with mere knowledge of at least one interface IP address. Web Seminar Outline Introduction Overview of Cisco IOS Issues Analysis of the Cisco IOS Vulnerability Understanding the Impact Protection Mechanisms Questions and Answers Date: July 18, 2003 Time: 11:00 am EST To register: http://www.globalknowledge.com/training/course.asp?pageid=10 courseid=8157c atid=248methodid=scountry=United+Statestranslation=English courseid=8157 catid=248methodid=scountry=United+Statestranslation=English Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72569t=72569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
SPAN problem [7:72507]
Hi all, Quick question, I have enabled SPAN to mirror from one port to another. However, when doing so the transmitting port appears detached form the network. i.e.. I cannot ping from the PC attached to that port and nothing on the network can ping it too. When I remove the port from the session I get connectivity again. Could anyone give me any ideas on why this is occurring please. I used the 'monitor session' command and left it blank at the end implying 'both' rather than explicitly specifying 'TX or 'RX. None of the ports are involved in trunking, they are in the same VLAN and they are on the same physical switch, and even on the same blade (4006). Any help would be greatly appreciated. Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72507t=72507 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Network Analyzers [7:72346]
Dave, Ethereal also comes in a Windows flavour as well which is a little more versatile for installation options. I have used it quite a lot and its always done the job for me (and that has been some pretty obscure problems solved). I generally work on the basis of a potential theory to where the problem is and prove it, in the required scenarios a combination of Ethereal and Languard (from gfi.com - also free) do the trick 99% of the time. Justify it against potential revenue saved. How much are you losing through suspected network problems? Alternatively to get a feel of what you will be seeing Ethereal is good for a start. Also bear in mind the amount of time needed to learn how to properly use a network analyser, so the real cost is actually alot more than $2500 or $1. If its your LAN or WAN then get someone else to do it, it will work out cheaper than $10k (I hope!) Regards Paul Dave C. wrote in message news:[EMAIL PROTECTED] I work for a small growing business and am currently evaluating two types of network analyzer software. EtherPeek NX and Sniffer Portable (Sniffer Pro). Since the versions that I have are not the full production versions (only for evalutation purposes), I am limited to the functionality I can do with each. I know there is an extensive difference in price (Etherpeek NX is somewhere around $2000-2500 range, and Sniffer Portable (Pro) is somewhere greater than $10,000. For a small growing company, it is hard to justify over $10,000 for a piece of software, when I can get something comparable for much less, especially when we are in a time where we have to justify our jobs. What I would like to know, if anyone has experience with both of these applications, and what capabilities that Sniffer Pro offers, that Etherpeek NX does not. I would also like to know if anyone has experience with Ethereal (for Linux). I know it is free and it has much less functionality than Etherpeek NX or Sniffer, but I would like an opinion on that to. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72351t=72346 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: We (Cisco mailing list) are moving ... [7:72060]
Thanks everyone for your offer ... but as of now I am trying to avoid donations. Frankly I do not think donations will cover the cost of running GroupStudy. Plus it will make my job 10x more difficult. Every day I help people with subscription issues associated with GroupStudy. Most people are pleasant, gracious, and understanding that I do this as a hobby. But two or three times a week I receive an e-mail from someone or some organization demanding I drop everything I am doing and fix whatever problem they are having with GroupStudy. They act as if they are paying a fortune for the service and somehow they have a given right to participate in GroupStudy. In the end it is almost always an internal problem within their organization (i.e. anti-spam filters, firewalling issues, etc.). I can not imagine what it would be like if those people had actually give some token donation to GroupStudy. So what can we do? First we do sell banner advertising on GroupStudy. Please remember to try and support our sponsors or maybe just send a note saying you will keep them in mind in the future. I also like the amazon.com model where when people purchase via GroupStudy they get the same price but we get a kickback. Frankly the bookstore needs to be updated. Anyone want to help out in that regard? Finally I am working on a new project where I plan to take the amazon.com model and expand it to Cisco certification products. The idea is we will resell Cisco certification products on GroupStudy with a percentage of the sales going towards GroupStudy. I am hoping to be up later this week (assuming I can get the merchant account finalized). If you are in the market for certification products (workbooks, practice tests, etc.) please keep us in mind. If there is a particular vendor or product you think we should resell, give me a shout! Take care, Paul Borghese -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eagles Fan Sent: Saturday, July 12, 2003 11:50 PM To: [EMAIL PROTECTED] Subject: Re: We (Cisco mailing list) are moving ... [7:72060] Right on that one!! don't want this list to go by the wayside. how can I help? From: Dennis Laganiere Reply-To: Dennis Laganiere To: [EMAIL PROTECTED] Subject: Re: We (Cisco mailing list) are moving ... [7:72060] Date: Sat, 12 Jul 2003 18:02:02 GMT Paul... Many of us feel the same way. If you setup a paypal account, I think you'll find a lot of us will help to defray some of your expenses... Thanks for all your efforts... --- Dennis - Original Message - From: Walker, James, IS To: Sent: Friday, July 11, 2003 11:32 AM Subject: RE: We (Cisco mailing list) are moving ... [7:72060] Paul, Can we help you out with this great service you are providing to us by making a small donation? I know I'm not alone when I say that your service has been invaluable to us in the Ciscos of the world. Thanks, Jim -Original Message- From: Paul Borghese [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 12:29 PM To: [EMAIL PROTECTED] Subject: We (Cisco mailing list) are moving ... [7:72060] Hey Everyone, We will be moving the mailing list function to a new server. If you are currently receiving this list via e-mail, you will be affected. This has been planned for some time now but we need to move faster then I would like. I just received a bill from our co-location facility for the GroupStudy service and let's just put it this way, in most locations rent on a two bedroom apartment is less expensive. So we need to try and reduce our bandwidth usage (an eventually find another co-location facility). It has been quite clear for some time now that the GroupStudy server needs help. We are dropping an unacceptable number of messages (I personally have had five in a row discarded) and the messages that make it take a random amount of time to propagate. To fix this, I have purchased a new server and bandwidth (at a lower cost facility). We will be migrating to the new server in the next few days. Once the move is complete we will cut over to the new server. But wait it gets better .. We are dumping majordomo as our list software! Our new software will allow you to change a number of options. For example you will be able to suspend distribution of the e-mails, receive e-mails in digest format, change your e-mail address, etc. You will receive a welcome message with your account information. The message will contain your username/password, instructions on how to login to the server, and instructions on how to unsubscribe. Please save this e-mail for future reference. It is also a good idea to login to the server and set your password to something more memorable then the random password given. If you stop receiving e-mails from the list after the change, please send me an e-mail (after
RE: We (Cisco mailing list) are moving ... [7:72060]
Hi Elijah, We actually have two of the GroupStudy servers at RackShack. Great product if you do not have any problems and do not mind the occasional down time ... but watch out if you have a problem. Pretty much you are unable to actually talk with someone in the network operations center. Their support consists of simply rebooting the box or reinstalling the OS. They are unwilling to hook a monitor to the box and actually take a look at why the box is down. One of the GroupStudy servers would randomly go down not responding to any requests outside of a ping. It turned out one of the memory chips that they provided was bad. But because I could not get someone to actually hook a monitor to the box when it was in this down state, it took months to troubleshoot. Having said all of that, I am moving the mailing list function to RackShack (hence the reason for this thread). The CCIE Lab list has been on a server for a few weeks now without incident. I simply can not afford to pay the rates at the other co-location facilities. I hope we are not there too long. Prices are coming down at co-location facilities. I can get 1/2 a cabinet and 1 Mb of bandwidth for about $750~$800/month plus the cost of the servers. My dream is to have all GroupStudy servers in one location which is in driving distant to my house .. and maybe even have a load-balancer in case a server goes down. Take care, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Elijah Savage Sent: Monday, July 14, 2003 6:25 AM To: [EMAIL PROTECTED] Subject: RE: We (Cisco mailing list) are moving ... [7:72060] Paul, I do not know if you have found a collocation place already but here is a very nice and reputable one at a price I think is very affordable. I know a few people using this facility and the bandwidth is amazing. I know someone using the 99$ package for a ftp server and you get 700gig a month in this package. Hopefully this helps and yes a paypal account is a good idea to accept donations. http://www.rackshack.net Not affiliated in any way with this place. -Original Message- From: Eagles Fan [mailto:[EMAIL PROTECTED] Sent: Saturday, July 12, 2003 11:50 PM To: [EMAIL PROTECTED] Subject: Re: We (Cisco mailing list) are moving ... [7:72060] Right on that one!! don't want this list to go by the wayside. how can I help? From: Dennis Laganiere Reply-To: Dennis Laganiere To: [EMAIL PROTECTED] Subject: Re: We (Cisco mailing list) are moving ... [7:72060] Date: Sat, 12 Jul 2003 18:02:02 GMT Paul... Many of us feel the same way. If you setup a paypal account, I think you'll find a lot of us will help to defray some of your expenses... Thanks for all your efforts... --- Dennis - Original Message - From: Walker, James, IS To: Sent: Friday, July 11, 2003 11:32 AM Subject: RE: We (Cisco mailing list) are moving ... [7:72060] Paul, Can we help you out with this great service you are providing to us by making a small donation? I know I'm not alone when I say that your service has been invaluable to us in the Ciscos of the world. Thanks, Jim -Original Message- From: Paul Borghese [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 12:29 PM To: [EMAIL PROTECTED] Subject: We (Cisco mailing list) are moving ... [7:72060] Hey Everyone, We will be moving the mailing list function to a new server. If you are currently receiving this list via e-mail, you will be affected. This has been planned for some time now but we need to move faster then I would like. I just received a bill from our co-location facility for the GroupStudy service and let's just put it this way, in most locations rent on a two bedroom apartment is less expensive. So we need to try and reduce our bandwidth usage (an eventually find another co-location facility). It has been quite clear for some time now that the GroupStudy server needs help. We are dropping an unacceptable number of messages (I personally have had five in a row discarded) and the messages that make it take a random amount of time to propagate. To fix this, I have purchased a new server and bandwidth (at a lower cost facility). We will be migrating to the new server in the next few days. Once the move is complete we will cut over to the new server. But wait it gets better .. We are dumping majordomo as our list software! Our new software will allow you to change a number of options. For example you will be able to suspend distribution of the e-mails, receive e-mails in digest format, change your e-mail address, etc. You will receive a welcome message with your account information. The message will contain your username/password, instructions on how to login to the server, and instructions on how to unsubscribe. Please save this e-mail for future reference. It is also a good idea to login
Re: CCIE Lab Kit [7:72241]
I recommend ebay as well. I created a a lab for well under their cost (that included VOIP). Vijay Ramcharan wrote in message news:[EMAIL PROTECTED] I'm shopping around for a CCIE lab kit. I've put down 3 sites as likely candidates where I'll be buying from; www.chipsettech.com www.optsys.com www.layer7labs.com Any advice on which one I should choose to get the best bang for the buck? Any sort of feedback would be welcome. Thanks. Vijay Ramcharan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72267t=72241 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: SPAM Filtering [7:72265]
Joe, Look at SpamAssassin (http://www.spamassassin.org). I was a little skeptical but it really does work ... especially if you use the blacklist checks and Bayesian classifier. If the product believes a message is spam it will create a report explaining why it is spam and place the original message as an attachment. It will also change the subject and add some simple X-headers so you can sort your mail based upon the subject or header. I have Outlook dump all spam messages in a separate folder. Then about once a day I go in and quickly delete the spam. I went from so much spam that legitimate e-mails were being lost to spam is not a problem. It has had such a high level of accuracy that I am considering have the messages delete at the server instead of downloading then deleting. I have not done so maybe because deep down I get some sort of weird satisfaction watching all of the spam mail I receive being dumped harmlessly into it's own directory then in one quick flick of the wrist deleting it all. I am assuming you are using a Unix/Linux based mail server. I have no idea if it will work on a Windows 2000 server platform. Oh, and I forgot the best point ... it is FREE! Good luck, Paul Borghese -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph R. Taylor Sent: Monday, July 14, 2003 4:48 PM To: [EMAIL PROTECTED] Subject: OT: SPAM Filtering [7:72265] Team, Our company is being bothered by SPAM. We only have about fifty employees. I need to look into SPAM filtering. I don't know if we'd benefit from an hardware appliance along with a content filter. Perhaps, WebSense and applications of this nature would be good. I'd appreciate hearing from anyone that has working knowledge of these applications. Thank you, JoeT CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72280t=72265 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
We (Cisco mailing list) are moving ... [7:72060]
Hey Everyone, We will be moving the mailing list function to a new server. If you are currently receiving this list via e-mail, you will be affected. This has been planned for some time now but we need to move faster then I would like. I just received a bill from our co-location facility for the GroupStudy service and let's just put it this way, in most locations rent on a two bedroom apartment is less expensive. So we need to try and reduce our bandwidth usage (an eventually find another co-location facility). It has been quite clear for some time now that the GroupStudy server needs help. We are dropping an unacceptable number of messages (I personally have had five in a row discarded) and the messages that make it take a random amount of time to propagate. To fix this, I have purchased a new server and bandwidth (at a lower cost facility). We will be migrating to the new server in the next few days. Once the move is complete we will cut over to the new server. But wait it gets better .. We are dumping majordomo as our list software! Our new software will allow you to change a number of options. For example you will be able to suspend distribution of the e-mails, receive e-mails in digest format, change your e-mail address, etc. You will receive a welcome message with your account information. The message will contain your username/password, instructions on how to login to the server, and instructions on how to unsubscribe. Please save this e-mail for future reference. It is also a good idea to login to the server and set your password to something more memorable then the random password given. If you stop receiving e-mails from the list after the change, please send me an e-mail (after verifying it is not a problem at your end such as misconfigured anti-spam software etc.). Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72060t=72060 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: VRF lite multi VRF [7:71691]
VRF Lite and Multi VRF is the same thing. VRF Lite is a way of extending the some of the functionality of the PE to the customer (CE) without turning the router at a customer site into a PE or running MPLS on it and joining the rest of the provider network. So you can create multiple VRF tables on the CE. A simple example might be 3 companies that are in the same office space, and they want a MPLS VPN service, yet each single company might not be willing to purchase a CE on their own... by implementing VRF Lite, the single CE would allow to build separate virtual router/routing table for each customer, yet share the same access circuit/PE. hope that helps - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71762t=71691 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: redistribute bgp to rip (please help!!!) [7:70970]
Thanks Zsombor, I think the problem was bgp reditribute-internal did not work properly for me. Then i used network command to include those routes i want to redistribute, then it worked for me. So i jumped into an assumption that only igp originated route is redistributed. anyway, after fiddling around, redistribute internal works for me and there is no more problem. Thanks for your help Paul Zsombor Papp wrote: At 11:32 AM 6/20/2003 +, paul dong so wrote: More information to this. r4 - eigrp - r10 - bgp- now i have tried replace eigrp with rip v2, the same problem. I want to redistribute bgp to egrip on r10. those routes learned via redistribute connected on bgp, marked with origin code ? , can not be redistribute to eigrp, Specifically which ones? It appears to me that 4 routes get redistributed into EIGRP and all of them had incomplete origin. Here is a mix of your own 'show ip bgp' and 'show ip eigrp topo' outputs: * 192.168.3.0 200.200.200.50 0 2 ? P 192.168.3.0/24, 1 successors, FD is 45970176, tag is 50 via Redistributed (45970176/0) * 192.168.5.0 200.200.200.5 0 2 ? P 192.168.5.0/24, 1 successors, FD is 45970176, tag is 50 via Redistributed (45970176/0) * 192.168.38.0 200.200.200.50 0 2 ? P 192.168.38.0/24, 1 successors, FD is 45970176, tag is 50 via Redistributed (45970176/0) * 192.168.55.0 200.200.200.50 0 2 ? P 192.168.55.0/24, 1 successors, FD is 45970176, tag is 50 via Redistributed (45970176/0) I assume you are aware that redistributing BGP into EIGRP is not a particularly good idea, so I take this is some kind of exercise. If so, perhaps you could try to simplify the scenario a bit, like have only 1 BGP peer on R10, don't redistribute connected routes into EIGRP, etc, and see if you have only 2 BGP routes, one incomplete and one IGP origin, then those make it into EIGRP (I don't see any reason why they wouldn't). When you are there, then you can start adding back the complexity to see what caused the breakage. Thanks, Zsombor only those routes marked with origin code i are passed to eigrp, why? I don't see any reason incomplete routes can not be redistribute to other protocols. configuration is like this: R10: router eigrp 1 redistribute connected redistribute bgp 1 route-map bgp2eigrp network 200.200.200.8 0.0.0.3 default-metric 56 1000 255 1 1500 no auto-summary no eigrp log-neighbor-changes ! router bgp 1 no synchronization bgp redistribute-internal bgp router-id 192.168.10.10 bgp log-neighbor-changes redistribute connected route-map connect2bgp neighbor 192.168.0.2 remote-as 1 neighbor 192.168.0.2 route-reflector-client neighbor 192.168.0.2 send-community neighbor 192.168.16.2 remote-as 1 neighbor 192.168.16.2 route-reflector-client neighbor 200.200.200.5 remote-as 2 neighbor 200.200.200.5 password test neighbor 200.200.200.5 remove-private-AS no auto-summary route-map bgp2eigrp, permit, sequence 10 Match clauses: Set clauses: tag 50 Policy routing matches: 0 packets, 0 bytes r10#sh ip bgp BGP table version is 38, local router ID is 192.168.10.10 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 192.168.0.0 0.0.0.0 0 32768 ? * i 192.168.0.2 0100 0 i *i192.168.1.0 200.200.200.11100 0 ? * 192.168.3.0 200.200.200.50 0 2 ? * 192.168.5.0 200.200.200.5 0 2 ? *i192.168.6.0 192.168.16.2 0100 0 i *i192.168.7.0 192.168.0.2 0100 0 ? * 192.168.10.0 0.0.0.0 0 32768 ? *i192.168.11.0 200.200.200.11100 0 ? * 192.168.16.0 0.0.0.0 0 32768 ? * i 192.168.16.2 0100 0 i *i192.168.22.0 200.200.200.11100 0 ? *i192.168.33.0 200.200.200.11100 0 ? * 192.168.38.0 200.200.200.50 0 2 ? * 192.168.55.0 200.200.200.50 0 2 ? *i192.168.70.0 192.168.0.2 0100 0 ? *i200.200.27.0 192.168.0.2 0100 0 ? *i200.200.27.2/32 192.168.0.2 0100 0 ? Network Next HopMetric LocPrf Weight Path *i200.200.200.0192.168.16.2 0100 0 ? * 200.200.200.4/30 0.0.0.0 0 32768 ? * 200.200.200.50 0 2 ? * 200.200.200.8/30 0.0.0.0 0 32768 ? * 200.200.200.12/30
redistribute bgp to rip [7:70928]
Hi, Can some one pls explain to me, when redistribute bgp to rip, if the route originated as incomplete (as via redistribute only) will it be redistribute to rip? My test shows me the bgp route learned via redistribute won't be advertised to rip, only when i include it in networks statement. The route appears in show ip bgp ok. thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70928t=70928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Problem with cut and paste [7:70724]
Because of formatting issues, Cisco does not recommend that you cut and paste from Word. Notepad (or wordpad) is what I tell my networkers to use in all cases. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70765t=70724 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: remote management of routers? [7:70349]
Depending on your routing protocol, another way is to have the router dial out under a dialer watch scenario, but advertise only its loopback address out the dialer interface (e.g. distribute-list out ), so that the device is reachable but doesn't route traffic for the network to which it is attached. This also makes the device more secure (i.e. it never takes an incoming call). Good luck. Paul Forbes Network Engineer Trimble -Original Message- From: Ryan Finnesey [mailto:[EMAIL PROTECTED] Sent: Sunday, June 08, 2003 1:53 PM To: [EMAIL PROTECTED] Subject: RE: remote management of routers? [7:70349] I am looking to manage routers when the DS1 or DS3 goes down so the only away I can get to the router is a POTTS line. -Original Message- From: Andrew Dorsett [mailto:[EMAIL PROTECTED] Sent: Sun 6/8/2003 1:38 PM To: Ryan Finnesey Cc: Subject: Re: remote management of routers? [7:70349] On Sun, 8 Jun 2003, Ryan Finnesey wrote: Can anyone recommend a unit that I can rack mount and that would let me dial into a router via the AUX port? Are you looking for just one or more ports? Perle makes a greatone that has SSH support for remote access. If you are looking for modem access just plug up an external modem to the port using the cisco adapters and console cable. Then configure the router to init the modem and answer it. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate Learn from the mistakes of others. You won't live long enough to make all of them yourself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70367t=70349 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Quick Pix Question. [7:70145]
Hi all ... One of my 515's has all its access-list counters set to 0, when I ping for instance, the counter for the relevant ICMP access-list does not increment ??? How do I turn it on ??? I have searched the Cisco website and my Pix book without any luck ?? Kind regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70145t=70145 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: DLSW Icanreach [7:70154]
You should do bit-swapping because the routers will speak in non-canonical addressing. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70164t=70154 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Redistribute OSPF to RIPv1 [7:69969]
you could try to configure area 1 range command at the abr, R2. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70041t=69969 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: permit only even subnets [7:70039]
To match the even subnets, use access-list 1 permit 192.168.0.0 0.0.254.255 To match the odd subnets, use access-list 1 permit 192.168.1.0 0.0.254.255 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70040t=70039 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PDM for PIX [7:69852]
Hi, Do you have http server enable in your config? Regards Paul Kenan Ahmed Siddiqi wrote in message news:[EMAIL PROTECTED] Hi there, I have a PIX 515E. I am trying to use PDM on it. The configuration is IOS version 6.0 and PDM version 1.0. The client is Windows 2000 with IE 6.0 and all the service packs intalled. When I try connecting to the PIX via the browser, somehow it just doesn't work. Everything else seems to be okay. PIX is configured to accept PDM connections from the client. Any suggestions how to fix it? Is there some encryption or something that needs to be enabled/disabled? TIA, Kenan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69947t=69852 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: HELP!! PIX-PIX VPN config problem [7:69684]
Mary, Ok I see your configs. Can I ask how you have this set up? PIX's, routers etc and how they are connected. My initial concern is that some of your external ip's are private (192.168.1.2) on PIX506. Try this test first of all to ensure basic connectivity from the command line of each PIX From the PIX515: ping outside 192.168.1.2 And from the PIX506: ping outside 151.99.241.102 Does it work both ways? If not then you are going to have difficulty getting a working tunnel. Regards Paul Mary Kvitashvili wrote in message news:[EMAIL PROTECTED] PIX 515 PIX Version 6.3(1) interface ethernet0 10full interface ethernet1 10full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname HQ-PIX domain-name xxx.org fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list 101 permit ip 10.11.41.0 255.255.255.0 10.11.34.0 255.255.255.0 access-list 101 permit ip host 151.99.241.102 host 192.168.1.2 access-list acl_outbound permit ip any any access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 151.99.241.102 255.255.255.0 ip address inside 10.11.41.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 no failover ip address outside no failover ip address inside pdm history enable arp timeout 14400 nat (inside) 0 access-list 101 nat (inside) 1 10.11.41.0 255.255.255.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group 100 in interface outside access-group acl_outbound in interface inside conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 151.99.241.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set hq-tset esp-des esp-md5-hmac crypto map hq-map 1 ipsec-isakmp crypto map hq-map 1 match address 101 crypto map hq-map 1 set peer 192.168.1.2 crypto map hq-map 1 set transform-set hq-tset crypto map hq-map interface outside isakmp enable outside isakmp key cisco123 address 192.168.1.2 netmask 255.255.255.255 isakmp identity address isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash sha isakmp policy 1 group 2 isakmp policy 1 lifetime 1000 telnet timeout 5 ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:9f629d1ea9f9b89090de1e7d3ec467db PIX 506 PIX Version 6.3(1) interface ethernet0 10full interface ethernet1 10full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname Other-PIX fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 names access-list 101 permit ip 10.11.34.0 255.255.255.0 10.11.41.0 255.255.255.0 access-list 101 permit ip host 192.168.1.2 host 151.99.241.102 access-list acl_outbound permit ip any any access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 192.168.1.2 255.255.255.0 ip address inside 10.11.34.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 nat (inside) 0 access-list 101 nat (inside) 1 10.11.34.0 255.255.255.0 0 0 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group 100 in interface outside access-group acl_outbound in interface inside conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL
Re: HELP!! PIX-PIX VPN config problem [7:69684]
Hi, Can you post your two configs (remove private info if required)? Regards Paul Mary Kvitashvili wrote in message news:[EMAIL PROTECTED] Trying to config PIX 506 to PIX 515 for basic VPN/IPSEC/LAN/LAN connectivity. Took the configs straight off the Cisco site but I cannot establish my tunnel at the ISAKMP level. Trying to ping from LAN to LAN. Getting the following error message from debug crypto isakmp: HQ-PIX# ISAKMP (0): beginning Main Mode exchange ISAKMP (0): retransmitting phase 1... ISAKMP (0): retransmitting phase 1... ISAKMP (0): deleting SA: src 151.99.241.102, dst 192.168.1.2 ISADB: reaper checking SA 0xfb053c, conn_id = 0 DELETE IT! VPN Peer:ISAKMP: Peer Info for 192.168.1.2/500 not found - peers:0 Doing all of the various show commands indicates all peer info is there. Any ideas? thanks, Pixnewbie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69722t=69684 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access-list's! [7:66546]
Your access-list will deny ALL traffic arriving on E0. Add the following line to the end of the access-list: access-list 101 permit ip any any Remember all traffic that is not explicitly permitted will be denied. Take care, Paul Borghese Orlando Palomar Jr CCIE#11206 wrote: I'd apply it on R3's E0... access-list 101 deny tcp host 172.16.1.1 host 192.168.1.1 eq ftp int e0 ip access-group 101 in Assuming: HostA IP address: 172.16.1.1 Server IP address: 192.168.1.1 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66575t=66546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Columbus, OH CCNP Study Partners / Group [7:66333]
Hi, I'm studying for the CCNP and am currently focussing on BCRAN. Anyone interested in forming a study group or partners? I can be reached at [EMAIL PROTECTED] Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66333t=66333 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Basic QOS Frame MPLS question [7:66210]
Paul wrote: I would like to implement QOS. Am I correct in assuming that I can only prioritise voice/video over the frame circuit, and that if I want to implement QOS I would have to 'swap' Frame for MPLS/Layer 4 Switching ??? Kind regards Paul In a traditional FR type network, the FR switches cannot prioritize your traffic because it cannot tell the difference between a high priority packet.. So the QoS you would apply only gets applied to your router's WAN interface. There might be 10 FR switches in between your 2 routers, and none of them can prioritize because it cannot distinguish traffic. With MPLS, you can do QoS even within the cloud because for example, if you set your VOIP to be prec 5 and require high priority, your MPLS cloud (routers) can tell the difference and will treat your prec 5 traffic better (if the provider has it congiured this way). That is the key difference. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66271t=66210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wireless AP Chaining [7:66270]
Anyone know the maximum number of Wireless AP's you can chain of a single wireless bridge ie Switch ---copper--- AP ~~~air~~~ AP ~~~air~~~ AP Does cisco make an AP that supports this Thanks -Paul PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66270t=66270 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Message for Paul Borghese [7:66279]
I have had similar problems with yahoo before too. On my CCIE list, I originally had it coming into my yahoo account and it would be fine for a while, then for a long period, I would only get about 3-5 emails a day for a few weeks, then back to normal. After normal, then I would have problems where I am only getting a few groupstudy emails again.. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66283t=66279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Message for Paul Borghese [7:66279]
This is a problem with Yahoo.com. I have sent them log files showing their servers rejecting GroupStudy e-mails. Last week they told me it would be corrected in 24 hours, and it is not. If you are using yahoo.com as your e-mail address, please complain to them. Thanks! Paul Borghese -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Barker Sent: Wednesday, March 26, 2003 3:44 PM To: [EMAIL PROTECTED] Subject: Message for Paul Borghese [7:66279] Paul, Please see attached message. Sorry, I don't have your personal email. Regards, Phil. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com X-Apparently-To: [EMAIL PROTECTED] via 216.136.175.14; 26 Mar 2003 12:42:03 -0800 (PST) Return-Path: Received: from 216.136.175.16 (HELO web13806.mail.yahoo.com) (216.136.175.16) by mta153.mail.scd.yahoo.com with SMTP; 26 Mar 2003 12:42:02 -0800 (PST) Date: 26 Mar 2003 20:42:02 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: failure delivery Content-Length: 720 Message from yahoo.com. Unable to deliver message to the following address(es). : 66.220.63.9 does not like recipient. Remote host said: 550 5.1.1 ... User unknown Giving up on 66.220.63.9. --- Original message follows. Return-Path: Message-ID: Received: from [62.31.224.1] by web13806.mail.yahoo.com via HTTP; Wed, 26 Mar 2003 20:42:02 GMT Date: Wed, 26 Mar 2003 20:42:02 + (GMT) From: =?iso-8859-1?q?Phil=20Barker?= Subject: List Problems To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Paul, I appear to be having a problem receiving regular messages from the group. I seem to recall this happening once before and you managed to tweak something on the Server side. I believe it had something to do with my account being yahoo based. Could you take a look when you get the chance. Kind Regards, Phil. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66281t=66279 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Basic QOS Frame MPLS question [7:66210]
Hi, Quick question to everyone At work I have a Frame Cloud that links all our sites together in a hub and spoke manner. At some of the sites I would like to extend our IP Telephony and perhaps introduce Video Conferencing. Assume I have adequate bandwidth throughout for video and IP telephony. I would like to implement QOS. Am I correct in assuming that I can only prioritise voice/video over the frame circuit, and that if I want to implement QOS I would have to 'swap' Frame for MPLS/Layer 4 Switching ??? Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66210t=66210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Looped messages [7:66027]
You may see some duplicate messages from the Cisco list. This is because a mailer at xinhuanet.com is looping messages back on the list. This happens quite frequently and we have had for years loop prevention software to prevent these loops. The offending mailer (along with about 100 others) are blacklisted from GroupStudy. But unfortunately I had to rewrite the mail delivery system on GroupStudy. The loop prevention software has not been ported yet, so we may still receive from time to time loops. Thanks! Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66027t=66027 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PPP mru option [7:66007]
Hi All, I have a question but can't find an answer from RFC 1661 During ppp negotiation, if A advertises MRU 1440, B advertises MRU 1460, do they have to re-negotiate to agree with a MRU? If so, should it be the lower MRU? If they don't need to re-negotiate, what MRU is actually being used? Is there any guideline for this? I observed a ppp nego debug between cisco 7200 and an adsl modem, the result appears to be if one end advertises 1500, it becomes the one regardless what MRU the other end advertises. Mar 7 03:25:28.768: ppp1152 PPP: Authorization required Mar 7 03:25:28.768: ppp1152 PPP: Phase is ESTABLISHING Mar 7 03:25:28.768: ppp1152 PPP: Authorization required Mar 7 03:25:28.768: ppp1152 LCP: O CONFREQ [Closed] id 1 len 14 Mar 7 03:25:28.768: ppp1152 LCP:AuthProto PAP (0x0304C023) Mar 7 03:25:28.768: ppp1152 LCP:MagicNumber 0x8261E624 (0x05068261E624) Mar 7 03:25:28.796: ppp1152 LCP: I CONFREQ [REQsent] id 2 len 14 Mar 7 03:25:28.796: ppp1152 LCP:MRU 1454 (0x010405AE) Mar 7 03:25:28.796: ppp1152 LCP:MagicNumber 0x6DB9FEC2 (0x05066DB9FEC2) Mar 7 03:25:28.796: ppp1152 LCP: O CONFNAK [REQsent] id 2 len 8 Mar 7 03:25:28.796: ppp1152 LCP:MRU 1500 (0x010405DC) Mar 7 03:25:28.800: ppp1152 LCP: I CONFACK [REQsent] id 1 len 14 Mar 7 03:25:28.800: ppp1152 LCP:AuthProto PAP (0x0304C023) Mar 7 03:25:28.800: ppp1152 LCP:MagicNumber 0x8261E624 (0x05068261E624) Mar 7 03:25:28.816: ppp1152 LCP: I CONFREQ [ACKrcvd] id 3 len 10 Mar 7 03:25:28.816: ppp1152 LCP:MagicNumber 0x6DB9FEC2 (0x05066DB9FEC2) Mar 7 03:25:28.816: ppp1152 LCP: O CONFACK [ACKrcvd] id 3 len 10 Mar 7 03:25:28.816: ppp1152 LCP:MagicNumber 0x6DB9FEC2 (0x05066DB9FEC2) Mar 7 03:25:28.816: ppp1152 LCP: State is Open Mar 7 03:25:28.816: ppp1152 PPP: Phase is AUTHENTICATING, by this end Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66007t=66007 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
redistribution loop? [7:65962]
Hi All, Practicing redistribution. (route) - r8 - (eigrp) - r7 - ospf- r6 | | --- eigrp 150.50.3.0/24 is redistributed by r8 eigrp, r8 advertises it to r7 via eigrp. R7 redistributes eigrp to ospf, also redistribute ospf to eigrp. On r7, ospf database has type 5 LSA for 150.50.3.0/24, AD 110. eigrp topology has EX route, AD 170. But r7 routing table use eigrp learned path for forwarding. Why? I was expecting a loop. When will a loop created? r6 learns the route from ospf and eigrp, it use ospf as the forwarding path, which is expected. Partial router config: r8: interface Ethernet0 ip address 150.50.3.8 255.255.255.0 router eigrp 1 redistribute connected no auto-summary r8#sh ip route | i 150.50.3.0 C 150.50.3.0/24 is directly connected, Ethernet0 r7: router eigrp 1 redistribute ospf 1 metric 56 100 255 1 1500 router ospf 1 redistribute eigrp 1 metric-type 1 subnets r7#sh ip route | i 150.50.3 D EX150.50.3.0/24 [170/46251776] via 150.50.5.69, 01:40:13, Serial4/1 r7#sh ip ospf database | i 150.50.3 Type-5 AS External Link States 150.50.3.0 200.0.0.7 796 0x8003 0x00186A 1 r7#sh ip route 150.50.3.0 Routing entry for 150.50.3.0/24 Known via eigrp 1, distance 170, metric 46251776, type external Redistributing via ospf 1, eigrp 1 Advertised by ospf 1 metric-type 1 subnets tag 1 Last update from 150.50.5.69 on Serial4/1, 01:44:46 ago Routing Descriptor Blocks: * 150.50.5.69, from 150.50.5.69, 01:44:46 ago, via Serial4/1 Route metric is 46251776, traffic share count is 1 Total delay is 21000 microseconds, minimum bandwidth is 56 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 r6 r6#sh ip route | i 150.50.3.0 O E1150.50.3.0/24 [110/30] via 150.50.7.7, 01:19:53, Ethernet0 r6#sh ip ospf database Type-5 AS External Link States 150.50.3.0 200.0.0.7 927 0x8003 0x186A 1 Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65962t=65962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: redistribution loop? [7:65962]
Unfortunately the browser did not get the diagram character right. Diagram should be: (route)- r8 - (eigrp 1) - r7 - (ospf) - r6 r7 - eigrp 1 - r6 r7 runs ospf and eigrp 1 with r6. r7 runs eigrp 1 with r8 r8 redistributes connected interface. The question is with r7. r7 is redistributing ospf to eigrp and vice versa. So route, here is 150.50.3.0/24, should appears in r7 ospf with AD 110, also in r7 eigrp topology with AD 170, thus, in theory, r7 should install the ospf path into forwarding table. Because the next hop of ospf path is r7 itself, so loop starts. That is how i undertand. But in fact, r7 choose eigrp path for its forwarding, which is something confused me. Paul The Long and Winding Road wrote: Sorry if I am misunderstanding your diagram. Where do you think the loop should appear? Routes originating on R8 would appear as connected, and therefore not be overwritten by redistribution, Same on R7. I guess I am just not seeing what the topology is or where you think the break should be. paul dong so wrote in message news:[EMAIL PROTECTED] Hi All, Practicing redistribution. (route) - r8 - (eigrp) - r7 - ospf- r6 | | --- eigrp 150.50.3.0/24 is redistributed by r8 eigrp, r8 advertises it to r7 via eigrp. R7 redistributes eigrp to ospf, also redistribute ospf to eigrp. On r7, ospf database has type 5 LSA for 150.50.3.0/24, AD 110. eigrp topology has EX route, AD 170. But r7 routing table use eigrp learned path for forwarding. Why? I was expecting a loop. When will a loop created? r6 learns the route from ospf and eigrp, it use ospf as the forwarding path, which is expected. Partial router config: r8: interface Ethernet0 ip address 150.50.3.8 255.255.255.0 router eigrp 1 redistribute connected no auto-summary r8#sh ip route | i 150.50.3.0 C 150.50.3.0/24 is directly connected, Ethernet0 r7: router eigrp 1 redistribute ospf 1 metric 56 100 255 1 1500 router ospf 1 redistribute eigrp 1 metric-type 1 subnets r7#sh ip route | i 150.50.3 D EX150.50.3.0/24 [170/46251776] via 150.50.5.69, 01:40:13, Serial4/1 r7#sh ip ospf database | i 150.50.3 Type-5 AS External Link States 150.50.3.0 200.0.0.7 796 0x8003 0x00186A 1 r7#sh ip route 150.50.3.0 Routing entry for 150.50.3.0/24 Known via eigrp 1, distance 170, metric 46251776, type external Redistributing via ospf 1, eigrp 1 Advertised by ospf 1 metric-type 1 subnets tag 1 Last update from 150.50.5.69 on Serial4/1, 01:44:46 ago Routing Descriptor Blocks: * 150.50.5.69, from 150.50.5.69, 01:44:46 ago, via Serial4/1 Route metric is 46251776, traffic share count is 1 Total delay is 21000 microseconds, minimum bandwidth is 56 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1 r6 r6#sh ip route | i 150.50.3.0 O E1150.50.3.0/24 [110/30] via 150.50.7.7, 01:19:53, Ethernet0 r6#sh ip ospf database Type-5 AS External Link States 150.50.3.0 200.0.0.7 927 0x8003 0x186A 1 Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65974t=65962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: What does this config mean? [7:65137]
Hi, Can't answer as to why the ip nat outside... statement is used but I can say what will be occurring with translation. The ip nat outside will translate the source address of packets travelling from the outside to the inside. Here is a link to Cisco's website documenting the process http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f2f.shtml The ip nat inside will translate the destination address of packets travelling from the outside to the inside. The question then appears to be do you have an application running that would require the translation of the source address of packets travelling from the outside to the inside or did the previous person not entirely understand the Cisco NAT commands? Hope this helps, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65145t=65137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: help to find where it from? [7:65001]
Exchange 2000 allows you to block spam from Domains and individual accounts. Follow this link for details: http://support.microsoft.com/default.aspx?scid=kb;en-us;276321 Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65032t=65001 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Slighlty Off Topic .... IP Phone Ring Tones [7:64461]
I have converted some mp3 sounds to RAW. I copy these to the call manager, and my 7940 can select the new ring tone. However, the quality is really poor !!! I was wondering if anyone has done this, how they resolved it, and if anyone knows where I can download RAW sound files from. Kind regards Paul ... Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64461t=64461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Best Book/DOCs on MPLS [7:64257]
Paul Jin wrote: What are you trying to accomplish? - Paul What I meant was what is the reason why you want to learn MPLS and what exactly are you trying to accomplish or your job function, that way I can maybe point out something specific? You want to do MPLS in your IP Core, do MPLS VPN, MPLS TE, etc... or just something in general?? Cisco has MPLS VPN architecture if you want to learn more about MPLS VPN service. They also have a separate book for Traffic Engineering. Many links at Cisco and Juniper on MPLS, but also on other web sites too, such as MPLSforum.org - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64385t=64257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Best Book/DOCs on MPLS [7:64257]
What are you trying to accomplish? - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64316t=64257 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: MBGP/MPLS VPN question [7:64036]
Whether you use Private or Public really does not matter. The provider will create a specific VPN just for you and this will not have any effect on the global routing table of your provider. And even if it did, the whole idea of public networks are address unique to you on the public network so no one besides you should be using it. Originally before the MPLS VPN came about, you had to use a public address/networks to peer with your provider at layer 3(for example the internet or similar), but by using rfc 2547 VPN, you are allowed to use private networks (like your Frame Relay network) if you want to... So kind of combining the positive features of both layer 2 and layer 3 VPN technology. - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64317t=64036 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Urgent Help !! How to check who's always attac [7:64088]
Go to www.arin.net and find out who owns the subnet. Then contact the owner of the network. Why did you put your e-mail as [EMAIL PROTECTED] Please correct your signature. Thanks! Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64090t=64088 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
rsvp question [7:63965]
Hello, If I configure rsvp reservations across a frame-relay network, and I am using point-point / multipoint sub-interfaces, when I configure the reservation, on the sub-interfaces, do I need to configure the reservation on the physical interfaces as well. Or is it ok to do it just on the sub-interface...?? Kind regards. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63965t=63965 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CiscoSecure Question [7:63941]
You only need one entry in Cisco Secure if you use wildcards are are willing to accept the fact that all devices will be using the same shared secret key. So for example, to configure all routers on the 172.16.x.x network you simply click on Network Configuration and select Add AAA Client. Give your clients a name (i.e. 172-16-routers) and a shared secret password. For the IP address use 172.16.*.*. Any client using an ip address from the range 172.16.0.0/16 will be accpeted assuming the shared secret password is known. Take care, Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63996t=63941 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf - rip redistribution issue, [7:63647]
Hello, I have ospf in to rip redistribution on a /24 classfull boundary, I Summarized/ area range(d) all the networks in ospf domain to /24 to get them to show up in rip.domain. No real problems here, though I haved one network in ospf 200.200.0.0/16 which is not showing up in rip router. What can I do to make this /16 route cross the classfull boundary, as its prefix is shorter that the /24 network it need to cross thus cant be summarised. Or should this route be capable of traversing the /24 classful boundary, automatically,. Any help greatly appreciated. Kind regard. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63647t=63647 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf p2p network type vs frame relay inarp [7:63579]
Hi all, I did some tests and found this problem. Ra is the hub of fr connection, rc is the spoke When only inarp used, all ospf network types passed the test except p2p network type. No adjacency was able to be established. OSPF states kept looping between init, exstart and exchange. Note, same configuration, only ip ospf network statement was changed. I could not find any document about ospf p2p type vs frame relay inarp. Does anyone else come across the same problem in the lab? Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63579t=63579 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ospf md5 authentication [7:63580]
Hi all, Here is the another question i came across in the lab When plain text passwd (type 1) is used as ospf authentication, it checks the actual passwd. when md5 (type 2) is used, a wrong passwd was set on purpose, surprisingly the adjacency was still able to be established. Read Doyle book, it mentioned the actual message digest is appended in the end of the packet, instead of the authentication field as type 1 does, and it is not considered as part of the packet itself. Is it why the routers do not check the md field? thanks in advanced Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63580t=63580 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ICMP restriction [7:63225]
Hamed, You can try this command no ip unreachable under your serial interface Paul Hamed Sedighi wrote: Dear Sirs/Madams, I restricted ICMP protocol on my input serial port as following: access-list 102 deny icmp any 192.168.1.0 0.0.0.255 echo At now, when a person do PING my network from outside, the following message is appeared: Reply from My_Router_IP_Address Destination host unreachable. I don't like to appear My_Router_IP_Address. Is there any way to make a restriction on Ping command without appearing my router IP address? I like to receive Request timed out when I ping my network form outside. I will be happy if you give me any suggestion. Regards, H.Sedighi Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63231t=63225 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: frame relay lmi-n39x functions [7:63120]
Hi Jens, Thanks for the information. What confused me is this url: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_c/wcdfrely.htm#46235 It states The only visible indication to the user that LMI autosense is underway is when debug frame lmi is turned on. Every N391 interval, the user will now see three rapid status enquiries coming out of the serial interface. One in ANSI, one in ITU and one in cisco LMI-type. It behaves differently from what i saw. when interface just becomes up/up, three status requests are sent, but after that, only one status request is sent, which doesn't match what is described above. Regards, Paul Jens Neelsen wrote: Hi, the commands work different than you describe. The status request ist sent every 10 sec (keepalive 10). Every 10 sec an answer is received. By default every 6th status request is a full status request. The answer then contains the DLCIs and the status of each DLCI. The command lmi-n391dte 3 changes the full status request from every 6th to every 3rd. The command lmi-n392dte 2 changes the number of status errors from 3 to 2. This is only relevant when no status answers are received. Try the following link: http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1835/products_command_reference_chapter09186a00800ca7eb.html Jens Neelsen --- paul dong so wrote: Hi all, while practicing frame-relay lmi-n39x commonds, i can not make the commonds work as they are supposed to be. Scenario: frame-relay switch RA on RA, use lmi autosense. basic FR function works fine, following config is abstract only serial 0 encapsulation frame-relay frame-relay interface-dlci 401 ip address 150.50.24.2 255.255.255.0 frame-relay lmi-n391dte 3 frame-relay lmi-n392dte 2 frame-relay lmi-n393dte 2 keepalive 10 If debu frame lmi is turned on, i would expect every 30 seconds, 3 status requests will be sent out serial0 as a result of frame-relay lmi-n391dte 3 and lmi autosense. But i can only see one status request is sent. Tried shut/no shut interface, etc to no vail. Any idea how these commands affect frame relay behaviors? Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63129t=63120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
frame relay lmi-n39x functions [7:63120]
Hi all, while practicing frame-relay lmi-n39x commonds, i can not make the commonds work as they are supposed to be. Scenario: frame-relay switch RA on RA, use lmi autosense. basic FR function works fine, following config is abstract only serial 0 encapsulation frame-relay frame-relay interface-dlci 401 ip address 150.50.24.2 255.255.255.0 frame-relay lmi-n391dte 3 frame-relay lmi-n392dte 2 frame-relay lmi-n393dte 2 keepalive 10 If debu frame lmi is turned on, i would expect every 30 seconds, 3 status requests will be sent out serial0 as a result of frame-relay lmi-n391dte 3 and lmi autosense. But i can only see one status request is sent. Tried shut/no shut interface, etc to no vail. Any idea how these commands affect frame relay behaviors? Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63120t=63120 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: CCIE and Packet (the cut'n'paste from hell!) [7:62998]
In this case the issue is the URL spans more the 72 characters which is the size most e-mail clients use as a width of a message. When you cut/paste you do not capture the entire URL. But this is not GroupStudy's faults, it is the fault of the client software. But there is a case where GroupStudy mangles URL's. Remember GroupStudy will always attempt to translate your HTML posting into Plain-Text. So if you have an HTML posting with the Scott, I think the problem is that they're trying really hard on the list to avoid becoming commercial (see the thread CCIE Study Materials - Anti-Rant [7:62930]), so they've blocked promotions for specific vendors like that Cisco place (lol!!!) Geoff Mossburg Heh heh. :-) No, the actual issue is that a URL can't be in the first line of post, as I recall. If you want to post a URL you must add filler to it. This particular issue has been a thorn in the side of Priscilla for a while now. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63027t=62998 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Update of Anti-Mime Software [7:63043]
Ok, I updated our anti-mime software. Let's see if that fixes the problem of having a URL on the first line. I personally have not been able to duplicate the problem. Please send me any bug reports! Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Paul Borghese Sent: Friday, February 14, 2003 9:28 AM To: [EMAIL PROTECTED] Subject: RE: CCIE and Packet (the cut'n'paste from hell!) [7:62998] In this case the issue is the URL spans more the 72 characters which is the size most e-mail clients use as a width of a message. When you cut/paste you do not capture the entire URL. But this is not GroupStudy's faults, it is the fault of the client software. But there is a case where GroupStudy mangles URL's. Remember GroupStudy will always attempt to translate your HTML posting into Plain-Text. So if you have an HTML posting with the Scott, I think the problem is that they're trying really hard on the list to avoid becoming commercial (see the thread CCIE Study Materials - Anti-Rant [7:62930]), so they've blocked promotions for specific vendors like that Cisco place (lol!!!) Geoff Mossburg Heh heh. :-) No, the actual issue is that a URL can't be in the first line of post, as I recall. If you want to post a URL you must add filler to it. This particular issue has been a thorn in the side of Priscilla for a while now. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63043t=63043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Easy question [7:63002]
Type show version to view your configuration register. If the configuration register is 2142 perform the following command (from privilege mode): config t config-register 0x2102 end copy run start Take care, Paul Borghese -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Johnson, Richard (NY Int) Sent: Thursday, February 13, 2003 11:22 PM To: [EMAIL PROTECTED] Subject: Easy question [7:63002] Hi all, Every time I boot my router, it asks if I want to configure my router. I know I have to type some sort of confreg line in. Can someone tell me which one so I can boot my router correctly, without having to reconfigure it each time. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63008t=63002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Snort versus Cisco IDS [7:62939]
Do not forget about the open source scanner Nessus (www.nessus.org) for penetration testing. One of the best around! Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Vicky Mair Sent: Thursday, February 13, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: RE: Snort versus Cisco IDS [7:62939] comments in-line: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 9:06 PM To: [EMAIL PROTECTED] Subject: Snort versus Cisco IDS [7:62939] Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? i'm not at all surprised (mean no dis-respect to anyone).the same reason cisco don't use ciscoworks for managing their internal production devicesthe same reason m$ doesn't use their own source control software for coding.in my opinion open source rules. linux, mrtg and snort are perfect examples. Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. it depends whose talking ;-) But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: oh boy, this is a loaded question.but since you asked, in my opinion i'm simply impressed by the rule sets that are being generated for snort as compared to cisco ids...perfect example was slammer worm virus. snort community had the rule set out in matter of couple hours. if need be you can even get commercial support for snort similar to linux and mrtg. one could argue between hardware and software ids solutions similar to hardware and software ipsec encryption solutions. we can talk about this all day ;-) ultimately its upto you to make that decision, weighing pros and cons of a product before making the investment (time/money/support/roi...etc). as you know, there's 10 different ways to skin a catthere's no silver bullet ;-) rule #1: perfection is a myth, there's no perfect network. regards, /vicky Cisco Secure IDS DirectorHP OpenView Network Node Manager plug-in that runs on UNIX (Solaris and HP-UX) Cisco Secure Policy Manager (v2.2+)Windows NT-based package Thanks. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63010t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Snort versus Cisco IDS [7:62939]
The thing that makes SNORT so powerful is the attack rules which are updated almost daily. Also, you can not beat the price. Simply find an unused PC, install Linux and install Snort. The software and OS is free! You will need some sort of parsing software to read the snort logs. Check out ACID (http://acidlab.sourceforge.net/) or SnortSnarf. Paul Borghese -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Will Gragido Sent: Friday, February 14, 2003 12:02 AM To: [EMAIL PROTECTED] Subject: RE: Snort versus Cisco IDS [7:62939] Not to mention the fact that Cisco Systems bought Okena Software www.okena.com, last month specifically for their Intrusion Prevention software. SNORT is a great tool, I don't think that anyone would or can argue that. I think that being that it's driven by the open source community it comes (and has come since it became the 'SHADOW'), under a great deal of scrutiny; however, I have yet to see instances where it fails. I agree with Kent in regards to Cisco System's proudly recommending their solution (which when you look under the hood is really an OEM licensed version of Entercept's product, hence the purchase of OKENA). Furthermore, I can't see ANY Cisco Systems SE staying employed for any amount of time if they openly discouraged existing as well as potential clients from purchasing their solutions. Cheers, Will Gragido CISSP CCNP CIPTSS CCDA MCP 9450 W. Bryn Mawr Ave. Suite 325 Rosemont, Il 60018 www.ins.com [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kent Hundley Sent: Thursday, February 13, 2003 3:39 PM To: [EMAIL PROTECTED] Subject: Re: Snort versus Cisco IDS [7:62939] On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote: Someone told me in an authoritative voice today that Cisco doesn't recommend their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a big part of SAFE? Whomever told you this: 1) Is extremely naiive (one Cisco engineer told them something and they took it as gospel) 2) Has never talked to any of the Cisco teams that manage large global accounts I can tell you for a 100% fact that Cisco recommends their IDS very actively to their large global customers, I'm working on a Fortune 5 account right now and the Cisco team is heavily pushing a Cisco IDS deployment. If one of their engineers recommended snort, the AM would have them bound and gagged and thrown in a very dark basement. ;-) Of course, the person who said this doesn't understand that Cisco is a huge, chaotic organism, and that saying Cisco does something based on what one person does, doesn't make sense. But I'm just curious, what do you all recommend for intrusion detection? How do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more complicated, requiring appliances or IDS cards in a switch and a console: Cisco IDS is a commercial, fully baked product in the sense that it has a lot of bells and whistles for the end-user market. Cisco is also developing custom hardware such as blades that slide into a Cat 6500, making for easy deployment and the ability to capture and process traffic at Gigabit speeds. Snort is much more of a tech geeks solution, although there are a lot of talented people writing code to increase its ease of use such. (things like ACID and Demarc) The bottom line is that snort will do the job in a lot of environments, but your going to need to have some very technical people to handle the care and feeding of the system. It is an open source solution and doesn't come with built-in support other than what you get through mailing lists. The Cisco IDS comes with TAC behind it. You pay more for more support baked into the process and a large amount of dedicated resources working on your issues. (it's the same old open source vs commercial product argument) For small environments where funds are very limited or for environments with highly technical but cheap labor (such as universities), snort is probably the better solution. For large enterprises, Cisco would probably be the better choice. Of course, YMMV, a lot depends on the environment, , that's my opinion, take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer, disclaimer... Regards, Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63011t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed CCIE written exam [7:62854]
Hi all, Just passed the written and feel like i need to say something. Really want to say thanks for all the helps I gained from this study group. Test is 3 hours, 150 questions, single or multiple choices. If mulitple, will give indication how many answers. Can go backward and forward to check the questions. Passing score 58. Highly recommend 1. Boson #1 and #3. You should make sure you either remember or understand every answer. Don't even give up hard ones. Only give up something you really think it is going to be nonesense if you have to waste your brain resource memorizing the answers. 2. Need to understand these topics in depth: VoIP, MPLS(mpls-vpn, mpls-te), QoS. Those are my failing points where i only read superficially, but not in depth. 3. Try to read the online CCO website as much as you can, here is my another failing point. 4. The rest are the usual stuffs that every one talks a lot: books to read: Doyle's routing, lan switching, cisco press QoS, cisco press mpls, Caslow. Now it is time to crack the most difficult part: Lab. Cheers, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62854t=62854 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ccie per hour rate [7:62894]
I want just general networking. Not really designing any really big projects or anything. How much per hour would be reasonable? Paul Beckman CIS Department Delta Health Group 850-470-0155 [EMAIL PROTECTED] The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62894t=62894 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: newbie: removing an ip route to loopback [7:62811]
Type no interface loopback0 The network is a virtual interface on the router, If you scroll through the running config you will see Int loopback0 Ip address 10.x.x.x x.x.x.x MAKE SURE no one needs this before delete it, Otherwise fire ahead, this will reemove it, Matbe go and research its usage before you delete it to be sure. Its showing up because its directly attached to the router, , Look at the C beside it, that means directly connected. Kind regards. -Original Message- From: J. Johnson [mailto:[EMAIL PROTECTED]] Sent: 11 February 2003 17:23 To: [EMAIL PROTECTED] Subject: newbie: removing an ip route to loopback [7:62811] Please pardon my newbieness ... I have a router with this in the routing table: Router#show ip route 10.0.0.0/24 is subnetted, 1 subnets C 10.0.0.0 is directly connected, Loopback0 Router# I would like to remove it. However, the following (and several variations) doesn't do the trick: Router(config)#no ip route 10.0.0.0 255.255.255.0 Loopback 0 %No matching route to delete Router(config)# This command with other addresses works the way I would expect it to work. E.g. I can do ip route 10.0.0.3 255.255.255.255 Loopback 0 and the route appears, and then no ip route 10.0.0.3 255.255.255.255 Loopback 0 and the route is gone. Presumably the difference is that the 10.0.0.0 address is a network address. Is there a way to remove it? This router is a 3620 shared by several people in a lab environment. I don't know how this route got into the table. James This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62812t=62811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
logging question. [7:62735]
Hello Group, On a router you have the following logging available, alerts Immediate action needed (severity=1) critical Critical conditions (severity=2) debugging Debugging messages (severity=7) emergencies System is unusable (severity=0) errors Error conditions (severity=3) informational Informational messages (severity=6) notifications Normal but significant conditions (severity=5) warnings Warning conditions (severity=4) If you type : logging buffered debug You log severity 7 and all lower levels on ie, 6,5,4,3...0 Is it possible to logging particular severity levels, say you wanted to log severity 7,4,1 only can this be achived on a router, Any help appreciated, Kind regards. Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62735t=62735 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: BGP help needed., [7:62736]
Hello, I have the practise lab I am working on. 3 routers in lab, AS100 --AS200-AS300 I have a loopback 1.1.1.1 in AS100 and I want to advertise it to AS200 who in turn will advertise it to AS300. When it arrives in AS300 it has to look like it originated in AS200 and NOT for AS300. This needs be achieved with 1 command on AS200. Anyone any idea how to do get this to work, Can this be done,..?? Kind regards, Paul. This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62736t=62736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Telnet to 2501 through a linksys router [7:62654]
Jason, I am kind of confused, how can you allow telnet to both your sun box and router at the same time from the outside? Do you have multiple addresses on your WAN side? If you are saying you are already inside your lan, and from the sun box, telnet into your router and it works ok.. then I would assume that somehow, your router cannot/or dont know how to fwd packets outside your internal lan. Can you post the config? I have a linksys and 2511 behind it also. Do you have a default gateway on your cisco router, and is it pointing to the linksys router? - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62671t=62654 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
preparation tips for ccie lab [7:62434]
Hi all, Passed the written and am prepraring to crack the hardest part. I appreciate any tips and recommendation on where to start(equipment is not my concern at this point) and what is the best study strategy in terms of time allocation, focusing areas, good study materials, etc. Thanks in advance Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62434t=62434 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
passed ccie written [7:62395]
Hi all, Just passed the written and feel like i need to say something. Really want to say thanks for all the helps I gained from this study group. Test is 3 hours, 150 questions, single or multiple choices. If mulitple, will give indication how many answers. Can go backward and forward to check the questions. Passing score 58. Highly recommend 1. Boson #1 and #3. You should make sure you either remember or understand every answer. Don't even give up hard ones. Only give up something you really think it is going to be nonesense if you have to waste your brain resource memorizing the answers. 2. Need to understand these topics in depth: VoIP, MPLS(mpls-vpn, mpls-te), QoS. Those are my failing points where i only read superficially, but not in depth. 3. Try to read the online CCO website as much as you can, here is my another failing point. 4. The rest are the usual stuffs that every one talks a lot: books to read: Doyle's routing, lan switching, cisco press QoS, cisco press mpls, Caslow. Now it is time to crack the most difficult part: Lab. Cheers, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62395t=62395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed ccie written [7:62395]
Token Ring, IPX are listed in Blueprint, I will not skip those topics. As for questions, they are really the questions you should know the answers. cheers, Paul Leon Zhao wrote: Congrats. I've been seeing complaints about too much questions on old tech such as Token Ring, IPX. Did you have the same feeling? Thanks, Leon paul dong so wrote: Hi all, Just passed the written and feel like i need to say something. Really want to say thanks for all the helps I gained from this study group. Test is 3 hours, 150 questions, single or multiple choices. If mulitple, will give indication how many answers. Can go backward and forward to check the questions. Passing score 58. Highly recommend 1. Boson #1 and #3. You should make sure you either remember or understand every answer. Don't even give up hard ones. Only give up something you really think it is going to be nonesense if you have to waste your brain resource memorizing the answers. 2. Need to understand these topics in depth: VoIP, MPLS(mpls-vpn, mpls-te), QoS. Those are my failing points where i only read superficially, but not in depth. 3. Try to read the online CCO website as much as you can, here is my another failing point. 4. The rest are the usual stuffs that every one talks a lot: books to read: Doyle's routing, lan switching, cisco press QoS, cisco press mpls, Caslow. Now it is time to crack the most difficult part: Lab. Cheers, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62476t=62395 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: passed ccie written [7:62484]
Hi, I think my PC has problem, my emails don't seem to be shown, but they are actully there. If I have sent a few of them, please forgive me. :) I was asked a few questions, here are the answers: 1. token ring and ipx are the topics you need to know as they are listed in the blueprint 2. there are exhibition questions, quite a few, you can prepare yourself via boson exam 3. reading CCO website to expand the topics on the books. Normally they are more uptodate. But it is up to your time allocation scheme as online materials are vast. If you don't have time, you can choose the topics you are not that good at or you find the books can't answer your questions. HTH Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62484t=62484 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
bgp community [7:62326]
can someone help me? i am currently doing bgp in my test lab. i did a community no-advertise in one of the routes to be advertise by the local as to another as, but i can't see it in that other as. i also did a redistribution from bgp to igp (ospf) in the other as so that both bgp and igp would sync because one of the problems stated that i should not disable sync. did i missed something? here's my config in my test lab: router bgp 2 bgp log-neighbor-changes redistribute connected route-map loops neighbor 153.153.3.3 remote-as 3 neighbor 153.153.3.3 ebgp-multihop 255 neighbor 153.153.3.3 update-source Loopback10 neighbor 153.153.3.3 send-community route-map loops permit 10 match interface Loopback33 Loopback55 set origin igp ! route-map loops permit 20 match interface Loopback22 - loopback 22 is 22.22.22.22/24 set origin igp set community no-export when i did show ip bgp on the 153.153.3.3 router, Network Next HopMetric LocPrf Weight Path *i11.0.0.0 153.153.1.1 100 0 23 111 i * 33.0.0.0 153.153.6.6 1 0 2 i *i44.0.0.0 153.153.1.1 100 0 23 111 i * 55.0.0.0 153.153.6.6 1 0 2 i *i66.0.0.0 153.153.1.1 100 0 23 111 777 i *i77.0.0.0 153.153.1.1 100 0 23 111 444 555 i *i103.103.103.0/24 153.153.1.1 0100 0 23 i *i183.0.0.0/8 153.153.4.4 100 0 65003 i i can't see the 22.0.0.0 network. thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62326t=62326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 831 routers [7:61707]
Glad to help Thomas. My experience with lower-end 2600's (2611/2621) is that they can reach approximately 500-750Kbps of 3DES IPsec performance (depending upon traffic type; purely 1440-byte packets might get you north of 800Kbps). The 831 is rated, as per Cisco (http://tools.cisco.com/cmn/jsp/index.jsp?id=20753), at around 2Mbps with standard traffic, so real world performance should be better (64-byte packets induce the greatest amount of stress). This, plus the punting of LLQ into the crypto engine, Websense/N2H2 content filtering and virtual AUX makes this little router quite acceptable for small offices, though there isn't any modularity of course (e.g. no WICs, no NMs). Cheers. Paul Forbes Network Engineer Trimble -Original Message- From: Thomas N. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 11:15 PM To: [EMAIL PROTECTED] Subject: Re: Cisco 831 routers [7:61707] Thanks Paul. Do you have any chance to test out for performance of GRE+IPSec? Is it better than that of software-based encryption on the 2600 routers? Paul Forbes wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... They're available (we have four in house ready for deployment). I haven't tested them with all knobs on (GRE+IPsec, CBAC, IDS, QoS, EIGRP/OSPF, etc.), but VPN+CBAC has worked beautifully. Check with your VAR or Cisco account team for leadtimes. Cheers. Paul -Original Message- From: Thomas N. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: Cisco 831 routers [7:61707] Hi All, I wonder if anyone here could get a hold of the new Cisco 831 VPN router? I am trying to get couple of these routers but being told they are onhold by Cisco. I am just curious why? and when they are available again? Thanks! Thomas. Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62051t=61707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: UDP port 1434 [7:61891]
One interesting assumption (underline assumption) is that BofA's service providers were partially sharing facilities between their private (ATM/FR) and public (Internet) networks. If that's the case, once the CPU on some of those shared routers/switches went to 100%, BofA's automatic teller machines are going to disappear. Paul Forbes Network Engineer Trimble -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED]] Sent: Monday, January 27, 2003 10:51 AM To: [EMAIL PROTECTED] Subject: Re: UDP port 1434 [7:61891] Maybe this is a silly question considering where I work, but is it common for huge banks to connect their ATMs to their data centers over the Internet? We certainly don't do that, and wouldn't even consider doing it, so I was surprised that BofA appears to be doing just that. Then again, they probably have twenty times more ATMs than we do, so perhaps they have different issues to be considered. John Priscilla Oppenheimer 1/27/03 11:24:42 AM Good points. How much bandwidth goes to some of the remote ATMs? Probably very little. They probably got crunched by the huge number of UDP packets. Of course, better filtering would have prevented that. But there's no need to assume that BoA runs MS-SQL or to worry that private info was compromised, etc. DoS attacks usually have very little to do with privacy compromises. Not claiming to be a security expert, so just correct me if I'm way off base! :-) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61979t=61891 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: A special new game [7:61850]
Hmmm, someone has a worm as this did not come from me. Here is the complete header of the original e-mail (which contained an attachment I assume is a worm): Return-Path: Received: from Elltjj (CPE000795e203c5-CM013519900555.cpe.net.cable.rogers.com [24.43.170.194]) by groupstudy.com (8.9.3/8.9.3) with SMTP id RAA24384 GroupStudy Mailer; Sat, 25 Jan 2003 17:04:48 GMT Date: Sat, 25 Jan 2003 17:04:48 GMT Message-Id: From: pborghese To: [EMAIL PROTECTED] Subject: A special new game If you are using rogers.com, please clean your system. Thanks! Paul Borghese -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of pborghese Sent: Saturday, January 25, 2003 12:05 PM To: [EMAIL PROTECTED] Subject: A special new game [7:61850] This is a very new game This game is my first work. You're the first player. I wish you would enjoy it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61874t=61850 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: HELP..........FTP Problem [7:61549]
Hi, We had a similar issue just a few weeks back. Our customer outsource thier firewall to thier ISP and we use NAT for our server. Switching to passive mode solved our problem as the server hands control over to the client meaning the client initiates the data session on a not well known port # returned by the server. Stateful firewalls then sees the session as being initiated by an internal client. Another item we had to overcome at a different client's network is NAV Internet Gateway software. We switched to binary mode to overcome this one. NAV did not like the padding that occurs with other ftp modes. Hope this helps, Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61690t=61549 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 831 routers [7:61707]
They're available (we have four in house ready for deployment). I haven't tested them with all knobs on (GRE+IPsec, CBAC, IDS, QoS, EIGRP/OSPF, etc.), but VPN+CBAC has worked beautifully. Check with your VAR or Cisco account team for leadtimes. Cheers. Paul -Original Message- From: Thomas N. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 23, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: Cisco 831 routers [7:61707] Hi All, I wonder if anyone here could get a hold of the new Cisco 831 VPN router? I am trying to get couple of these routers but being told they are onhold by Cisco. I am just curious why? and when they are available again? Thanks! Thomas. Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61726t=61707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
upgrade flash question [7:61447]
The flash on my 2621xm router is write protected and I cant delete it, how do I remove this and upgrade the flash: and help appreciated. Kind regards. Paul. Paul Casey O2 Ireland Core Network Eng'g Team 76 Lower Baggot Street, Dublin 2. * Mob : +353 86 8143310 E-mail: [EMAIL PROTECTED] PLEASE NOTE THAT THE ABOVE IS CONFIDENTIAL INFORMATION I See what you can do www.o2.ie This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61447t=61447 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
GroupStudy DB Crash [7:61288]
I would like to apologize as the GroupStudy database crashed thus preventing any postings for the past 20 hours or so. Tonight I performed an upgrade to the database in the hopes it will increase reliability. Please resend any messages that do not appear on the site. Sorry! Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61288t=61288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
TACACS password encryption [7:60886]
Hi all, Am reading cramsession notes and there are statement like this: 1. The entire body of Tacacs+ packet is encrypted is ther is a shared key on the router and server. 2. Tacacs transmits passwords in clear text Dont' they conflict? Is the user password encrypted or not? Thanks Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60886t=60886 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Flaw found in vendors ethernet cards [7:60698]
From Cert.org. The complete text may be found at http://www.kb.cert.org/vuls/id/412115 The Ethernet standard (IEEE 802.3) specifies a minimum data field size of 46 bytes. If a higher layer protocol such as IP provides packet data that is smaller than 46 bytes, the device driver must fill the remainder of the data field with a pad. For IP datagrams, RFC1042 specifies that the data field should be padded (with octets of zero) to meet the IEEE 802 minimum frame size requirements. Researchers from @Stake have discovered that, contrary to the recommendations of RFC1042, many Ethernet device drivers fail to pad frames with null bytes. Instead, these device drivers reuse previously transmitted frame data to pad frames smaller than 46 bytes. This constitutes an information leakage vulnerability that may allow remote attackers to harvest potentially sensitive information. Depending upon the implementation of an affected device driver, the leaked information may originate from dynamic kernel memory, from static system memory allocated to the device driver, or from a hardware buffer located on the network interface card. Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60698t=60698 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
fragmentation question [7:60643]
Hi All, Please shed a light on this as I am confused. Fragmentation for UDP/TCP: * Only the first fragment contains the UDP or TCP header, not the sequencial fragments? Fragementation for IP packets * every fragmented packet will contains ip header? MTU 1500 bytes, doesn't it mean the data payload can not exceed 1500 bytes or the whole packet size(payload+header) can not exceed 1500 bytes? Thanks in advance Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60643t=60643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
AVVID billing system? [7:60492]
Hello all, Does anyone have any strong recommendations for a billing system for an enterprise-level AVVID deployment (1000+ users, distributed, multiple cluster, etc.)? I'd prefer suggestions based upon personal experience - the AVVID partner page (http://www.cisco.com/pcgi-bin/ecoa/Search?choose_category=EVBUthe_exam ples=Select%20Allthe_examples1=Select%20All) has innumerable options and I was hoping to weed some, if not most of them out. Some of the solutions we've seen have been more service provider class and hence, out of our price range. Thanks for the help. Paul Forbes Network Engineer Trimble Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60492t=60492 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: MPLS images for 7200? 2500? [7:60284]
Chuck, It definitely is an unsupported image. It is an image that Cisco created internally for some testing only. Most of people at Cisco don't even know the image exists.. I know, I even opened a TAC ticket to locate this image and they told me that it did not exist even though I specifically mentioned I heard it was a testing version only. And the author of the image was nice enough to post the ftp site address a little while back when everyone started asking for it. - Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60360t=60284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
XSS Vulnerability found on Cisco Website [7:59744]
According to http://www.securiteam.com/securitynews/6T00D206AC.html there is a Cross Site Scripting vulnerability on the Cisco website. Make sure you log off of your CCO account (which last time I checked Cisco does not give us that option!) before surfing the web. The only way I have been able to log off is turn off the browser which expires the cookie. Paul Borghese Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59744t=59744 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX and the Activation Key [7:59610]
Hi, Thanks to everyone who provided some 'intel', however after doing a #show version I do get the serial number and a Activation-Key displaying 4 sets of hexadecimal numbers, what is this key used for?( its version 6.1(4)) Also the registration site at CCO https://www.cisco.com/pcgi-bin/Software/FormManager/formgenerator.pl?pid=221fid=301 says New PIX owners do not need to use this page, urmm, now I am confused ;)) _ Add photos to your e-mail with MSN 8. Get 3 months FREE*. http://join.msn.com/?page=features/featuredemailxAPID=42PS=47575PI=7324DI=7474SU= http://www.hotmail.msn.com/cgi-bin/getmsgHL=1216hotmailtaglines_addphotos_3mf Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59610t=59610 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]