Re: PIX PDM [7:74758]

[Philip Suen]

I have experienced by using PDM to configure VPN is unstable. Everytime I
try to modify the particular VPN connection. All of the connection will be
disconnected.

In addition, everytime if you have changed the configuration in PDM, you
must remember to save it manually, otherwise reboot will erase all of the
config.

Finally, before you make any change within PDM, you should download the
latest version configuration from PIX. Otherwise, you will erase the running
config.

Philip

Gary Leong  wrote in message
news:[EMAIL PROTECTED]
 Our security group is recommending not to use PDM to
 configure our Pix firewalls.  They did not give any
 reason for their recommendation.  Does anyone know why
 PDM should not be used?

 __
 Do you Yahoo!?
 Yahoo! SiteBuilder - Free, easy-to-use web site design software
 http://sitebuilder.yahoo.com
 **Please support GroupStudy by purchasing from the GroupStudy Store:
 http://shop.groupstudy.com
 FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=75162t=74758
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

LS100 Single Mode ATM card [7:73087]

[philip]

Sorry for the off topic question, I am currently building a ATM lab and using
LS100 switch.
If anybody have an extra SM card for the LS100, please contact me off line.

Thanks

Philip




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=73087t=73087
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: number of CCIE [7:70151]

[philip]

Man,



I never see a job post specify that certain CCIE number is prefer.

Why did you even bother to ask this question in the beginning, if you think
the value of CCIE title has drop.

I think is fair to say, after you finished it than you will know what it
take.

Please take the CCIE lab exam before you make any common on this subject.

Of course the # mean a lot but the learning process was even more important.
In fact, one consultant company just hires two new CCIE recently with 140K
salaries per year. They both study at the same school that I went.



This studygroup is a very valuable resource to us and everybody is working
really hard to his or her dream. I will suggest that if you are scare about
the increasing number of CCIE, please leave and seeking another valuable
certification for yourself.



Just my 2-cent.


- Original Message -
From: n rf 
To: 
Sent: Thursday, June 05, 2003 5:16 PM
Subject: RE: number of CCIE [7:70151]


 Well, there are still less than 10,000 CCIE's.  So the population hasn't
 accelerated THAT dramatically.

 Having said that, I will say that the CCIE has most likely gotten less
 rigorous and therefore less valuable over time.  I know this is going to
 greatly annoy some people when I say this, but the truth is, the average
 quality of the later (read: high-number) CCIE's is probably lower than the
 average quality of the higher (read: lower-number) CCIE's.

 Before any of you high-number CCIE's decides to flame me, ask yourself if
 you were given the opportunity to trade your number for a lower number,
 would you do it?  For example, if you are CCIE #11,000 and you could trade
 that number for CCIE #1100, would you take it?  Be honest with yourself.
 I'm sure you would concede that you would.  By the same token we also know
 that no low-number CCIE would willingly trade his number for a higher one.
 The movement is therefore all one-way.  If all CCIE's were really
created
 equal then nobody would really care one way or another which number they
 had. Therefore the CCIE community realizes that all CCIE's are not created
 equal and that intuitively that the lower number is more desirable and the
 higher number is less desirable (otherwise, why does everybody want a
lower
 number?).  Simply put, the test is not as rigorous as it was in the past,
 which is why lower numbers are preferred.

 Or, I'll put it to you another way.  Let's say that starting at #12,000
 Cisco makes the test ridiculously hard, putting in all kinds of funky
 technologies, and making the pass rate less than 1% or some other
god-awful
 number.  What would happen?  Simple.  Word would get around that the new
 CCIE was super-rigorous and therefore very prestigious to pass.
Eventually,
 numbers greater than #12000 would be coveted, and everybody would want to
 trade in their number for one greater than #12000.  Recruiters and HR
people
 would start giving preference to CCIE's with numbers greater than #12000.
 The point is that when rigor increases, prestige and desirability tends to
 follow.  When rigor declines, so does prestige and desirability.


 And what is the cause of this decline in rigor?  Well, you alluded to
 several factors.  While it is still rather controversial exactly how the
 switch from 2 days to 1 day impacted the program, it is widely conceded
that
 it probably didn't help.  Nor does having all these braindumps all over
the
 Internet, and not just for the written, but the lab as well.  The CCIE has
 certain arcane logistical rules that people have figured out how to
'game' -
 for example, for example, some people who live near test sites just
attempt
 the lab every month over and over again.  Finally, there is the consensus
 that the CCIE program has simply not kept up with the growing amount of
 study material, bootcamps, lab-guides, and so forth.  We all know there's
an
 entire cottage industry devoted just to helping people to pass the lab,
and
 while there's nothing wrong with that per se, it does mean that Cisco
needs
 to keep pace to maintain test rigor.  To offer a parallel situation, when
 the MCSE bootcamps started to proliferate, the value of the MCSE plummeted
 because Microsoft did not properly maintain the rigor of the cert.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70239t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Password recovery [7:62738]

[Philip van Dalen]

Hi

I need to recover the password for a CISCO 2611 without wiping the
config?

Any idea's?

Philip




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=62738t=62738
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Fluke one touch Network assistant and RCS SafeNet software [7:54887]

[Blair, Philip S]

If you attached the Fluke to a switched port then it will only see network
traffic destined to the device on that port and multicast/broadcast traffic.

It would seem than that your broadcast traffic is 0.8% of your available
bandwidth, 80% of your 1% utilization.  That seems reasonable, I'd look
elsewhere for the problem.

One option if your equipment supports it would be to span the vlan traffic
to a port and plug the fluke into the spanned port.  Depending on you
network design you still may only see a subset of your traffic.

Philip

-Original Message-
From: Sim, CT (Chee Tong) [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 04, 2002 6:35 AM
To: [EMAIL PROTECTED]
Subject: Fluke one touch Network assistant and RCS SafeNet software
[7:54860]


Hi...

 

Recently we found that LAN is getting slower and I used Fluke One Touch
Network Assistant to check the health of network.  And it gave me the
following.

 

Utilization 1%

Error  0 %

Collision 0%

Broadcast 80 %

IP 48%

Station 250 %

 

Do you think the fluke output indicate that our network got problem?  The
broadcast portion is quite high and I tried to find out which pc contribute
to the broadcast, it gave me 

 

PC-A 6%

PC-B 6

PC-C 6%

PC-D 6%

PC-E 6%

PC-F 6%

PC-G 6%

PC-H 6%

PC-I 6%

 

All the PC that listed are installed with RCS software, when we uninstalled
RCS from the PC, the PC's broadcast will be gone.  Why RCS caused the
broadcast, I am not sure whether it is the cause of our network slowness or
not.  Any idea?  

 

Thanks in advanced

 

Sim

 

 

 


==
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
==
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.


==




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=54887t=54887
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: priviledge levels [7:53723]

[Blair, Philip S]

I'm quite sure you could accomplish your goals with TACACS and aaa
authorization, is that out of the question?

-Original Message-
From: Adam Hickey [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 12:52 PM
To: [EMAIL PROTECTED]
Subject: priviledge levels [7:53723]


All,

I want to configure a special priviledge level for our NOC in all our cisco
devices to basically have all commands except config. Looking at cco, if you
allow sh run at any priv level other than , the user will only be able to
see
the commands they can configure which defeats the purpose. Anyone know a way
around this - so the NOC can have say a level 14 access and be able to see
the
entire running-config without being able to configure anything?

thx
Adam




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53727t=53723
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TACACS+ [7:53721]

[Blair, Philip S]

Your passwords are encrypted with SSH between the client and router, between
the router and tacacs server your tacacs key is used.

I use tac_plus with clients that use a combination of SSH and telnet. Some
routers require SSH some basic telnet is allowed.  I have no special
configurations within tac_plus to accommodate the two access methods.

Philip

-Original Message-
From: Erich Kuehn [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 12:16 PM
To: [EMAIL PROTECTED]
Subject: TACACS+ [7:53721]


Im trying to setup tacacs+ for aaa on my routers. I have downloaded and
installed tacplus from cisco on a linux box (RH7.3). Im looking for some
examples of config files for the tac_plus executable. Currently we use SSH
and local logins for authentication,  I would like to continue to use SSH
to get into my boxes. From the config files I have seen Im unsure as to how
I would continue to use SSH as the passwords are all encrypted.

Thanks

Erich




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53734t=53721
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: TACACS+ [7:53721]

[Blair, Philip S]

Mike,

I guess your reading comprehension skills are on par with your tact.

The original post was in regards to SSH and TACACS, and my reply to that
post was to point out the functional difference between SSH or Telnet access
and TACACS.

The conversion between the client and router is encrypted via the SSH
session, but the TACACS server is providing AAA.  The same as it would with
a telnet session; however, the telnet session wouldn't provide encrypt
between the client and the router.

Philip

-Original Message-
From: mike greenberg [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 3:53 PM
To: [EMAIL PROTECTED]
Subject: RE: TACACS+ [7:53721]


Now I know why EDS stock is taking a beating
When you use TACACS+, you basically offload the authentication,
authorization and
accounting to the TACACS+ server (running on your Linux box).  If you don't
want
people to connect to your routers via telnet, set the vty line on your
routers to
accept only SSH.  You can still log onto the routers with SSH and use the
account
on your TACACS+ server (if you configure the router properly).  I have a
sample
TACACS+ configuration.  Contact me off-line if you are interested.  The
configuration
of TACACS+ has nothing to do with either telnet or ssh
 Blair, Philip S 
wrote:Your passwords are encrypted with SSH between the client and router,
between
the router and tacacs server your tacacs key is used.

I use tac_plus with clients that use a combination of SSH and telnet. Some
routers require SSH some basic telnet is allowed. I have no special
configurations within tac_plus to accommodate the two access methods.

Philip

-Original Message-
From: Erich Kuehn [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 12:16 PM
To: [EMAIL PROTECTED]
Subject: TACACS+ [7:53721]


Im trying to setup tacacs+ for aaa on my routers. I have downloaded and
installed tacplus from cisco on a linux box (RH7.3). Im looking for some
examples of config files for the tac_plus executable. Currently we use SSH
and local logins for authentication, I would like to continue to use SSH
to get into my boxes. From the config files I have seen Im unsure as to how
I would continue to use SSH as the passwords are all encrypted.

Thanks

Erich
Do you Yahoo!?
New DSL Internet Access from SBC  Yahoo!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53748t=53721
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP default route distribution. [7:52377]

[Blair, Philip S]

Try adding:

router eigrp 1
 redistribute static

Lose the ip default-network command

-Original Message-
From: Robert Cluett [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 30, 2002 1:29 PM
To: [EMAIL PROTECTED]
Subject: EIGRP default route distribution. [7:52377]


I have the following network in my home lab:

Internet RouterEisenhowerRooseveltNixonKennedy
  
The Internet Router (192.168.1.1) runs RIP.  Eisenhower (E0:192.168.1.100
and S0:172.26.1.9) runs RIP and EIGRP.  Roosevelt, Nixon, and Kennedy run
EIGRP for the 172.26.1.0,172.26.128.0,192.168.3.0, and 192.168.4.0
networks.  I am peforming redistribution of EIGRP into RIP on the internet
router which also hosts my LAN of 192.168.1.0).  I am unable to propagate
the default route out to the rest of the EIGRP routers being Roosevelt,
Nixon and Kennedy.  Any one have a clue on what I am missing?

EISENHOWER CONFIG BELOW

router eigrp 1
 passive-interface Ethernet0
 network 172.26.1.0 0.0.0.255
 network 172.26.128.0 0.0.0.255
 network 192.168.3.0
 network 192.168.4.0
 auto-summary
 eigrp log-neighbor-changes
!
router rip
 version 2
 redistribute eigrp 1 metric 0
 passive-interface Serial0
 passive-interface Serial1
 network 192.168.1.0
 no auto-summary
!
ip classless
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 192.168.1.1




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52381t=52377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: EIGRP default route distribution. [7:52377]

[Blair, Philip S]

You don't have all your loopbak addresses in the 172.26.128.0/24 network, do
you?

If so, create unique subnets for each loopback.

-Original Message-
From: Robert Cluett [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 30, 2002 2:47 PM
To: [EMAIL PROTECTED]
Subject: RE: EIGRP default route distribution. [7:52377]


Ah! redistribute static, and removing the default-network worked!

The other option would have forced EIGRP to run on the interface I was
running RIP on, and thus would defeat the purpose of what I was trying to
do.

Only one problem...why cannot I not get to the loopback addresses I have
placed on each router and included in the eigrp 1 process as network
172.26.128.0/24?  Any ideas?

Thanks guys!




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=52388t=52377
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ACL studying [7:49154]

[Blair, Philip S]

A different spin.

access-list 1 permit 10.10.10.32 0.0.0.1
access-list 1 permit host 10.10.10.34 
access-list 1 deny 10.10.10.32 0.0.0.127
access-list 1 deny host 10.10.10.49
access-list 1 permit any




-Original Message-
From: Persio Pucci [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 18, 2002 2:19 PM
To: [EMAIL PROTECTED]
Subject: ACL studying [7:49154]


Folks,

what would be the smallest way to put an ACL to filter, let's say, IPs
10.10.10.35 to 10.10.10.49?

(just want to check if I am doing it ok...)

Persio




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=49175t=49154
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - Networkers, Orlando [7:47921]

[Philip Jache]

I will be there and would like to meet up with any members.

Phil

= Original Message From R. Benjamin Kessler 
 =
Anyone from the list going?  Is there going to be a GroupStudy
gathering?
_
Commercial lab list: http://www.groupstudy.com/list/commercial.html
Please discuss commercial lab solutions on this list.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47921t=47921
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dual Link redundancy .... [7:47854]

[Blair, Philip S]

Check out Fast Etherchannel

(watch for wrapping)
http://www.cisco.com/warp/customer/cc/techno/media/lan/ether/channel/tech/fe
tec_wp.htm

-Original Message-
From: Paul [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 01, 2002 2:05 PM
To: [EMAIL PROTECTED]
Subject: Dual Link redundancy  [7:47854]


I have two switches that will be connected over fibre ... two connections at
each end  (hope you like the top Ascii art :))


|   1  |---| 1   |
|  A  |   | B   |
|_2 _|---|_2_ |


How can I fix it so that if A1-B1 goes down A2-B2 automatically becomes
active
?? Or even use both links to load balance and hence take the full load if
the
other falls over .

Regards

Paul ...




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47865t=47854
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: authentication and router [7:46932]

[Blair, Philip S]

Try to change:
line con0 
line authentication no_tacacs

To:
line con0 
login authentication no_tacacs

-Original Message-
From: GEORGE [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 21, 2002 11:52 AM
To: [EMAIL PROTECTED]
Subject: FW: authentication and router [7:46932]


I wouldn't like any username prompt at the console

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Blair, Philip S
Sent: Thursday, June 20, 2002 3:20 PM
To: [EMAIL PROTECTED]
Subject: FW: authentication and router [7:46932]

At the password prompt, if you enter your configured enable password you
get
access?

Sounds like it's working as you have it configured, how did you want it
to
work?

Philip

-Original Message-
From: GEORGE [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 5:37 PM
To: [EMAIL PROTECTED]
Subject: authentication and router [7:46932]


I just configured my router to authenticate with cisco secure every
works ok, except if I try to
Console I get a password promt, and I stop cisco secure I get a password
promt
Now I tried to enter my enable password and wont work
Am I missing something here
 
 
 
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login local local
aaa authentication login no_tacacs enable
aaa authentication ppp default if-needed group tacacs+
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
 
 
 
line con0 
line authentication no_tacacs




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47290t=46932
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: authentication and router [7:46932]

[Blair, Philip S]

At the password prompt, if you enter your configured enable password you get
access?

Sounds like it's working as you have it configured, how did you want it to
work?

Philip

-Original Message-
From: GEORGE [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 5:37 PM
To: [EMAIL PROTECTED]
Subject: authentication and router [7:46932]


I just configured my router to authenticate with cisco secure every
works ok, except if I try to
Console I get a password promt, and I stop cisco secure I get a password
promt
Now I tried to enter my enable password and wont work
Am I missing something here
 
 
 
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login local local
aaa authentication login no_tacacs enable
aaa authentication ppp default if-needed group tacacs+
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
 
 
 
line con0 
line authentication no_tacacs




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=47096t=46932
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Let the flamin' begin....dumbass beginner question [7:43772]

[Blair, Philip S]

Use PPP or HDLC encapsulation on each end.

PPP  PPP
or 
HDLC  HDLC

On the router with the DCE end of the cable set the clock rate.

interface serial 0
 encap ppp
 ip address 10.1.1.1 255.255.255.252
 clock rate 64000

For more detail see:

http://www.cisco.com/warp/public/116/ppp_back.html

Everyone was a beginner once :)

Later

-Original Message-
From: mark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 09, 2002 1:19 PM
To: [EMAIL PROTECTED]
Subject: Let the flamin' begindumbass beginner question [7:43759]


I originally configured and maintain several Cisco routers at work so I'm
not a TOTAL dumbass when it comes to routers but I sure do feel like one
about now.
I have a couple of 2500's and a 2600 router with a couple of back to back
cables. I'm not doing something correctly to allow the units to talk to each
other using those cables. I can telnet into each router or connect via
console connection and all are working. The green lights come on the serial
connections when the b to b cables are plugged in but I can't for the life
of me get them to talk to each other. Can't ping from one serial port on
subnet A thru the b-to-b cable to the serial port on the other router on the
same subnet on any of the routers. I have checked and rechecked ip info on
all. I have tried frame-relay and PPP (which I would NOT trust my
configuraion of but I do know frame OK - or at least I thought I did). I
have RIP and EIGRP enabled on all and have them redistributing. I have tried
the DCE and the DTE at each end. This is what maybe the particularly dumbass
question - Do I need to set a clock rate or data rate for a frame connection
using these cables? If so the commands required would be helpful. I can look
at the options available. I just need to know where to start with them. If
it's not a clock rate issue, have I given enough info for anyone to give me
an educated guess as to what I'm doing wrong? If not, what other info can I
provide?
Muchas gracias.

Mark Gump




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43772t=43772
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: IPX Traceroute [7:43327]

[Blair, Philip S]

If SWITCH1 is a layer two device, then RTR-1 and RTR-3 should be on the same
IPX Network (either 1c10 or 1100).  Of course I could be misinterupting the
ASCII art.

Philip

-Original Message-
From: Arjun Das [mailto:[EMAIL PROTECTED]]
Sent: Sunday, May 05, 2002 4:55 AM
To: [EMAIL PROTECTED]
Subject: IPX Traceroute [7:43327]


Dear Group Members,

This is my first message please accept apologies
for any mistakes.  However, I seek help for the
following problem.

Here is the setup!


  IPX Network: 100
  ---|--|---
 |  |
   RTR-1   RTR-AL
  / /   |(1c10)
 / /|
   (1120)/ /   SWITCH1
/ / |
   / /(1210)|  (1100)
RTR-2  RTR-3

Problem:

IPX routing is enabled on all the routers.  I can ping
(IPX) RTR-AL from RTR-3 but can not perform
TRACEROUTE?  Any help will be much appreciated? 


Output from ROUTER-3 (RTR-3)
---
RTR-3#
RTR-3#ping 100..0c3d.d1eb
Translating 100..0c3d.d1eb

Type escape sequence to abort.
Sending 5, 100-byte IPX Novell Echoes to
100..0c3d.d1eb, timeout is 2 seconds:
!
Success rate is 100 percent (5/5), round-trip
min/avg/max = 32/35/44 ms
RTR-3#
RTR-3#
RTR-3#traceroute ipx 100..0c3d.d1eb

Type escape sequence to abort.
Tracing the route to 100..0c3d.d1eb

  0  *  *  *
  1  *  *  *
  2  *  *  *
  3  *  *  *

 ... tracing the route using Diagnostic Requests
  4  *  *  *
RTR-3#

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43386t=43327
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ip route statement [7:43001]

[Blair, Philip S]

How a Null route can prevent a routing loop.

If you have, for example, 4 networks behind you router.

10.1.0.0\24
10.1.1.0\24
10.1.2.0\24
10.1.3.0\24

And to reduce the size of the routing tables in the upstream routers you
summarize those networks to one network.

10.1.0.0\26

and you have a default route point to the upstream router.

All is good, until you lose one of your networks.

Now you don't have 10.1.2.0\24 in your routing table, **^$#!
So you send it to the upstream router, your gateway of last resort.
The upstream router has your summary route so the packet is routed back to
you, %^$^%^%*!
And around it goes...

In come the null route to save the day.
Add a null route to your summary address and when you have the route in your
routing table, more specific prefix, you route it accordingly.  However,
when a more specific route disappears packets destined to the missing route
will match the null route, thus stopping the loop.

Hope that explains at least one case.

Philip

-Original Message-
From: Chuck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 01, 2002 10:18 PM
To: [EMAIL PROTECTED]
Subject: Re: ip route statement [7:43001]


can you provide an example of what circumstance might require the use of a
null route to prevent a loop? My lack of imagination is preventing me from
deriving my own example.




Ladrach, Daniel E.  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 The Null interface is typically used for preventing routing loops.

 Daniel Ladrach
 CCNA, CCNP
 WorldCom


  -Original Message-
  From: Stanfast Preye [mailto:[EMAIL PROTECTED]]
  Sent: Wednesday, May 01, 2002 2:34 PM
  To: [EMAIL PROTECTED]
  Subject: ip route statement [7:43001]
 
 
  Dear Group,
 
  Why is it necessary to configure all routers in a network
  with ip route
  xxx.xxx.xxx.xxx null 0 statement before implementing
  migrating to a new IP
  address scheme and DHCP service in the network.
 
  Somebody please help
 
  Regards,
 
  Preye.
 
 
 
 
 
 
 
  -
  Do You Yahoo!?
  Yahoo! Tax Center - online filing with TurboTax




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43123t=43001
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN dial problem [7:43071]

[Blair, Philip S]

Can you share the config?

If you have only a group-async interface defined with the modem lines, you
may need to define a dialer intreface to pickup the ISDN calls.

Philip

-Original Message-
From: supernet [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 01, 2002 10:30 PM
To: [EMAIL PROTECTED]
Subject: ISDN dial problem [7:43071]


Hi Dear Friends,
 
We have a Cisco 5300 as RAS router. It has PRI and digital modems.
Regular modem users dial the number no problem, they can always get
connected. But ISDN users (Cisco 1604 router) couldn't make a
connection. On 1604 router, it says carrier wait timeout. We suspect
that it's LEC problem but they insist everything is good on their side.
What seems to be the problem?
 
Thanks a lot.
 
Yoshi




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43133t=43071
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Urgent help Please! [7:43084]

[Blair, Philip S]

Type 7 passwords are easily decrypted.  Type 5 (enable) are not.

If you have physical access to the box then you can perform password
recovery via the console, see the cisco website for the specifics for your
router.

If you have SNMP read/write access your can download the config, make the
change, then push it back.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 02, 2002 12:19 AM
To: [EMAIL PROTECTED]
Subject: Urgent help Please! [7:43084]


Hi ! All,

Can any one please break this password?

enable secret 5 $1$rMrT$blzJIo4ZyCBfJkvu2CP/Z1

Thanks in advance.

===
WARNING
 This message may contain information that is confidential
 and may be subject to the provisions of section 61A of the
 Police Act 1958, which creates an offence to have unlawful
 possession of Police documents. If you are not the
 intended recipient of this message or have received
 this message in error, you must not peruse, use, pass or
 copy this message or any of its contents.

 Also note, the views expressed in this message may not
 necessarily reflect those of the New Zealand Police.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=43129t=43084
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ISDN dial [7:42884]

[Blair, Philip S]

You can define multiple dialer string under the interface.

The latest version of IOS 12.2T gives you greater control when using
multiple dialer strings.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
t/122t8/ftrotdls.htm

(watch for line wrap)

Philip

-Original Message-
From: Michalis Palis [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 30, 2002 8:52 AM
To: 
Subject: ISDN dial [7:42884]


Hello all.

I have a customer who wants a router to dial  (ISDN)
to another destination in case the fist destination
fails to answer ( no answer, busy etc). How can I do
it using a Cisco router?

I will appreciate your help.

__
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42893t=42884
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OSPF over ISDN demand circuit [7:42348]

[Blair, Philip S]

Are you trying the setup the circuit to use Dial on Demand Routing (DDR),
such that that circuit only comes up when needed then disconnects? If so,
what are you implementing?

backup interface?
floating static?
dialer watch?

Depending on your implementation of DDR you need to adjust your interesting
traffic (dialer-list).

Philip

-Original Message-
From: Ruihai An [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 23, 2002 2:18 PM
To: 
Subject: OSPF over ISDN demand circuit [7:42348]


Hi, Group,

On an ISDN circuit running ospf , if I want to use ip ospf demand-circuit
to keep it from being brought up by ospf update, do I need to define
224.0.0.5 as non-interesting traffic in dialer-list?

I have configured ip ospf demand-circuit  on one side of the ISDN, but
routing update to 224.0.0.5 keeps activating the circuit?  What is the
problem?

Thanks

Ruihai




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42363t=42348
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Using a Router to redirect IP traffic [7:42217]

[Blair, Philip S]

Not that I'm advocating it, but whether or not it could be done depends.

From a high level, you could define some static network address translations
(NAT) that map your old address to your new addresses.

The depends part comes now, your router would need to be positioned such
that the old addresses would be routed to it.  And I believe the second
interface would need to be on a separate subnet.  NAT requires an inside and
an outside interface and those interface need to be on separate subnets.

Better solutions..
Adjust the TTL on the DNS records for the web servers to stop DNS records
from being cached.  Then change the DNS record during the move.  Sound like
you don't like that option.

How about leaving a reverse-proxy or just a http server with a redirect at
the old ip address for some time.



-Original Message-
From: Trevor Jennings [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 9:16 AM
To: [EMAIL PROTECTED]
Subject: OT: Using a Router to redirect IP traffic [7:42217]


Hello,

 Where I work, we have a number of servers being co-located at one
location and are planning on moving those servers to another co-location
provider soon. My boss asked me why we could not, when we move the
servers, just place a router at the original ISP to redirect all traffic
from the original ip's to the new ip's rather than having duplicate
servers or adjusting the DNS at the same time. I told him that I wasnt
sure whether it was possible and was told by a friend that its not
really possible to do that. Can anyone confirm that or rather explain why
that is not possible? My Boss's theory was that we would have a router
with 2 ethernet ports and redirect the original ip's to the new ip's
through the second ethernet. 

Cheers,

 - Trevor




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42234t=42217
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: How to disable error logging on serial interface? [7:42215]

[Blair, Philip S]

If it is logging to a SNMP manager try:

int ser 2
no snmp trap link-status

-Original Message-
From: Love Cisco [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 5:53 AM
To: [EMAIL PROTECTED]
Subject: How to disable error logging on serial interface? [7:42215]


Hi, everyone
I want disable error logging on serial 2 interface.
I tried no logging event link-status on serial 2 interface. But it does not
work. If you know how. Please let me know.

Many thanks

Kevin




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=42235t=42215
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: output buffers swapped out [7:41985]

[Blair, Philip S]

Take a look at:
http://www.cisco.com/warp/public/784/packet/oct99/pdfs/p70-troubleshooting.p
df

It may help explain when the counter gets bumped.

Philip

-Original Message-
From: Pierre-Alex Guanel [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 19, 2002 1:57 PM
To: [EMAIL PROTECTED]
Subject: output buffers swapped out [7:41985]


(resent)

Can't find any explanation on CCO about output buffers swapped out
(Ethernet interface)

Any one has a definition of what it is and what could cause  146399903
output buffers swapped out on an Ethernet interface?

thank you,

Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41995t=41985
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Connecting printer through Cisco Routers [7:41473]

[Blair, Philip S]

My interpretation of the question may be incorrect but it sounds like your
looking to extend a RS-232 connection across your router network? 

PC- RS-232- Router- Net- Router- RS-232- Printer

I assume in theory you could use STUN (serial tunneling), but throw in the
fact that you want to use the console port and things become a little more
difficult.

Philip

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Monday, April 15, 2002 5:04 AM
To: [EMAIL PROTECTED]
Subject: Connecting printer through Cisco Routers [7:41473]


Hi Guys
I have a strange problem.
I have to carry a printer  a different location ( The PC connected to
printer is not  moving , only printer)
The printer must be connected to RS 232 Port of the PC.
So  I will have to carry RS232 signals through Cisco Router.
I mean PC connected to serial port of router and Printer will connect to
the other router s serial port.

Anybody tried this or has an idea ?

Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41494t=41473
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Dialer profile vs. rotary group? [7:41271]

[Blair, Philip S]

Legacy Dial
One Physical w/Dial

Rotary Groups
Multiple Physical Interfaces, One dialer Interface

Dialer Pools
Multiple Physical Interfaces, Multiple Dialer Interface

Dialer pool expands on the rotary concept by allowing a physical interface
to belong to multiple pools, the dialer interface can then reference the
pool of physical interfaces or multiple pools.

Philip

-Original Message-
From: Sean Knox [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 2:15 AM
To: [EMAIL PROTECTED]
Subject: Dialer profile vs. rotary group? [7:41271]


Hey all,

I am confused by the difference(s) between dialer profiles and
rotary
groups. All the text I've read seems rather convoluted - physical interfaces
can only be in one rotary group but can exist in many different dialer pools
(if using dialer profiles)? Is that the main difference? Rotary groups seem
to be an outdated configuration solution. Someone please point me in the
right direction...

Sean




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41335t=41271
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: New CCNP Exam [7:40967]

[philip lee]

What is the major change. Anybody?
- Original Message -
From: Matthew Meiers 
To: 
Sent: Tuesday, April 09, 2002 5:31 PM
Subject: RE: New CCNP Exam [7:40967]


 It appears to be soon.  Cisco is already listing the old 500 series
 exams as no longer applicable on the tracking page.

 -Original Message-
 From: Tony Chen [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, April 09, 2002 3:48 PM
 To: [EMAIL PROTECTED]
 Subject: New CCNP Exam [7:40967]

 Cisco has finished the beta testing to CCNP exams.  Does anyone know
 when
 are they going to roll out and replace the current CCNP 2.0?

 Tony


 ***
 This message is a private communication.  If you are not the intended
 recipient, please do not read, copy, or use it, and do not disclose it
 to others.  Please notify the sender of the delivery error by replying
 to this message, and then delete it from your system.  Thank you.


 -
 Visit http://www.ballfoundation.org for our latest news.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=41024t=40967
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Boson test help [7:40829]

[philip lee]

Hello all,



I schedule myself to take the new CCNA exam next week, could someone let me
know should I buy all three Boson exams or just the #1 exam is good enough
for
the new version.





Thanks

Philip




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=40829t=40829
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: frame relay question [7:34090]

[Philip Palanchi]

The bandwidth on the hub router's frame interface in a pure multipoint
topology should be the CIR x the number of PVC's.

Yatou Wu  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi,

 if there are one central site and three remote sites. all the remote sites
 need to connect to the central site. now I need to decide the access
circuit
 and port speed for the central site. the CIR requirement are following:

 Remote site A: 14M
 Remote site B: 14M
 Remote site C: 14M

 how many T3 access Circuits and ports are needed for the central sites?

 any advise is highly appreciated!

 yatou


 _
 Join the worlds largest e-mail service with MSN Hotmail.
 http://www.hotmail.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=34109t=34090
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: OSPF Startup questions [7:33711]

[Philip Palanchi]

Another resource for this would be RFC2178.

Cebuano  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Thanks all for the different insights. Being in a teaching environment,
 these are just what i need to be able to explain the behavior/process in
 easier-to-digest terms.

 Elmer

 - Original Message -
 From: Priscilla Oppenheimer
 To:
 Sent: Wednesday, January 30, 2002 5:33 PM
 Subject: Re: OSPF Startup questions [7:33711]


  At 12:41 PM 1/30/02, Cebuano wrote:
  i would think that regardless if there's a new
  router with a higher RID that comes on line, the DR/BDR
  should be the default MASTER to initiate the exchange
  since he's got all the topology/links info in the area, except
  of course for scenarios where there is no DR/BDR.
 
  Both neighbors have information to send. The master/slave business is
just
  a temporary relationship to allow the neighbors to exchange their
  information in a reliable fashion. There's no real reason for one router
  instead of the other to become the master. Remember that protocol design
 is
  modular. You should keep the database synchronization process separate
 from
  the DR/BDR election.
 
  The synchronization process is the first step in the adjacency-building
  process. Each router describes its database by sending a sequence of
  database description packets to its neighbor.
 
  Each database description packet has a sequence number. Database
  description packets sent by the master (polls) are acknowledged by the
  slave through echoing of the sequence number. Both polls and their
  responses contain summaries of link-state data. The master is the only
one
  allowed to retransmit database description packets.
 
  The OSPF protocol developers could have chosen some other method to
ensure
  reliability, such as opening a TCP session or inventing a client/server
  protocol with the DR acting as the server on networks that have a DR.
  Instead they invented a master/slave protocol. It's just how they
decided
  to implement it. If you think about it, you can see that their method
has
  some advantages. If you were in a computer science protocol development
  class, you could write an essay on why their method is best. As a CCIE
  candidate, however, I'm tempted to say, why ask why? ;-)
 
  Priscilla
 
 
  Elmer
  - Original Message -
  From: Rogell, Dennis
  To: 'Cebuano'
  Sent: Wednesday, January 30, 2002 12:19 PM
  Subject: RE: OSPF Startup questions [7:33711]
  
  
You can make the Dr the higher rid , and the answer to 3 is it looks
 at
sequence numbers not timestamps.If the information it receives is
the
  same
but the sequence number is greater that will be entered into ls
 database.
   
hth
   
Dennis Rogell CNE, CCNP
nextiraone
Formally Milgo Solutions
Email : [EMAIL PROTECTED]
Phone: (954) 846-5128
   
 -Original Message-
 From: Cebuano [SMTP:[EMAIL PROTECTED]]
 Sent: Wednesday, January 30, 2002 08:38
 To: [EMAIL PROTECTED]
 Subject: OSPF Startup questions [7:33711]

 Hi, group.
 I have a few questions to iron out regarding OSPF startup.

 1. EXSTART - master/slave is created between each router and its
  adjacent
 DR/BDR.
 Q: But this election on who the master will be is mute
because
  the
 router with the higher RID (thus) the DR/BDR acts as the master,
 right?
  If
 not, shouldn't the DR act as the master anyway since he ( or she)
is
  the
 central distribution point for the area's topology?

 2. LOADING - slave router sends an LS request if the master's DBD
 has a
 more
 up-to-date link-state entry.
 Q: up-to-date meaning timestamps?? But...what if there's no
 NTP
 server
 to synchronize them?

 Thanks.
 Elmer
  
 
  Priscilla Oppenheimer
  http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=33857t=33711
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PIX with no NAT [7:31353]

[Philip Sousa]

I've been on Cisco's site for hours, but cannot find a conclusive answer to
my question.  When you disable NAT (NAT 0) to allow the use of public IP's
behind the PIX, are the internal nodes allowed to start outbound connections
by default??  I need to selectively allow nodes behind the firewall to start
outbound connections on certain porthow should I accomplish this? 
Access-lists?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=31353t=31353
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: ATM circuit [7:28774]

[Philip Jache]

What is the new book?

Philip Jache


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=28801t=28774
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ACL Gurus [7:27361]

[Philip Palanchi]

Try enabling the interface configuration command ip accounting
access-violations.
This will log source/destination pairs which fail the access-list on the
interface.

Scott Nawalaniec  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hi Anil,

 To the best of my knowledge and without looking it up at www.cisco.com, I
 think if you put log on the end an access-list statement it will send the
 log to the syslog server. I don't know if that is true in all cases. I
like
 to keep my routers streamed lined.ie unnecessary services and buffers
 turned off=)

 OUTPUT from show log:
 Admin_3662#sh log
 Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
 Console logging: level debugging, 723 messages logged
 Monitor logging: level debugging, 0 messages logged
 Buffer logging: disabled
 Trap logging: level debugging, 727 message lines logged
 Logging to X.X.X.X, 727 message lines logged

 HTH,

 Scott

 -Original Message-
 From: anil [mailto:[EMAIL PROTECTED]]
 Sent: Friday, December 07, 2001 12:58 PM
 To: Scott Nawalaniec
 Subject: RE: ACL Gurus [7:27361]


 Scott, If I add an access list with [log] at the end, can I expect to see
 the log by typing:
 show log
 At the moment I see nothing.
 I am trying to catch snmp traffic, using snmpwalk.
 port 161, 162.

 If I do debug snmp packets then I can see some logs.
 Many thanks
 -Anil





 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Scott Nawalaniec
 Sent: Tuesday, November 27, 2001 5:41 PM
 To: [EMAIL PROTECTED]
 Subject: RE: ACL Gurus [7:27361]


 Thanx for the info and the verification.

 Scott

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]
 Sent: Monday, November 26, 2001 7:25 PM
 To: [EMAIL PROTECTED]
 Subject: RE: ACL Gurus [7:27361]


 My understanding is ICMP is not a subset of IP or anything with IP
 protocol.
 ICMP and IP both work at the network layer and are separate protocols.
 Bzzt.  You are the weakest link.  Goodbye ;-)

 ICMP is IP protocol 1 (TCP is 6, UDP is 17).  ICMP stands for Internet
 Control Message Protocol, which is a bit of a hint that it might be
related
 to IP (although hardly strong evidence).  According to TCP/IP Illustrated
 (Stevens); ICMP is often considered part of the IP layer, so you're
 correct there, but ICMP messages are transmitted within IP datagrams, so
 your permit ip any any will permit ICMP.
 And anyway, I use permit ip any any to define interesting traffic on
some
 dialup links, and I can bring up the links with a well-directed ping.  So
I
 know IP includes ICMP ;-)

 JMcL
 - Forwarded by Jenny Mcleod/NSO/CSDA on 27/11/2001 02:09 pm -



 Scott
 Nawalaniec  To:
 [EMAIL PROTECTED]
 Subject: RE: ACL Gurus
 [7:27361]
 Sent
 by:

 nobody@groups

 tudy.com





 27/11/2001
 11:29
 am

 Please
 respond
 to

 Scott

 Nawalaniec








 Hello,

 Good call on the access-list 101 permit icmp x.x.54.0 0.0.1.255 any echo
 (equivalent to your
 two lines)

 My understanding is ICMP is not a subset of IP or anything with IP
 protocol.
 ICMP and IP both work at the network layer and are separate protocols. So
 you would not need the access-list 102 deny icmp any any  (may as well
 block all other icmp) or access-list 102 deny icmp any any  (may as well
 block all other icmp) because the implicit deny at the end should take
 care
 of dropping the unwanted protocols. Please correct me if I am wrong.

 What about udp and tcp protocols? The implicit deny would drop all
 protocols
 at the end.

 Scott

 -Original Message-
 From: Gaz [mailto:[EMAIL PROTECTED]]
 Sent: Monday, November 26, 2001 3:56 PM
 To: [EMAIL PROTECTED]
 Subject: Re: ACL Gurus [7:27361]


 My view/guestimation only here, so anyone is welcome to pick holes in it:

 I would apply 101 (the outgoing access list to the ethernet port). May as
 well drop the rubbish before the router processes it.
 I would also make it:

 access-list 101 permit icmp x.x.54.0 0.0.1.255 any echo  (equivalent to
 your
 two lines)
 access-list 101 deny icmp any any (denies all other icmp, otherwise your
 next line allowed everything including icmp)
 access-list 101 permit ip any any

 I would apply 102 as you have on the serial interface, with slight change.

 access-list 102 permit icmp any any echo-reply  (presumably as you allowed
 echo outgoing, you want the replies)
 access-list 102 deny icmp any any  (may as well block all other icmp)
 access-list 102 permit ip any any

 Of course this is just fictional to control icmp only.
 I've changed it about 4 times, so I've no doubt it could take some more
 changes.

 Regards,

 Gaz


 Matthew Tayler  wrote in message
 [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
  Ok I am a little confused here, but
 
  1. What does access-list 101 actually deny ?
  2. If you 

RE: CCBootcamp: CCIE Written Qualifier 3-Day BootCamp [7:25404]

[Philip Jache]

I would give this bootcamp a big A+. I attended the first session, Dennis is
a great instructor and the book follows the test perfectly.

Philip Jache
Sports Illustrated


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=25748t=25404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: New York Study Group [7:23580]

[Philip Jache]

We could start one. 

Philip Jache
Sports Illustrated
135 West 50th Street
New York, NY 10020


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=23596t=23580
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: More fun with Access Lists [7:20477]

[Philip Jache]

Very nice Dennis, they are the same

access-list 10 deny 192.168.100.128 to  192.168.100.255
access list 10 deny 192.168.100.112 to  192.168.100.127 
access-list 10 deny 192.168.100.104 to  192.168.100.111
access-list 10 deny 192.168.100.100 to  192.168.100.103
access-list 10 permit any any 

or

access-list 10 deny 192.168.100.100 to 192.168.100.255 (0.0.0.155)
access-list 10 permit any any 

vs.

access-list 10 permit 192.168.100.0  to 192.168.100.63
access-list 10 permit 192.168.100.64 to 192.168.100.95
access-list 10 permit 192.168.100.96 to 192.168.100.99
access-list 10 deny 192.168.100.0to 192.168.100.255
access-list 10 permit any any 

or
 
access-list 10 permit 192.168.100.0 to 192.168.100.99
access-list 10 deny   192.168.100.0 to 192.168.100.255
access-list 10 permit any any 


Phil



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20479t=20477
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: OT - CCIE Written class - it worked [7:20056]

[Philip Jache]

As one of the students in this session my advice to anyone planning on
taking the CCIE Written exam is, TAKE THIS CLASS. This is a well thought out
course that fills in the gaps, the emphasis is on material you will not have
seen preparing for the CCNA-CCNP exams. The book is well written and Dennis
is a great instructor. I can not overstate how great this was.

Philip Jache
Sports Illustrated



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20059t=20056
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Question about split horizon IPX [7:19232]

[Philip Jache]

you can't disable split horizon for IPX RIP.

Phil


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19237t=19232
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: CID Exam--How difficult????????? [7:17497]

[Philip Jache]

Your book is fine, give it a fast read including the appendix. Not a lot of
design questions on the test. A good solid cross section of everything is on
the test. I took it on July 24th, 755 was passing at that time. Review SNA
and the Stratosphere line. Good luck
Phil 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=17500t=17497
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Why Should the Binary Math Method Be Used to S [7:15552]

[Philip Jache]

Loved your design book
Phil


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=15583t=15552
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IGRP [7:7966]

[Philip Barker]

IGRP is a distance vector routing protocol whereby the RIB is sent on a
regular basis.
There isn't a database to my knowledge as you find with OSPF and EIGRP.

Phil.
- Original Message -
From: Lupi, Guy 
To: 
Sent: Monday, June 11, 2001 2:03 PM
Subject: IGRP [7:7966]


 I set up IGRP in a lab this weekend, studying up on the earlier protocols.
 What I need to know is, how would I go about seeing all the routes in the
 database so I can determine what routes the router is seeing in addition
to
 what is in the routing table?  I could not find a show ip igrp database
or
 anything similar.  I ended up having to set the variance to the maximum
 (128), looking at all the routes and their corresponding metrics, and then
 setting the variance command again to install only those routes I wanted.
 Thanks in advance for any help.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7973t=7966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: IGRP [7:7966]

[Philip Barker]

I havn't seen 'sh ip rip database' .

What IOS are you running with ?

Phil.
- Original Message -
From: Lupi, Guy 
To: 'Philip Barker' ;

Sent: Monday, June 11, 2001 3:37 PM
Subject: RE: IGRP [7:7966]


 I know that the RIB is sent on a regular basis, but even RIP has a show
ip
 rip database that will show you routes that the router has seen but did
not
 install in the table.  I am looking for a command that will do something
 similar to this.  I cannot find one in any documentation that I have, I
was
 hoping that someone else has also encountered this.  It is very possible
 that the command does not exist, but I was hoping that is not the case.

 -Original Message-
 From: Philip Barker [mailto:[EMAIL PROTECTED]]
 Sent: Monday, June 11, 2001 10:19 AM
 To: Lupi, Guy; [EMAIL PROTECTED]
 Subject: Re: IGRP [7:7966]


 IGRP is a distance vector routing protocol whereby the RIB is sent on a
 regular basis.
 There isn't a database to my knowledge as you find with OSPF and EIGRP.

 Phil.
 - Original Message -
 From: Lupi, Guy 
 To: 
 Sent: Monday, June 11, 2001 2:03 PM
 Subject: IGRP [7:7966]


  I set up IGRP in a lab this weekend, studying up on the earlier
protocols.
  What I need to know is, how would I go about seeing all the routes in
the
  database so I can determine what routes the router is seeing in addition
 to
  what is in the routing table?  I could not find a show ip igrp
database
 or
  anything similar.  I ended up having to set the variance to the maximum
  (128), looking at all the routes and their corresponding metrics, and
then
  setting the variance command again to install only those routes I
wanted.
  Thanks in advance for any help.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7977t=7966
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Transparent Bridging ? [7:7126]

[Philip Barker]

Thanks for the excellent answer Rick. I now have it hammered down. PS : for
all those who spotted my Gaff, I was on different networks at either end.
Blush.

Regards,

Phil.

- Original Message -
From: Rick Seiler 
To: 
Sent: Tuesday, June 05, 2001 1:04 AM
Subject: RE: Transparent Bridging ? [7:7126]


 OK, more than you ever wanted to know...

 The setup of the PCs is really no different than if they are on the same
 hub, switch vlan, or directly connected via a twist cable. The
configuration
 of the PCs has to be done in one of two ways:

 1. Set the PCs to the same ip subnet and mask (the default gateway doesn't
 matter, it won't be used).

 2. Set the PCs to entirely different ip subnets (or the same, as long as
the
 ip address is not identical or a broadcast address) and set the default
 gateway the same as the ip address.

 First Option:
 -

 Set the PCs to the same ip subnet and mask (the default gateway doesn't
 matter, it won't be used).

 For example:

 PC#1:
 IP: 10.100.1.20
 MASK: 255.255.255.0
 GW: 0.0.0.0 (or blank, depending on OS)

 PC#2:
 IP: 10.100.1.21
 MASK: 255.255.255.0
 GW: 0.0.0.0

 The reason the default gateway doesn't matter is because both PC's are on
 the same IP subnet.  The default gateway is only used if you try to
 communicate (ping) an ip subnet that is not local to the PC.

 On PC#1, ping your loopback (ping localhost on Windows),
 then ping your interface (ping 10.100.1.20) see above,
 then ping the other PC (ping 10.100.1.21).

 The reason for pinging your loopback and your own interface is to verify
 that your IP stack is functioning and configured properly before you blame
 the 'network'.

 Since the two PCs don't actually use the IP addresses to communicate, you
 can see what is actually going on by typing 'arp -a' in Windows to see the
 local ARP cache.  You should see the IP address of PC#2 (10.100.1.21) and
 the MAC address.  When you typed 'ping 10.100.1.21' on PC#1 (above), PC#1
 actually:

 a. Sent an ARP request on the wire (you will see this on your sniffer)
 looking for the MAC address that answers to IP address 10.100.1.21.

 b. Provided only one machine on this segment (hub, switch vlan, etc.) is
 configured with this IP address, PC#2 will be the only PC to answer that
ARP
 request.

 c. PC#1 will populate its local ARP cache with the IP address to MAC
address
 mapping

 d. All communication with PC#2 will be with the MAC Address of PC#2 (not
the
 IP Address).  The reason for the IP address is to make it easier for
humans
 to manage device addressing, the computers use only layer 1 (the cabling,
 hub) and layer 2 (mac address, bridge) to send information to each other.

 This is why you cannot ping an IP address on a different subnet
 (192.168.255.1 for example).  The PC will try to use a default gateway to
 get there, which isn't configured and doesn't exist.


 To illustrate this point a little better, let me explain the second option
 for configuring the PCs:

 Second Option:
 --

 Set the PCs to entirely different ip subnets (or the same, as long as the
ip
 address is not identical or a broadcast address) and set the default
gateway
 the same as the ip address.

 For example:

 PC#1:
 IP: 192.168.255.26
 MASK: 255.255.255.0
 GW: 192.168.255.26

 PC#2:
 IP: 10.1.50.201
 MASK: 255.0.0.0
 GW: 10.1.50.201

 Notice that the IP address and default gateway are identical on each
 individual PC.

 Now, why would you ever do this?  To illustrate a point.  If you would
ping
 PC#2 (10.1.50.201) from PC#1 (192.168.255.26), it will work!!! (Assuming
you
 started by verifying that you could ping localhost and your own
interface).

 Why does this work?  Because, by setting the ip address and default
gateway
 the same, you tell the PC to ARP for everything.  Even though the two PCs
 are configured on different IP subnets, the PCs don't care because they
 really use their MAC addresses to communicate. So, PC#1 sends and arp
 request for 10.1.50.201 on the wire and PC#2 responds, PC#1 adds the MAC
 address to its ARP cache and will send all further IP packets destined for
 10.1.50.201 to the MAC address of PC#2.


 Does this clear anything up?  Here are sample configs for your two
routers:

 R1
 --

 ! the following line is NOT necessary if you don't put ip addresses
 ! on the individual interfaces, like this config
 !
 no ip routing
 !
 interface ethernet0
   no ip address
   bridge-group 1
   no shut
 !
 interface serial0
   desc DCE
   no ip address
   clockrate 56000
   bridge-group 1
   no shut
 !
 bridge 1 protocol ieee
 !
 end


 R2
 --

 ! the following line is NOT necessary if you don't put ip addresses
 ! on the individual interfaces, like this config
 !
 no ip routing
 !
 interface ethernet0
   no ip address
   bridge-group 1
   no shut
 !
 interface serial0
   desc DTE
   no ip address
   bridge-group 1
   no shut
 !
 bridge 1 protocol ieee
 !
 end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7317t=7126

Re: Cisco May Bid for Marconi [7:7024]

[Philip Barker]

Natasha,
 Marconi are making no comment citing that the top execs are in
Atlanta at a trade show 
My own personal thought would be that the Marconi execs would have issued a
statement if their was
NO truth in the matter, since Marconi shares are up 6% today on this rumour.

Q: What have Marconi got that Cisco want ?
A: Strong European foothold.

Regards,

Phil.

- Original Message -
From: Natasha 
To: 
Sent: Monday, June 04, 2001 3:52 AM
Subject: Cisco May Bid for Marconi [7:7024]


 London, June 3 (Bloomberg) -- Cisco Systems Inc. may make a 12 billion
 pound ($17 billion) bid for the U.K.'s Marconi Plc to increase sales in
 Europe, Sunday Business reported, citing unidentified industry sources.

http://www.bloomberg.com/fgcgi.cgi?T=marketsquote99_news.hts=AOxpdARUzQ2lzY
28g

 Does anybody know anything about this?
 Thanks

 --
 Natasha Flazynski
 CCNA, MCSE
 http://www.ciscobot.com
 My Cisco information site.
 http://www.botbuilders.com
 Artificial Intelligence and Linux development
 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7055t=7024
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Transparent Bridging ? [7:7126]

[Philip Barker]

Hi Group,
I vill say ziss only vonce.

Okay, its my second attempt at trying to work out how I can bridge IP across
to 2500's.

I have 2 2500's configured with no ip routing. 2 PC's are connected at
either end, i.e one to bridge 1
and one to bridge 2. I have a sniffer on both PC's. I am attempting to ping
from one PC to the other.
IEEE spanning tree is applied on both bridges. The bridges are connected via
a
serial cable and the serial
ports of the bridges as well as the Ethernet ports are in bridge group 1.

I have verified spanning tree operation and one of the serial ports has been
elected root port on bridge 1,
the other bridge is the designated bridge. Ref : Radia Perlman,
Interconnections p.83.
So far so good.

I have configured the PC's with a default gateway to the IP address of each
of
the bridges.
When I attempt to ping from one PC to the other, I can see from my Sniffer
trace that the PC ARP's for
the MAC Address of the bridge, this ARP is successful and the PC then sends
out an ICMP echo request.
This echo request appears to be my problem since the destination MAC address
of this packet contains
the Ethernet Mac address of the local bridge and the local bridge
consequently
disregards the packet.
Should the PC have an ARP entry installed for the destination IP address that
I am pinging ?

Has anyone achieved this scenario ? or am I way off mark with my thinking
here.

The reason I set this LAB up was because so many questions appear to be being
asked at CCIE written level
akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
(RSRB/DLSW+/SRB etc)

Any comments welcome.

Regards,

Phil.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7126t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Transparent Bridging ? [7:7126]

[Philip Barker]

Jeepers,
 Its working, though I'm not convinced as to why !!!
Maybe it was when I swore at the bridges and told them Priscilla was on the
case that they just through the towel in ???

Regards,

Phil.

PS : I'm gonna strip it down now working backwards until I break it again.

- Original Message -
From: Priscilla Oppenheimer 
To: Philip Barker ;

Sent: Monday, June 04, 2001 8:27 PM
Subject: Re: Transparent Bridging ? [7:7126]


 The PC shouldn't ARP for a bridge. A bridge is transparent. It should ARP
 for the end station. Something is weird with addressing and submasks.

 Priscilla

 At 03:22 PM 6/4/01, Philip Barker wrote:
 Hi Group,
  I vill say ziss only vonce.
 
 Okay, its my second attempt at trying to work out how I can bridge IP
across
 to 2500's.
 
 I have 2 2500's configured with no ip routing. 2 PC's are connected at
 either end, i.e one to bridge 1
 and one to bridge 2. I have a sniffer on both PC's. I am attempting to
ping
 from one PC to the other.
 IEEE spanning tree is applied on both bridges. The bridges are connected
via
 a
 serial cable and the serial
 ports of the bridges as well as the Ethernet ports are in bridge group 1.
 
 I have verified spanning tree operation and one of the serial ports has
been
 elected root port on bridge 1,
 the other bridge is the designated bridge. Ref : Radia Perlman,
 Interconnections p.83.
 So far so good.
 
 I have configured the PC's with a default gateway to the IP address of
each
 of
 the bridges.
 When I attempt to ping from one PC to the other, I can see from my
Sniffer
 trace that the PC ARP's for
 the MAC Address of the bridge, this ARP is successful and the PC then
sends
 out an ICMP echo request.
 This echo request appears to be my problem since the destination MAC
address
 of this packet contains
 the Ethernet Mac address of the local bridge and the local bridge
 consequently
 disregards the packet.
 Should the PC have an ARP entry installed for the destination IP address
that
 I am pinging ?
 
 Has anyone achieved this scenario ? or am I way off mark with my thinking
 here.
 
 The reason I set this LAB up was because so many questions appear to be
being
 asked at CCIE written level
 akin to this setup i.e can PC 1 ping PC 2 in similar arrangement using
 (RSRB/DLSW+/SRB etc)
 
 Any comments welcome.
 
 Regards,
 
 Phil.
 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=7146t=7126
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: ethernet jam signal ? [7:5796]

[Philip Barker]

When I wrote the decoder for Chevin Software we attempted to be as
networkingly honest as possible as
to what we saw on the line. I, as a result had endless traces sent to me
from clients who claimed that our
software was buggy when we depicted the jam code 0xAA/0x55 in all its glory
when compared to A.N. OTHER
analysers that did'nt capture this at all and was therefore bug free. I
think that due to these types of support calls
most analyser developers don't show the truth of the matter.

Regards,

Phil.

- Original Message -
From: Priscilla Oppenheimer 
To: 
Sent: Saturday, June 02, 2001 11:05 PM
Subject: Re: ethernet jam signal ? [7:5796]


 At 10:07 AM 6/2/01, E Joseph wrote:
 Priscilla,
What would a the resulting jam look like on a
 sniffer trace??

 If the jam signal is all ones, it would look like 0xFFs on a Sniffer. The
 jam doesn't have to be all ones, though. On old bus coax networks, it was
 actually rare to see the jam because by the time the jam happened the
 clocking was so messed up that the Sniffer had already stopped capturing
 and just reported a runt, CRC error, collision.

 On a network with repeaters (hubs), when the repeater detects a collision
 it sends a 96-bit jam composed of alternating ones and zeros, which would
 look like 0xAAs or 0x55s. That's easier to see.

 A lot of Sniffers don't capture bad frames or runts, so you wouldn't see
 any of these jams in those cases.

 Someone else may have some additional information. It's always been a
 question of mine also whether you can really see jams or not.

 Of course in networks where full-duplex switch ports have replaced hub
 ports, this is no longer relevant.

 Please send messages to the group, not to me. Thanks,

 Priscilla



   Thank You,
Ed
 
 
 
 --- Priscilla Oppenheimer  wrote:
   When a transmitter detects a collision, the
   transmitter continues to send
   the preamble, (if the preamble has not completed),
   and also sends 32
   additional bits, which are called a jam signal. The
   jam signal extends the
   duration of the collision event to ensure that all
   stations hear the
   collision. The contents of the jam can be any
   pattern that is not
   intentionally designed to be the 32-bit CRC value
   corresponding to the
   (partial) frame already transmitted. Most
   implementations send all ones.
  
   Completely sending the preamble and transmitting a
   jam signal guarantees
   that a signal stays on the media long enough for all
   transmitting stations
   involved in the collision to recognize the collision
   and react accordingly.
  
   Priscilla
  
  
   On Thu, 24 May 2001, [EMAIL PROTECTED] wrote:
   
 What is an ethernet a jam signal
  
  
   
  
   Priscilla Oppenheimer
   http://www.priscilla.com
 [EMAIL PROTECTED]
 
 
 __
 Do You Yahoo!?
 Get personalized email addresses from Yahoo! Mail - only $35
 a year!  http://personal.mail.yahoo.com/


 

 Priscilla Oppenheimer
 http://www.priscilla.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6980t=5796
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Transparent Bridging end-to-end ping woes !!! [7:6795]

[Philip Barker]

Hi group,

I have a lab setup with 2 routers connected via a serial link. no ip
routing
is configured on both.
I have 2 w/stations connected to Bridge 1 and Bridge 2 respectively.
The routers are 2500 series and their serial ports and eth ports are in
bridge
group 1.

w/s 1 can ping local eth interface of bridge 1 and can ping serial interface
of bridge 1.
However, w/s 1 cannot ping the remote side of the serial connection to bridge
2.

Bridge 1 can ping serial interface of Bridge 2 and can ping w/s 2, w/2 sends
the reply to bridge 2,
but bridge 2 drops the packet ? debug says not.gateway.

I would appreciate any ideas as I have been stuck on this problem all week.

Regards,

Phil.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=6795t=6795
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CIPT Study Material [7:5404]

[Philip Suen]

Hello,

Does any body can send me material on studying CIPT ?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=5404t=5404
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Advance PIX Configuration Exam

[Philip Neeson]

I Took this exam 5 days after returning from the course in Brussels.  It's
tough and matches the course well. I wouldn't call it 'Advanced Pix', but it
does test how solid your knowledge of the fundamentals is.

You need to know all the regular PIX commands and concepts from 4.x and 5.x
along with Cisco Secure, CBAC, Websense Basically MCNS in more detail!

Philip.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Richie, Nathan
 Sent: 12 January 2001 15:21
 To: [EMAIL PROTECTED]
 Subject: Advance PIX Configuration Exam


 Has anyone taken this exam?  I know it is a part of the security
 track, but
 does it replace the exam # 9E0-559 "Cisco Secure PIX Firewall
 Fundamentals"?
 Is there an exam outline for this exam?

 Thanks,

 Nathan Richie

 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Advice CCIE/CCNP + Security

[Philip Neeson]

Hi Eric,

I'd take a different angle to Brian, I did my CCNP v1, CCDP and then MCNS 
CATM before my drake test.  I had my CVoice booked but time kindof got the
better of me. (That and the new CVoice2 Exam) As a refresher I also covered
the Routing 2  Switching 2 Course Notes/Exams as this gave me a more
confidence and exposure to BGP, Multicasting, MLS etc..

I believe it all helped, yet when I look back probably 60-70% my Drake (CCIE
Written) I answered from experience not the few days worth of study I did
before hand.

It's an individual thing, I found CCprep and Certification.Zone sample Q's
helped me focus my study also.

Thanks,

Philip.


 On Wed, 13 Dec 2000, Eric Gunn wrote:

  Hello,
 
  I just finished my CCNP and originally planned to go right on to the
  Security Exam, wether that be 1 or 4 tests it didn't really
 matter to me.
  However I also planned on starting on the road towards my CCIE
 right away
  as well. Is it worth getting the CCNP Security speciality or would I be
  better served by going on to the CCIE written right away?

 I personally would do the written first.  The CCIE written is not going to
 be focused on security security securityso no sense in having that
 all in your head.  But definitly take the CCNP security.  The lab has
 security, voice and ATM so getting those specializations is a big help.

 Brian

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Protocol Analyzer displaying ARP

[Philip Neeson]

Hi Jeff,

I've just grabbed a trace for you.

http://www.mcgeoch.com/~pneeson/lab/Debugs/Arp.cap

Is this what your after?

Philip.

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Jeff Lodwick
 Sent: 19 October 2000 13:57
 To: [EMAIL PROTECTED]
 Subject: Protocol Analyzer displaying ARP


 Does anybody have an example or know where I can get an example of a
 protocol analyzer output showing information about ARP?  Thanks, Jeff
 Lodwick MCSE/CCNA
 _
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

 Share information about yourself, create your own public profile at
 http://profiles.msn.com.

 _
 FAQ, list archives, and subscription info:
 http://www.groupstudy.com/list/cisco.html
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

PCMCIA Flash Cards.

[Philip Neeson]

Hi Guys,

Does anyone know of a utility that would enable you to copy IOS images
directly onto PCMCIA flash cards from a laptop?

I know the formats are different for the 3600's, SupIII's etc..

Thanks,

Philip.


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

CCIE Written 350-001 - IOS Version

[Philip Neeson]

Hi,

I searched this and other study groups. But can't seem to find an answer.

Can anyone please tell me what in respect to which IOS version the current 
Drake (350-001) is written for.

11.3 or 12.0??

I would expect 12.0 but up until recently even most exams seem to have been 
based around either 11.2 or 11.3

Thanks in advance,

Philip.

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: CBT Training Options

[Hutson, Philip:]

If you're in the states there is a law that stops or reduces sales calls.
Tell them to add you to their do not call list and get a name. Write down
the time and date of the call and who you talked to. After that they pay you
$500 every time they call you. 
-Philip

Date: Mon, 7 Aug 2000 13:27:42 -0700
From: "Bharat Suneja" [EMAIL PROTECTED]
Subject: CBT Training Options (CCNP)

Besides, I think ForeFront (now SmartCertify) sales guys are TOO PUSHY AND
PERSISTENT - they kept calling me repeatedly inspite of the fact that I got
really annoyed with them and clearly asked
them never to call me again and that I'm NOT interested at all in their
product any more.

I write this to the group so that everyone thinks twice before leaving
their
name/address/phone number/e-mail on their web site before downloading the
demos - earlier today I was woken up by the same over-zealous sales guy
from
Forefront and it wasn't the first time grrr   ("Oh, I was
wondering if you're still interested in the CCNA CBT NO, I'M NOT -
REPEAT - NOT INTERESTED IN THE DAMN CCNA CBT FROM YOUR COMPANY.. NOW WHAT
PART OF THAT DON'T YOU UNDERSTAND ???")

The sales tactics used : The list price of the CCNA CBT is $1800, but
they'll give you all kinds of discounts (bring the price down to about
$1200
or so), and if you express your inability to buy an expensive CBT product
(which isn't worth the money, imho, going by the demo I downloaded), they
will try to sell you all kinds of installment plans to sell you the CBT,
throw in freebies (buy CCNA 1.0 now and we'll throw in CCNA 2.0/ICND for
free)... anything to make you buy!

CAVEAT EMPTOR

My $0.02 worth... :-)

Bharat Suneja

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

OT Virtual Rack

[Hutson, Philip:]

Does anybody know what happened to virtualrack.com? It looks like the site
has been down for better than a month.
-Philip

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BCSN book

[anil philip]

Can any one tell me which book is good for BCSN ?

Regds,
Anil


"Shahir Boshra" [EMAIL PROTECTED] wrote:
I just passed BCRAN exam last Thursday, I used CIM, ISDN Access and Exam
Cram "Remote Access", it's a compact book which maps directly with the
course (and exam) outline. Very helpful.
Regards
Shahir Boshra
Telecommunications Specialist
USAID - Egypt

[EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
 Hello group,

 I want to know that which book for BCRAN is good?  Should I use BCRAN by
 cisco press...author: Catherine Paquet
 Or new BCRAN book by Thomasby osborne (i assume) ???

 Please let me know that which book is easy to understand the material?

 Thanks
 Sabeen

 ___
 UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
 FAQ, list archives, and subscription info: http://www.groupstudy.com
 Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
 ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Get free email and a permanent address at http://www.netaddress.com/?N=1

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]