RE: Exam #642-891 BSCN/BCMSN Composite Exam. [7:74077]
Karl, did you find what you were looking for? It is my understanding that the 642-891 is the only test that you need to take to renew both certifications. That is if you are already a NP/DP. According to the Cisco website, you are being tested only on BSCI/BCMSN. Atleast that is my understanding. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74914t=74077 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Exam #642-891 BSCI/BCMSN Composite Exam [7:74915]
Has anyone taking this new composite exam yet? I went and bought both the BSCI/BCMSN books that Cisco recommended for training for this exam, but I'm not finding all the info that I need in there. I see on the blue print that there is a lot of Voice, QoS in the exam, but didn't find any of that in my two books. Am I missing something (and that wouldn't be the first time) or can someone tell me what links that they used to study for these sections. One last thing, was it a hard test? :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74915t=74915 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Exam #642-891 BSCI/BCMSN Composite Exam [7:74915]
I heard it was pretty difficult. I was wondering how they were going to go through all that material in only 55 questions. Thanks for the input! I guess I will have to find some new study material. Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74918t=74915 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Port redirection on a PIX [7:73065]
static (inside,outside) tcp interface ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0 Scott NetEng wrote in message news:[EMAIL PROTECTED] I'm trying to do port redirection on my PIX and here's the example from Cisco. My problem is my outside interface is set for DHCP. How do I change the command to reflect a dynamic outside address? static (inside,outside) tcp 172.18.124.99 ftp 10.1.1.3 ftp netmask 255.255.255.255 0 0 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73067t=73065 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Routers and RSA secureid [7:71715]
Robert, You'll need both CiscoSecure ACS and RSA Secure ID (ServerAgent). I am working with it on a similar project and it works perfectly. Please feel free to email me with any questions. Regards, -Scott Robert Perez wrote in message news:[EMAIL PROTECTED] Anyone know if I Can I use RSA SecureID FOBS to authenticate access to a Router versus using tacacs+ to do the authentication?? So basically the user tries to Telnet to a router to do config changes. I want their ID to be auth'd against an RSA server. | ---+ | Bob Perez | Telecom Administrator | InterCept, Inc. | [EMAIL PROTECTED] | | **Cisco CCNP, CCDP, CSPFA** | -+ | Phone 302.326.0700 x4242 | | Cell 302.420.6883 | ---+- | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71908t=71715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco Routers and RSA secureid [7:71715]
Robert, You'll need both CiscoSecure ACS and RSA Secure ID (ServerAgent). I am working with it on a similar project and it works perfectly. Please feel free to email me with any questions. Regards, -Scott Robert Perez wrote in message news:[EMAIL PROTECTED] Anyone know if I Can I use RSA SecureID FOBS to authenticate access to a Router versus using tacacs+ to do the authentication?? So basically the user tries to Telnet to a router to do config changes. I want their ID to be auth'd against an RSA server. | ---+ | Bob Perez | Telecom Administrator | InterCept, Inc. | [EMAIL PROTECTED] | | **Cisco CCNP, CCDP, CSPFA** | -+ | Phone 302.326.0700 x4242 | | Cell 302.420.6883 | ---+- | Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71806t=71715 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Slightly OT but help needed nevertheless in HyperT [7:70672]
I use Teraterm for my Windowz machines. It's free. http://www.ayera.com/teraterm/ Even does SSH Ver 2. IMHO, a *lot* better than Hypertem. OT: I wonder if Cisco has plans to implement SSH ver 2 client on IOS. Scotty Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] After tinkering with every single option in HyperTerminal on Windows XP and Windows 2000, I have given up on the up arrow. :-) I just use Ctrl-P which seems to work correctly. Of course, another option is different software. SecureCRT is great. I hope someone else has better advice, but to be honest, I think HyperTerminal on newer Windows versions is simply broken in minor ways and there is no better answer!?! Priscilla Cisco Nuts wrote: Hello,Any Windows expert in this group know how I can use my UP Arrow key on my XP laptop to repeat my previous commands using HyperTerminal?Never had a problem in Win95 or NT but on XP when I use my Up Arrow key, it spits out the output of the cmd. right away and lands a @ sign at the prompt.Then, I have to use Ctrl-P keys.Thank you.Sincerely. Here is an example using the UP Arrow key: Core#sh int s0/0^@ Serial0/0 is up, line protocol is up Hardware is PowerQUICC Serial Internet address is 10.2.1.1 255.255.255.252 MTU 1500 bytes, BW 64 Kbit, DLY 2 usec, reliability 255/255, txload 251/255, rxload 251/255 Encapsulation FRAME-RELAY, loopback not set Keepalive set (10 sec) LMI enq sent 93, LMI stat recvd 93, LMI upd recvd 0, DTE LMI up LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 1023 LMI type is CISCO frame relay DTE FR SVC disabled, LAPF state down Broadcast queue 0/64, broadcasts sent/dropped 34/0, interface broadcasts 34 Last input 00:00:00, output 00:00:00, output hang never Last clearing of show interface counters 00:15:29 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: weighted fair Output queue: 0/1000/64/0 (size/max total/threshold/drops) Conversations 0/3/16 (active/max active/max total) Reserved Conversations 1/1 (allocated/max allocated) Available Bandwidth 5 kilobits/sec 30 second input rate 63000 bits/sec, 24 packets/sec 30 second output rate 63000 bits/sec, 24 packets/secCore#^@ Core# MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70672t=70672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RJ48-RJ48 cable [7:70596]
A regular cat5 ethernet cable would work. It used pin 1,2,4,5. Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N Sent: Thursday, June 12, 2003 2:39 PM To: [EMAIL PROTECTED] Subject: RJ48-RJ48 cable [7:70596] Hi All, I am wondering what is the difference between the RJ48 and RJ45 connector/cable? I am setting a router with a integrated CSU/DSU (WIC-1DSU-T1) with a T1 RJ48 connection hand off by the ISP. They however do not provide the cable. Could I make a cable with RJ45 connectors for this? What would be the pinout for both end of the cable? Does the direction of the cable connection matter? It's urgent. Please help. Thanks in advance! Thomas. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70598t=70596 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
tcp reset problem [7:70521]
Running a solaris (v8 I think) box with Lotus Notes on it (new build). We are having a problem with the server immediately sending a reset to clients after receiving the syn. Congestion or errors on the segment are non-existent. I don't control the server so I can't see the logs but I'm dealing with the age old network people vs. server people problem. Anybody ever had this issue? Thanks, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70521t=70521 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Catalyst 3550 [7:70449]
Hi Tim, DNWB-008-AS01#show interface gi0/1 GigabitEthernet0/1 is up, line protocol is up Hardware is Gigabit Ethernet, address is 000b.5f82.2cb1 (bia 000b.5f82.2cb1) Description: Connected to DHAA-005-DR01 Gi3/4 MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex mode, link type is force-up, media type is SX Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tim Champion Sent: Tuesday, June 10, 2003 6:31 AM To: [EMAIL PROTECTED] Subject: Catalyst 3550 [7:70449] Does anyone know of a command which will show the flavour of GBIC in a particular slot of a 3550? Many thanks in advance. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70450t=70449 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anyone use the older Cisco Cache 2050 Cache engines? [7:70308]
Called Cisco and they do not have the upgrade anymore, to enable Wccp v2. I have v1.7.5 and I need v1.7.6 . It's not even on their software download site any longer. Anyone have 1.7.6 lying around? TIA Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70308t=70308 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: appletalk stuff [7:69961]
Also, are you doing it via one arm routing or do you have separate interfaces in each vlan? ( fa0/0 in vlan or lan x, fa0/1 in vlan or lan y, etc., etc. ) http://www.cisco.com/warp/public/779/smbiz/service/knowledge/wan/subifs.htm You should definitely use sub-interfaces though.. ( Reference above ) Scotty Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] It's funny that we are seeing this message after seeing all those complaints about the CCDP recert exam including AppleTalk! :-) =?WINDOWS-1255?Q?=F7=E5=F8=EF__=EC=E1 wrote: Does anyone have an idea on that: we use 7200 in the center of a big bay-networks routers we use ipx , ip and appletalk ip , ipx works fine in FR/PPP links and OSPF etc.. apple talk zones and routing are shown ok on the macintosh machines All zones are showing up on the Macs? That's a good sign. Routing wouldn't show up on the Macs, but do all routes show up on the routers? Most AppleTalk problems are related to routing, not finding services. To avoid problems with split horizon, be sure to use Frame Relay subinterfaces. there is appletalk services advertised on PPP links AppleTalk services are never advertised. Users look for them. but they are not advertised on FR links routing is RTMP , zones are ok on FR links just the macintosh servers does not show up on FR !! Do you mean that servers don't show up when users who are across the Frame Relay network try to find them? That is indeed strange. no access-lists of any kind Hmmm. It does seem like an access list problem, though It also sounds like it could be a duplicate network number. If this is a new or updated design, it's pretty common to mistakenly reuse an AppleTalk cable range, or have overlapping ranges. Other than misconfigured access lists, that's the only time I've ever seen such a strange result as what you're seeing, if I understand what you're seeing (zones and routes OK, but users can't find services). If it's been upgraded to AppleTalk over IP and Mac OS X, then it's a whole other story. I think Mac OS X uses Service Location Protocol, which is multicast based and requires IGMP and an IP multicast routing protocol to be working correctly. Is this a new problem? What changed? What version of Mac OS are the users using? Is this pure AppleTalk or AppleTalk over TCP/IP? I might be willing to help if you could send more info on what's happening, version numbers, config, etc. Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70044t=69961 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Two ISDN BRI interfaces back to back [7:69540]
Try this: ( if it works, credit given to author below ) Scotty Enter this under stupid router tricks (it's got to be more expensive than an ISDN emulator, but not if you've got the parts lying around). Switch: Cisco 2600 or 3600 with NM-2V and VIC-2BRI-S/T-TE (NT should work too), IOS 12.1.5T9 R1, R2: Cisco with ISDN BRI S/T interface. IOS 12.x R1S/T crossover cableSwitchS/T crossoverR2 These configs let you do ISDN BRI dialup between two routers, using a third router as an ISDN switch. Call setup is flakey but otherwise it seems to work once the call is up. Switch config, for ISDN dial (and X.25 over ISDN D-channel thrown in too) ! isdn switch-type basic-net3 x25 routing ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! whatever ! interface BRI1/0 description to R1 no ip address isdn switch-type basic-net3 isdn overlap-receiving isdn protocol-emulate network isdn layer1-emulate network isdn incoming-voice voice isdn x25 dchannel isdn skipsend-idverify ! ! Basic X.25 over D channel, so you can run pad commands ! For always on, see the Cisco docs ! interface BRI1/0:0 no ip address ip mtu 1514 no ip mroute-cache x25 address 5552000 clns mtu 1514 ! interface BRI1/1 description to R2 no ip address isdn switch-type basic-net3 isdn protocol-emulate network isdn layer1-emulate network isdn incoming-voice voice isdn skipsend-idverify ! interface BRI1/1:0 no ip address ip mtu 1514 no ip mroute-cache x25 address 5551000 clns mtu 1514 ! x25 route 555 interface BRI1/1:0 x25 route 555 interface BRI1/0:0 ! voice-port 1/0/0 ! voice-port 1/0/1 ! dial-peer voice 1 pots incoming called-number 604555 destination-pattern 604555 direct-inward-dial port 1/0/0 ! dial-peer voice 2 pots incoming called-number 604555 destination-pattern 604555 direct-inward-dial port 1/0/1 ! dial-peer voice 10 voip destination-pattern 604555 session target ipv4:10.0.0.1 codec clear-channel ! dial-peer voice 20 voip destination-pattern 604555 session target ipv4:10.0.0.1 codec clear-channel ! R1, R2 config (just reverse the 555/555 and 1.1.1.1/1.1.1.2) ! isdn switch-type basic-net3 ! interface BRI0/0 ip address 1.1.1.1 255.255.255.0 encapsulation ppp dialer string 604555 class DOV dialer-group 1 isdn switch-type basic-net3 isdn incoming-voice data isdn calling-number 604555 isdn x25 dchannel ! interface BRI0/0:0 no ip address ip mtu 1514 no ip mroute-cache x25 address 555 ! map-class dialer DOV dialer voice-call dialer-list 1 protocol ip permit ! -- John Paul Morrison CCNP/Security, CCDP [EMAIL PROTECTED] in article [EMAIL PROTECTED], James Gosnold at [EMAIL PROTECTED] wrote on 5/27/03 12:00: No, you need to buy a hardware ISDN simulator/emulator. And they aren't cheap!! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69674t=69540 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Virtual Link Problem [7:69640]
Check your network types on the connections between r2 and r5 and r2 and r6. Cheers, Scott Kevin Love wrote in message news:[EMAIL PROTECTED] R2#sh ip ospf int Serial1.256 is up, line protocol is up Internet Address 172.16.56.2/29, Area 1 Process ID 1, Router ID 192.168.2.2, Network Type NON_BROADCAST, Cost: 64 Transmit Delay is 1 sec, State DR, Priority 255 Designated Router (ID) 192.168.2.2, Interface address 172.16.56.2 Backup Designated router (ID) 192.168.6.6, Interface address 172.16.56.6 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 Hello due in 00:00:07 Index 1/3, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 2, maximum is 8 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 2, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.5.5 Adjacent with neighbor 192.168.6.6 (Backup Designated Router) Suppress hello for 0 neighbor(s) Loopback0 is up, line protocol is up Internet Address 192.168.2.2/32, Area 2 Process ID 1, Router ID 192.168.2.2, Network Type POINT_TO_POINT, Cost: 1 Transmit Delay is 1 sec, State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Index 1/4, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) R2#sh ip ospf data OSPF Router with ID (192.168.2.2) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 192.168.2.2 192.168.2.2 803 0x8015 0x0079D8 0 Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 192.168.2.2 192.168.2.2 284 0x8017 0x00A072 1 192.168.5.5 192.168.5.5 268 0x8016 0x004A3C 2 192.168.6.6 192.168.6.6 612 0x8016 0x004C34 2 Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 172.16.56.2 192.168.2.2 284 0x8015 0x003C32 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 172.16.56.5 192.168.6.6 11300x8014 0x00F0C8 172.16.56.6 192.168.5.5 777 0x8014 0x004E63 172.16.69.0 192.168.5.5 777 0x8014 0x006B02 172.16.69.0 192.168.6.6 613 0x8015 0x00F77C 172.16.90.128 192.168.5.5 777 0x8014 0x009A3F 172.16.90.128 192.168.6.6 613 0x8015 0x0027B9 172.16.200.0192.168.5.5 528 0x801C 0x004757 172.16.200.0192.168.6.6 875 0x801A 0x00E3C3 192.168.5.5 192.168.5.5 269 0x8015 0x00033E 192.168.5.5 192.168.6.6 11310x8014 0x00023D 192.168.6.6 192.168.5.5 777 0x8014 0x0054E1 192.168.6.6 192.168.6.6 613 0x8015 0x00E05C Summary ASB Link States (Area 1) Link ID ADV Router Age Seq# Checksum 192.168.9.9 192.168.5.5 777 0x8014 0x007F70 192.168.9.9 192.168.6.6 613 0x8015 0x000CEA Router Link States (Area 2) Link ID ADV Router Age Seq# Checksum Link count 192.168.2.2 192.168.2.2 287 0x8016 0x00854D 1 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 11.4.102.4 192.168.2.2 806 0x8013 0x004F58 0 11.4.104.4 192.168.2.2 807 0x8013 0x00396C 0 172.16.10.0 192.168.2.2 546 0x8013 0x00B21A 0 172.16.12.0 192.168.2.2 546 0x8013 0x009C2E 0 172.16.24.0 192.168.2.2 807 0x8013 0x00FC52 0 192.16.40.0 192.168.2.2 807 0x8013 0x0059CE 0 192.168.9.9 192.168.9.9 464 0x8015 0x00CEC6 0 R2# R5#sh ip ospf int Ethernet0 is up, line protocol is up Internet Address 172.16.200.5/25, Area 0 Process ID 1, Router ID 192.168.5.5, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 192.168.7.7, Interface address 172.16.200.7 Backup Designated router (ID) 192.168.6.6, Interface address 172.16.200.6 Timer intervals configured, Hello 15, Dead 60, Wait 60, Retransmit 5 Hello due in 00:00:02 Index 2/3, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 3, maximum is 4 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 2, Adjacent neighbor count is 2 Adjacent with neighbor 192.168.7.7 (Designated Router) Adjacent with neighbor 192.168.6.6 (Backup
Re: CCNP Recertification Exam Review [7:66644]
thanks for the advice. seems like very good and concise info! I have to laugh though, I started my ccnp over two years ago, passing three of the four tests and then got caught up in work related projects (damn work!) and put my certificatiosn on the back burner. the funny thing is, my ccna was about to expire in less than a month, so I took my final ccnp test (CIT) and renewed my ccna at the same time. it almost seems like you can find a way to work the system; I was kinda even hoping that ccie would renew my ccnp/ccna and then I could wait the three years complete that and then forget about the renewal issue altogether. scott Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] The CCNP Recertification Exam was gruelling, and that's no April Fool's joke. But I survived it! ;-) Exam number: 640-851 (the current one) Number of questions: 112 Time: 2 hours Passing Score 732 My score: 834 Is anyone else taking it soon? Here's some advice: Do study. Take each question one at a time. There's plenty of time. Despite some of the gruelling questions, there are some give-aways too. Read carefully. Don't guess unless you absolutely have to. BREATHE! ;-) There's a variety of question types, including one right answer, multiple right answers (they tell you how many), drag-and-drop, type in the command, select a command from a list, and that new simulator thingie that Cisco uses. One reason the test is so hard is that it covers so many topics, in quite a lot of depth. After a while, your brain gets fried and you forget, is it OSPF that considers a high priority a good thing (for DR election) or it STP that considers a high priority a good thing (for root bridge election?) (It's OSPF). And with OSPF, does a 0 in a mask mean must match like in access lists or does it mean don't care like in static routes (and OSPF range commands?!) (0 means must match in OSPF network statements.) Those things may seem obvious, but by about question 72, you start to get confused, if you're like me. You just have to relax and realize that you DO know this stuff. Don't let your brain get into a Mobius strip like mine almost did. The good news is that the questions from the different qualifying tests are not merged. It's very clear when you move between the following tests: Routing: It's based on BSCI actually, not Routing, and is quite hard. Know your BGP, OSPF, and IS-IS. I used Doyle and papers at CertificationZone. You won't be able to just use books that you read when you passed 3 years ago. Support: This didn't seem to have changed. So you could use the Cisco Press CIT book, but there is a new resource available too. (Troubleshooting Campus Networks. :-) Remote Access: This didn't seem to have changed. The Cisco Press book edited by Catherine Pacquet is still an excellent resource. Yes, you may encounter BCRAN questions from last millennium's technologies and products. Switching: This had changed. So know the topics listed for the latest version. I'm not sure what you should study. I guess the official BCMSN book? I studied with Cisco LAN Switching, by Clark and Hamilton, which is excellent, but I still couldn't answer a lot of the questions. I suspect you need a lesser book so you know all Cisco's latest misconceptions about LAN technologies. ;-) For the switching exam, know your stuff because some of the questions are unanswerable by anyone with a logical brain. You'll get things like: Which 3 statements are true? IEEE 802.3 FDDI SONET Gigabit Ethernet Notice, the answers aren't statements! ARGH. Finally a word about CertificationZone. I have written troubleshooting guides for them but am no longer compensated by them, so I hope you won't think this is biased. Their papers were extremely helpful. Also they have practice exams for BSCI, Support, BCRAN, and Switching. The practice exams are very helpful, with one exception: SWITCHING! (The bane of my existence.) Their switching exam covers too many topics that aren't on the current exam. Well, that's all for now. I'm just happy to be certifiable for another 3 years. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66781t=66644 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Computer for ISP [7:66736]
well georgeW, your questions seem a little hidden. what are you asking? why an ISP would need a server? for dns is the first example that comes to mind. btw, 4 more? scott George wrote in message news:[EMAIL PROTECTED] A computer is to be purchased for an Internet Service Provider (ISP) that is to be used as one of the server at the network backbone. What may be the role of this server for the ISP? Can this server be put for other server related applications? What will be configuration of this server giving reason for selection of various components ( economicaly wise and performance wise ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66793t=66736 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP route to Null0? [7:66755]
null0 is used as an alternative to access-lists. it is a blackhole. so anything routed to it gets dropped automatically. an access-list uses more processor overhead than a null interface and thus if you have a certain part of your network that you don't want to go anywhere, then use a null interface instead of access-lists. as for why its a floating route or the tie-ins to bgp, thats beyond me and hopefully someone comments on this. bgp makes my head hurt. scott Anil Gupte wrote in message news:[EMAIL PROTECTED] I am trying to understand some IP route commands on our router. Several of them go to Null0 - what does that mean? For example, I have ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 What is this doing? I need to add another block of class Cs from the same provider. Do I need a similar statement to the above? Thanx for your help. Anil Gupte Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66790t=66755 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hacking challenge [7:66720]
my company does a lot of firewall consulting and I run into this question all the time. frankly I don't have a great answer for it though. packet filters (i.e. access-lists) are technically first generation firewalls, so they do have a firewall in place already. the sell really comes into play when you state that first generation firewalls aren't as robust and up-to-date as the latest third generation firewalls and are open to concerted attacks. this usually they can understand. trying to explain multilayer stateful inspection to them is pointless, so don't even try. probably the best thing you can do (as already sugeested), is make sure your acl is complete and anytime a security issue comes up point out the problem as relates to no firewall. after about a year of you doing this, they'll catch on and will budget it in eventually. scott Wilmes, Rusty wrote in message news:[EMAIL PROTECTED] there's an access list on the ethernet interface thats directly connected to a dsl modem. they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 8:46 AM To: [EMAIL PROTECTED] Subject: RE: hacking challenge [7:66720] Wilmes, Rusty wrote: this is a general question for the security specialists. Im trying to convince a client that they need a firewall so hypothetically, if you had telnet via the internet open to a router (with an access list that allowed smtp and telnet) (assuming you didn't know the telnet password or the enable password)that had a bunch of nt servers on another interface, Do you actually mean that you are allowing Telnet and SMTP to go through the router? You said to above which is confusing. Allowing Telnet to the router unrestricted would be a horrible security hole, even for people who don't know the password because passwords are often guessable. But I don't think that's what you meant... Allowing Telnet and SMTP through the router is more common, especially SMTP. You have to allow SMTP if you have an e-mail server that gets mail from the outside world. Avoid Telnet, though, if you can. It sends all text as clear text, including passwords. The question is really how vulnerable is the operating system that the SMTP server is running on? It's probably horribly vulnerable if your client hasn't kept up with the latest patches, and it sounds like your client is the type that hasn't? In fact, the server is probably busy attacking the rest of us right now! ;-0 So, as far as convicing your customer The best way may be to put a free firewall, like Zone Alarm, on the decision maker's computer and show her/him all the attacks happening all the time. Or if she already has a firewall, walk her through the log. Good luck. I have a good book to recommend on this topic: Greenberg, Eric. Mission-Critical Security Planner. New York, New York, Wiley Publishing, Inc., 2003. Here's an Amazon link: http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw inc/104-9901005-4572707 Priscilla how long would it take a determined hacker a) cause some kind of network downtime and b) to map a network drive to a share on a file server over the internet. Thanks, Rusty -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: VLAN loop problem [7:66656] Yes, it prevents loops in spanning tree on layer 2 switches from causing a loop by disabling the port on a cisco switch... Larry Letterman Network Engineer Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Thomas N. Sent: Wednesday, April 02, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: Re: VLAN loop problem [7:66656] What does portfast bpdu-guard do? Does it prevent interfaces with portfast enabled from causing the loop in my scenario? Larry Letterman wrote in message news:[EMAIL PROTECTED] port mac address security might work, altho its a lot of admin overhead..are you running portfast bpdu-guard
Re: so how does IGRP unequal load-balancing work anywa [7:66795]
your example is fair. I haven't seen many real example of load balancing. in the case you're describing you can simply change the metrics on one of the routers 'secondary' link to the other router. this would prevent it from passing anything it received from the one router back to itself. yes the way you've created the example things would 'loop' between them, but as an experienced cisco person, you've recognized the misconfiguration and have avoid the conflict in this setup. I can come up with dozens of normal operation scenarios where if put together in such a manner (which taken alone work fine), would fall apart because they were assembled without a perspective on the greater network. its like me wondering about the validity of marriage if the possibility exists that could marry my own sister. its a possibilty if I can think of the right scenario, but with this knowledge in mind, I can be on the lookout for anyone that resembles me a bit too closely. scott nwo wrote in message news:[EMAIL PROTECTED] OK, consider this scenario. You have a large network of IGRP routers. You have routers A and B who each have a metric of, say, 10 to a given destination (I am going to use simple values for the metrics of IGRP to make things easy). Routers A and B are also directly connected, and the link between them has a metric of 1. Router A sends an update to B that the destination has a metric of 10, and router B adds the value of the link to arrive at a total metric of 11. Therefore, router B has 2 ways to get to the destination, the first would be through the normal way (through the path that has a metric of 10) and the other through router A (which has a metric of 11). Vice versa is also true with respect to router A. When you configure variance of larger than 1, then both paths will be entered into the route table. If this is the case, then you can see that some packets can bounce around. For example, router A may, through unequal load-balancing, send some of the dest packets to B, and then B will, again through unequal balancing, send some of those packets back to A, etc. Yes, the number of packets sent the 'wrong way' decreases exponentially but the point is that there is still some bouncing around. The only way I can see that this would not happen is if a router would compare the metric of a received route (before the cost of the link is added) to the metric that the router is currently holding for that route, and if it is equal to or greater than that value, the route is rejected unconditionally for unequal balancing. This would be something similar to what the whole EIGRP successor algorithm accomplishes. Does anybody know for a fact whether this is in the IGRP algorithm? Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] nwo wrote: It occurs to me that I do not understand how IGRP unequal load balancing works. Yes, I understand what the commands are, and I am well aware of the intricacies involved in fast-switching and CEF. So please don't respond by telling me to configure 'variance' or stuff like that. I already know all that. What I don't understand is this. A fundamental part of EIGRP unequal load balancing is the concept of the feasible successor, where routes of unequal metric to a particular destination will be considered only if the corresponding neighbor is a feasible successor for the destination in question. This is in order to prevent the problem of packets being sent to to a router that is actually further away from the destination than the sending router is to that destination. Yet, I am aware of no such safeguards in IGRP. IGRP has no such concept of I don't think such a safeguard is necessary. A router running even a simple distance-vector protocol like IGRP knows the metric of its neighbors because the neighbors report it in update packets. The router can add routes to the routing table based on this information alone and knowledge of the variance and maximum-paths values. It would be a broken protocol indeed if it added routes that included a next-hop neighbor that was farther away. The business of feasible successors, unique to EIGRP, helps maintain the routing table when changes happen, such as when a directly connected link fails or when update or queries arrive. I don't know if it's used for load balancing though. It wouldn't need to be. If you have a URL that explains what feasible successor has to do with load balancing, please send it. Thanks. But I would probably still say that it's not necessary for load balancing to work. a topology table with neighbor's advertised distances and whatnot. Therefore it seems that packets could easily be forwarded away from the destination. Not if the distance-vector protocol is working correctly. Furthermore, it would seem to me
Re: WIC 2A/S working at speeds greater than 128kbps. [7:66733]
I think thats the maximum of asynchronous communication that they've put into their documentation, I don't think there is an upper limit to the real transfer rate. I suppose you could clock a asynchronous transmission way up into the Mbps range and that interface would still suck it in. granted there would probably be tons of errors/drops, but I don't think cisco has a hard limit on how much it can receive. technically I think rs-449 is rated into the Mbps range and is still considered asynchronous. correct me if I'm wrong. scott wrote in message news:[EMAIL PROTECTED] We have a Cisco 1750 router with a WIC2A/S card installed..According to Cisco's documentation, the WIC card supports speeds upto 128kbps. But i have seen the serial port working at speeds of 250kbps.How??? Is Cisco's documentation wrong or am i missing something?? Thanks and Regards Simon K. Carvalho Sr. Network Engineer Network Solutions Ltd. , Bangalore Email: :[EMAIL PROTECTED] Web : www.netsol.co.in Phone : +91 80 5535228 ext 433 Mobile : +91 9845349843 Tomorrow's Networks.Today. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66802t=66733 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PAT AFTER NAT (confused) [7:66734]
this is the current nat setup I have on one of my PIXs: global (outside) 1 xxx.xxx.223.235-64.172.223.236 global (outside) 1 xxx.xxx.223.237 nat (inside) 0 access-list 100 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 heres the translations: PAT Global xxx.xxx.223.237(16882) Local 192.168.2.18(2193) PAT Global xxx.xxx.223.237(16914) Local 192.168.2.18(2229) PAT Global xxx.xxx.223.237(4739) Local 192.168.2.18(2228) PAT Global xxx.xxx.223.237(16915) Local 192.168.2.18(2230) Global xxx.xxx.223.236 Local 192.168.2.17 PAT Global xxx.xxx.223.237(16880) Local 192.168.2.18(2190) Global xxx.xxx.223.235 Local 192.168.2.14 PAT Global xxx.xxx.223.237(16913) Local 192.168.2.18(2227) PAT Global xxx.xxx.223.237(16918) Local 192.168.2.18(2233) PAT Global xxx.xxx.223.237(16919) Local 192.168.2.18(2234) PAT Global xxx.xxx.223.237(16916) Local 192.168.2.18(2231) PAT Global xxx.xxx.223.237(16917) Local 192.168.2.18(2232) PAT Global xxx.xxx.223.237(16922) Local 192.168.2.18(2237) PAT Global xxx.xxx.223.237(16923) Local 192.168.2.18(2238) PAT Global xxx.xxx.223.237(16920) Local 192.168.2.18(2235) PAT Global xxx.xxx.223.237(16904) Local 192.168.2.18(2218) PAT Global xxx.xxx.223.237(16921) Local 192.168.2.18(2236) you can see that the two nat IPs are being used already and the rest are being NATed. I can only assume the NATs went through first, since PAT would take like 4000+ to fill up I believe. on another note, whats up with all those xlates for 192.168.1.18!! (I'll ignore that for now) I can't think of a recent nat I have off of a regular router, but I suspect based upon what people are saying that perhaps the PIX's nat works correctly, but the routers is kinda backward. something to setup in a lab I suppose. scott Marko Milivojevic wrote in message news:[EMAIL PROTECTED] I have been following this thread with great interest, for I had problems with PAT/NAT in IOS recently. It looks to me that many people have the same confusions (hopes) as I had. I have a case where I have many users on private address space (around 1000 or so) which must be NAT-ed through a pool of 768 real addresses. This are all, mostly, heavy users (xDSL customers). I have foolishly hoped that if I configure pool with overload, IOS will do 1:1 and when it runs out of addresses, it will do PAT. Well, I was wrong. And that's wrong at a price. Not only that IOS is immediately performing PAT, but PAT is *much* more CPU intensive than 1:1 NAT. Also, it is not possible to define multiple address ranges or pools for the same translation (I would greatly appreciate if someone corrects me here). So, from my experience with this matter: * it is not easily possible to do NAT and switch to PAT when addresses run out * if you define overload, IOS automatically does PAT, with more CPU usage One way of getting away from running out of NAT addresses is to lower translation timeout (default is I think 24h). This timeout defines how long NAT relationship remains between real and private IP. You can lower this to one hour by doing: ip nat translation timeout 3600 In my experience, this proved to be useful in this, far from 1:1 scenario. Further lowering this to some 15 minutes or so, could cause more load on router (guesswork), but hugely decrease your chances of running out of translation addresses. Kind regards, Marko. Tolvupostur ?essi er fra Margmi?lun hf., Su?urlandsbraut 4, Reykjavik. Fyrirvara og lei?beiningar til vi?takenda tolvuposts fra Margmi?lun hf. er a? finna a vefsi?unni http://www.mi.is/fyrirvari Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66799t=66734 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2511 Hardware Issue [7:66662]
I'm assuming your configuration is fine, but what do the controllers show and are the interfaces showing any errors? scott Tim Champion wrote in message news:[EMAIL PROTECTED] Has anyone experienced, or heard of, the following problem: I recently bought a 2nd hand 2511 but only async interfaces 9-16 work. 1-8 receive data but do not transmit. Could it possibly be due to one of the numerous jumper settings? many thanks in advance. Tim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66721t=2 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router-to-external MODEM connection [7:66585]
yes daniel cotts was right, the 1601 serial interface is a asyc/sync one and since you have one you're in luck! the only thing you're missing though is a cable that is db60 to rs-232. you can get these straight from a cisco reseller or off of ebay (though its hard to find these on ebay unless you look). the configuration of a modem is an entire chapter of most books, so it depends on what you're looking to do with the modem. dial in, dial out, access the network behind the router or access the router itself? you can find configuration example in many books and also try searching cisco.com for 'modem router configuration' hope this helps, scott Diego Martmnez Boqui wrote in message news:[EMAIL PROTECTED] Hi Scott, yes my router is a 1601 which has an integrated wic (async/sync serial interface (db60). Ok, so you confirm to me that this connection is possible, the thing is that I need some kind of instructions to do the connection. Do you know how to do this or can you point me to some url where I can find step-by-step instructions to configure this. Thanks a lot for your time and help. - Original Message - From: Scott Roberts Date: Tue, 1 Apr 2003 19:51:34 GMT To: [EMAIL PROTECTED] Subject: Re: Router-to-external MODEM connection [7:66585] you'll need a WIC with a async/syn serial port, I know they're available for the 1700's, but I'm not sure if the same wic will work in a 1600. then you can specify the interface as async and connect up the modem with a db60-rs232 cable. scott Diego Martmnez Boqui wrote in message news:[EMAIL PROTECTED] Hello Steve, yes, I can do this using the aux port but my 1600 router does not have an aux port, I need to do this using my serial sync/async interface, I just don`t know how and have not found a document about this type of connection. Thanks for your help anyway Peace - Original Message - From: Steve Date: Tue, 1 Apr 2003 03:21:41 GMT To: [EMAIL PROTECTED] Subject: Re: Router-to-external MODEM connection [7:66585] this can be done look for cisco doc to connect external modem to aux port -- Regards, Steve Diego Martmnez Boqui wrote in message news:[EMAIL PROTECTED] Hello Group. Is it possible to connect an external modem to a Cisco 1600 series router? And if it is, then how is it done? Can I connect using the serial interface? Any link with step by step instructions? Thank you all! -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Diego Martmnez Boqui -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Diego Martmnez Boqui -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66718t=66585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: off-topic posts - WAS - RE: What tools can tell u r using [7:66723]
something tells me you never fully considered the merits of that website. take another hard look at it and then questions its relevance to cisco. ;) scott cebuano wrote in message news:[EMAIL PROTECTED] Paul, How many more of these off-topic threads are you going to allow? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of LaWanda Daivs Sent: Tuesday, April 01, 2003 8:38 PM To: [EMAIL PROTECTED] Subject: Re: What tools can tell u r using lease line or ISDN? [7:66561] Take a look at this web site and let me know what you think. http://www.imagine2020.com/761368002. --- Link Teo wrote: I am using leased line to connect my remote offices to HQ. All the leased line are backup by ISDN. Is there any tools which can inform me via email or other means about whether I am using leased line now or ISDN backup? In other words, any tools which can inform me when the primary line is down and the ISDN kick in? Thanks a lot. [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://platinum.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66723t=66723 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: so how does IGRP unequal load-balancing work anyway? [7:66722]
considering hold-down times and split horison, why do you think that packets would bounces in a loop under normal conditions? I think under normal conditions if a route is considered valid enough to be included in a routing table, its not going to be a loop. I think EIGRP only looked for alternate successors when the feasible successor was a really bad cost, was because of an optimization standpoint and not a loop issue. I agree that there can be some issues with classful protocols and routing, but I think the issue of load balancing legitimately discovered routes isn't worrisome. you'll pretty much have an eye on your network and know if something isn't right, but it seems like you're worried that if you setup a network and leave it for a few years unattended there might be problems, well what network won't under those circumstances? scott nwo wrote in message news:[EMAIL PROTECTED] It occurs to me that I do not understand how IGRP unequal load balancing works. Yes, I understand what the commands are, and I am well aware of the intricacies involved in fast-switching and CEF. So please don't respond by telling me to configure 'variance' or stuff like that. I already know all that. What I don't understand is this. A fundamental part of EIGRP unequal load balancing is the concept of the feasible successor, where routes of unequal metric to a particular destination will be considered only if the corresponding neighbor is a feasible successor for the destination in question. This is in order to prevent the problem of packets being sent to to a router that is actually further away from the destination than the sending router is to that destination. Yet, I am aware of no such safeguards in IGRP. IGRP has no such concept of a topology table with neighbor's advertised distances and whatnot. Therefore it seems that packets could easily be forwarded away from the destination. Furthermore, it would seem to me that packets could actually bounce back and forth between 2 routers for awhile. Please say it ain't so. Yet I am unaware of any construct within IGRP that would prevent it from being so. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66722t=66722 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Router-to-external MODEM connection [7:66585]
you'll need a WIC with a async/syn serial port, I know they're available for the 1700's, but I'm not sure if the same wic will work in a 1600. then you can specify the interface as async and connect up the modem with a db60-rs232 cable. scott Diego Martmnez Boqui wrote in message news:[EMAIL PROTECTED] Hello Steve, yes, I can do this using the aux port but my 1600 router does not have an aux port, I need to do this using my serial sync/async interface, I just don`t know how and have not found a document about this type of connection. Thanks for your help anyway Peace - Original Message - From: Steve Date: Tue, 1 Apr 2003 03:21:41 GMT To: [EMAIL PROTECTED] Subject: Re: Router-to-external MODEM connection [7:66585] this can be done look for cisco doc to connect external modem to aux port -- Regards, Steve Diego Martmnez Boqui wrote in message news:[EMAIL PROTECTED] Hello Group. Is it possible to connect an external modem to a Cisco 1600 series router? And if it is, then how is it done? Can I connect using the serial interface? Any link with step by step instructions? Thank you all! -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Diego Martmnez Boqui -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66632t=66585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console management [7:66405]
if you mean like a 2511? an access server to allow you to telnet into all your routers and not keep switching the console cables around? well you could buy a 2511 (or 2512 for token ring) to do the job, it has 16 ports. the problem with this is that you'll pay a premium on ebay for it. an alternative I just bought and I think works terrific is the Digi portserver. it also has 16 ports and you can get them off ebay sometimes for less than $100. scott Kazan, Naim wrote in message news:[EMAIL PROTECTED] Hi Guys I am looking for a not so expensive device to manage my routers for my lab at home via the console. Any suggestions will be greatly appreciated. Thanks Naim Kazan FISC-SDS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66410t=66405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BCRAN: 700 or 800 Series Router Commands? [7:66290]
I agree that you should know the generalities of the 700 series. I bought one anyway off of ebay, it was only $20 for a 776M, so I wasn't out a whole lot. the 800 is IOS so there isn't much to worry about in terms of commands. scott fred barreras wrote in message news:[EMAIL PROTECTED] All I saw when I took exam was genral questions on the 700, such as where it is used and max amount of profiles,etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66409t=66290 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Natting problem...help!!! [7:66111]
I've never had to implement a dns change, but supposedly yes it does change the payload. there is only a few services where is does these payload changes though. another big one used to be ping, NATing modifies the payload of that also. scott Charles D Hammonds wrote in message news:[EMAIL PROTECTED] from the below link: Is that accurate??? The ip nat outside source command will translate the IP in the PAYLOAD of the DNS reply packet even though it is not the source??? doesn't sound right and I am unable to test it rite now... Charles -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 1:06 AM To: [EMAIL PROTECTED] Subject: RE: Natting problem...help!!! [7:66111] You could get around this by doing a two way nat, or as cisco calls it, nating for overlapping networks .. http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_examp le09186a0080093f30.shtml JP wrote: I have the following scenario 0---0--telnet application network3network 1 network 2 lan wan link I need all hosts on network 3 to telnet to my telnet application Problem is network 3 and network 2 both have the same ip range. My question is the following: Is there any way i can perform natting to allow network 3 hosts to telnet to the application and use an ip address other than the one assigned to the application as the destination address??? Any ideas appreciated Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66406t=66111 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Console management [7:66405]
I should warn you about my last response regarding the 'Digi portserver', I had to make my own custom cables though, the regular cisco rollover doesn't work. so if you're not used to crimping your own cables, I wouldn't go with the portserver. scott Kazan, Naim wrote in message news:[EMAIL PROTECTED] Hi Guys I am looking for a not so expensive device to manage my routers for my lab at home via the console. Any suggestions will be greatly appreciated. Thanks Naim Kazan FISC-SDS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66411t=66405 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: regulations [7:66267]
Cory, Look up the Graham-Leach-Bliley Act. It's a governance that states certain security measures that financial instutions should abide by. Good Luck. -Scott Stull, Cory wrote in message news:[EMAIL PROTECTED] Where could I go to find information on network security regulations for banks and medical offices?. Information on firewalls and rules they have to abide by and that sort of thing? Thanks God Bless our troops. Cory Stull CCNP,CCDP,MCSE4/2k Communications Concepts Unlimited 262-814-7214 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66284t=66267 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 2501 and 2503 Lab [7:65942]
you can accomplish many of the things you're looking for, the trick is to have the correct IOS image. if your routers only has a basic IP image you might not be able to do some of these functions. the other thing to conssider is the amount of memory you have to implement everything using verion 12, you'll basically need 16MB of flash and 8-16MB of DRAM. scott Pete Nugent wrote in message news:[EMAIL PROTECTED] Just got a small Lab fo home 2 x 2501 and a 2503 here's what I really need to know. As the MCNS is fo router security mainly will this be OK. Will these run BGP, OSPF, ISIS IPSec/DES/3DES. Basically what are the limitations. They all have V12 IOS. Seems like an easy question but I dont wanna start trying something I cant do. Also if I want to look at the CSSP at a later date are 2 PIX 501's enough. Any advice on additions to my Lab will be appreciated. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66086t=65942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PDM Question [7:65954]
I agree, they are a few aspects missing from PDM, such as the mentioned VPN/cryptology, but I find that it helps when you need to configure a basic firewall quickly. I find that I'll put the basic interface commands in CLI and then I'll setup NAT through the PDM interface. scott Steve Wilson wrote in message news:[EMAIL PROTECTED] the PDM is a useful tool for a graphical view of the configuration. If you are using your PIX to terminate VPN clients or tunnels you may stillned to use the command line to administer and configure them. This might be improved in the next release of the Operating System. Personally i agree that the CLI is still the best way to program the beast. Best of luck Steve -Original Message- From: Hartnell, George To: [EMAIL PROTECTED] Sent: 21/03/2003 20:34 Subject: PDM Question [7:65954] Hi there, I've got a 515UR failover I jus' upgraded from 5.3(1) to 6.1(4). I'd like to pop PDM on that system(s) and try that interface out. I'm a command line kind of guy, so am comfortable with CLI, but, I've heard that PDM is a worthy utility. Any words of wisdom on PDM installation? Best, G. Nations have recently been led to borrow billions for war; no nation has ever borrowed largely for education... no nation is rich enough to pay for both war and civilization. We must make our choice; we cannot have both. -- Abraham Flexner Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66088t=65954 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT overload as security [7:66015]
I work with a lot of different vendors firewalls and IMO PAT is a security feature (to a degree). like many other security features its not perfect by itself, but when combined with other features its creates a full firewall. technically PAT alone would be an aspect of stateful inspection/translation, which is a first generation firewall. as you already stated though, you have no idea whats in the incoming packets above layer 4, so thats the risk. of course if you had a static translation or regular NAT, thats a whole different story. scott Doug S wrote in message news:[EMAIL PROTECTED] On my home network, I rely almost exclusively on NAT overload for security. Even though I know it's not a security measure, I've yet to hear anyone with a good explanation of why it's not enough, at least for a home network. I know there's a bunch of really bright people here, so if anyone would point out the flaws in my reasoning, I'd love to hear it. Below are some exerpts from an email converstation with a friend that explain how I think about it: --- I mostly rely on NAT overload for security. The only traffic that will be allowed in is traffic for which a translation has been created. Since these translations are only created by outbound traffic, no one from the outside can initiate a connection unless they bypass NAT by using the actual private ip addresses configured on the workstation. To do that, they'de have to have no routers between them and my router (meaning my ATT segment only) as any other router would drop packets for these addresses. To protect against that, I deny traffic for the ip's configured behind the router. access-list 151 deny any 192.168.0.0 0.0.0.255 access-list 151 permit any any (this whole acl could just as well be: access-list 165 permit any host (outside int IP address) access-list 50 permit 192.168.0.0 0.0.0.255 Int e0 ip address 192.168.0.1 255.255.255.0 ip nat inside Int e1 ip address dhcp ip nat outside ip access-group 51 in ip nat inside source list 50 int e1 overload Even though NAT isn't a security feature, I think overload works pretty well for security because no traffic will be allowed in unless an inside host has created a NAT entry by originating the flow. All legitimate flows on a home network are going to be created by CLIENT processes running on the machine, so what do I care if someone tries to connect to that port. What I mean is: 1) I go to surf the web at 200.200.200.200, my workstation uses tcp port 1456 to connect to tcp port 80 2a) tcp port 1456 is taking in traffic only for web browser, which is a client application that's only going to display what's sent back to my browser. 2b) as this traffic passes through the router a NAT entry is created: INSIDE LOCAL INSIDE GLOBAL OUSIDE GLOBAL 192.168.0.100:1456 12.228.99.129:1456 200.200.200.200:80 3) A 'hole' has been created that now allows traffic to my workstation. 4) A really good hacker wants to exploit this hole. To do this, s/he's going to have to do a few tricky things: First, since this translation is only going allow traffic only from 200.200.200.200:80 to be sent to 192.168.0.100:1456, s/he's going to have to figure out how to spoof that address/port pair AND get the return traffic back to his machine (if he wants any return traffic there might be) Second, since it's only my web browser, and not some service that's running on port 1456, the only traffic that could possibly even be interpreted on that port would be html. And since that port is maintaining the tcp stream info from the original connection (seq #'s ack's) s/he's going to have to accurately spoof that too. If all this is sucessful, I guess there is malicious html code that s/he could run, but wouldn't it have been easier for the hacker just to put it up on a website and let me click on it myself? To me it seems like NAT overload on home computers meets the security idea of making it more difficult than what it's worth for the hacker. There is no way I would ever rely on this on a production network with services available, themselves initiating connections. I'd really like to hear a security expert's views about these ideas, but so far, no one I've talked to has explained to me a way that a hacker could get past NAT overload. The only two ways I can think of are 1)bypass NAT by using the actual configured ip's of the workstations inside 2)Get you to install software on you're machine that will both create a nat translation to the outside and let them connect back through that translation to a SERVICE that's listening on that port. If they are able to do that, even CBAC isn't going to stop them anyhow. Access lists trying to protect home workstations that are being NAT'ed seem for the most part redundant to me
Re: DS3 bandwidth issues [7:65790]
wow thanks for all the responses everyone! I learn something new everyday on this board. scott [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Being in the CLEC business I can tell you that we typically refer to T3 when discussing Transport only type ciruits of 45Mbps from point to point. When we refer to putting services on it, such as Frame Relay, ATM, PPP, voice (PRI, Trunks, etc) then we usually refer to them as DS3. However, they are certainly used interchangibly by most. A T1 or T3 is a Carrier as explained below: To see the relationship between T-carrier, E-carrier, and DS0 multiples, see digital signal X. The T-carrier system, introduced by the Bell System in the U.S. in the 1960s, was the first successful system that supported digitized voice transmission. The original transmission rate (1.544 Mbps) in the T-1 line is in common use today in Internet service provider (ISP) connections to the Internet. Another level, the T-3 line, providing 44.736 Mbps, is also commonly used by Internet service providers. Another commonly installed service is a fractional T-1, which is the rental of some portion of the 24 channels in a T-1 line, with the other channels going unused. The T-carrier system is entirely digital, using pulse code modulation and time-division multiplexing. The system uses four wires and provides duplex capability (two wires for receiving and two for sending at the same time). The T-1 digital stream consists of 24 64-Kbps channels that are multiplexed. (The standardized 64 Kbps channel is based on the bandwidth required for a voice conversation.) The four wires were originally a pair of twisted pair copper wires, but can now also include coaxial cable, optical fiber, digital microwave, and other media. A number of variations on the number and use of channels are possible. In the T-1 system, voice signals are sampled 8,000 times a second and each sample is digitized into an 8-bit word. With 24 channels being digitized at the same time, a 192-bit frame (24 channels each with an 8-bit word) is thus being transmitted 8,000 times a second. Each frame is separated from the next by a single bit, making a 193-bit block. The 192 bit frame multiplied by 8,000 and the additional 8,000 framing bits make up the T-1's 1.544 Mbps data rate. The signaling bits are the least significant bits in each frame. A DS0/1/3 is a Digital signal carried by the T carrier as explained below: Digital signal X is a term for the series of standard digital transmission rates or levels based on DS0, a transmission rate of 64 Kbps, the bandwidth normally used for one telephone voice channel. Both the North American T-carrier system system and the European E-carrier systems of transmission operate using the DS series as a base multiple. The digital signal is what is carried inside the carrier system. DS0 is the base for the digital signal X series. DS1, used as the signal in the T-1 carrier, is 24 DS0 (64 Kbps) signals transmitted using pulse-code modulation (PCM) and time-division multiplexing (TDM). DS2 is four DS1 signals multiplexed together to produce a rate of 6.312 Mbps. DS3, the signal in the T-3 carrier, carries a multiple of 28 DS1 signals or 672 DS0s or 44.736 Mbps. Digital signal X is based on the ANSI T1.107 guidelines. The ITU-TS guidelines differ somewhat. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of MADMAN Sent: Thursday, March 20, 2003 4:32 PM To: [EMAIL PROTECTED] Subject: Re: DS3 bandwidth issues [7:65790] six of one half dozen of the other, they both describe the same thing. I think T is a Bellcore name and DS is a some standards body name. Dave Scott Roberts wrote: why do people refer to a DS3 as a DS3 and not a T3? is there something I'm missing? scott Nate wrote in message news:[EMAIL PROTECTED] We've run a bandwidth test on our DS3 with nothing connected to it but a workstation (and obviously a router/pix). We went to testmyspeed.com as well as dslreports.com. We both got very good bandwidth tests (upward 6m/s) however in transferring a 200m file to/from a workstation behind the connection, we got over 30 minutes while our existing T1 got 26 minutes. Anyone mind explaining this phenomenon? Just a side note, we have no encryption between GRE tunnels. Thanks in advanced. -Nate -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 I would rather have a German division in front of me than a French one behind me. --- General George S. Patton Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65941t=65790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 bandwidth issues [7:65790]
why do people refer to a DS3 as a DS3 and not a T3? is there something I'm missing? scott Nate wrote in message news:[EMAIL PROTECTED] We've run a bandwidth test on our DS3 with nothing connected to it but a workstation (and obviously a router/pix). We went to testmyspeed.com as well as dslreports.com. We both got very good bandwidth tests (upward 6m/s) however in transferring a 200m file to/from a workstation behind the connection, we got over 30 minutes while our existing T1 got 26 minutes. Anyone mind explaining this phenomenon? Just a side note, we have no encryption between GRE tunnels. Thanks in advanced. -Nate Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65864t=65790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Why did Cisco do this? Off Topic [7:65834]
why not? my boss came to me this morning prior to the announcement and thought they were going to say they were buying checkpoint! scott Elijah Savage wrote in message news:[EMAIL PROTECTED] Cisco buys Linksys. http://www.quicken.com/investments/news/story/?story=NewsStory/BW/20030320/a 5141_1048177983.varp=CSCO -- BSD is for people who love Unix - Linux is for people who hate Microsoft Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65866t=65834 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to delete flash [7:65529]
boot into boot-helper mode (conf-reg 0x2101) this will allow the flash to be in read/write and not just read only mode. let us know please if this solved it for, its always nice to hear what works in the end. scott wrote in message news:[EMAIL PROTECTED] Question with similar interest... I have a file marked for delete in the bootflash of a 7513. When I issue the squeeze command I get the following... 7513#show bootflash -#- ED --type-- --crc--- -seek-- nlen -length- -date/time-- name 1 .D image5BE93E76 6D42E8 22 6898280 Mar 04 2002 08:32:35 rsp-boot-mz. 122-7a.bin 2 .. image7415A36D DC4F08 24 7277472 Aug 13 2002 12:41:14 rsp-boot-mz. 122-8.t5.bin 7513#squeeze bootflash All deleted files will be removed. Continue? [confirm] Squeeze operation may take a while. Continue? [confirm] %Error squeezing bootflash (File open for write) A reboot has been suggested. Any other ideas? Thanks, Tim -Original Message- From: Scott Roberts [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 3:16 PM To: [EMAIL PROTECTED] Subject: Re: Unable to delete flash [7:65529] from the cisco IOS command reference: delete: When you delete a file, the software simply marks the file as deleted, but it does not erase the file. This feature allows you to later recover a deleted file using the undelete command. You can delete and undelete a file up to 15 times. To permanently delete all files marked deleted on a Flash memory device, use the squeeze command. erase: When a file system is erased, none of the files in the file system can be recovered. The erase command can be used on both Class B and Class C Flash file systems only. To reclaim space on Flash file systems after deleting files using the delete command, you must use the erase command. This command erases all of the files in the Flash file system. scott Sales wrote in message news:[EMAIL PROTECTED] Some possible things to try would be to use the /force switch with the delete command. Also try erase versus delete to see if that helps. Thanks, www.ccie4u.com Rack Rentals and Lab Scenarios -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tafasi Sent: Saturday, March 15, 2003 11:09 PM To: [EMAIL PROTECTED] Subject: Unable to delete flash [7:65529] Hi Group, I have a problem deleting a file from a 4500 series flash memory. The file shows up as been deleted but the available free space indicates that the file has not been deleted yet. I tried to use the squeeze command but it will not work with this file system. Can you guys suggest something. Thanks John Tafasi r1#show fla System flash directory: File Length Name/status 1 10031664 c4500-a3jk8s-mz.122-7b.bin [deleted] 2 3668568 c4500-i-mz.120-25.bin [13700360 bytes used, 3076856 available, 16777216 total] 16384K bytes of processor board System flash (Read/Write) r1#delete flash:c4500-a3jk8s-mz.122-7b.bin Delete filename [c4500-a3jk8s-mz.122-7b.bin]? Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm] %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or directory) r1# This message has been scanned for viruses by the McAfee Security e500 Appliance. Note: This e-mail contains PRIVILEGED and CONFIDENTIAL information intended only for the use of the specific individual or entity named above. If you or your employer is not the intended recipient of this e-mail or an employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any unauthorized dissemination or copying of this e-mail is strictly prohibited. If you have received this transmission in error, please immediately delete the message and advise the above by telephone, email or fax response to this message. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65862t=65529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Anybody heard of banff counters? [7:65765]
They are some sort of counters in engineering mode on the catalyst. The only info. I could find on them says they have something to do with the EARL. TAC is telling somebody that it's a sign of a layer 2 loop. Anybody? Thanks, Scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65765t=65765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Unable to delete flash [7:65529]
from the cisco IOS command reference: delete: When you delete a file, the software simply marks the file as deleted, but it does not erase the file. This feature allows you to later recover a deleted file using the undelete command. You can delete and undelete a file up to 15 times. To permanently delete all files marked deleted on a Flash memory device, use the squeeze command. erase: When a file system is erased, none of the files in the file system can be recovered. The erase command can be used on both Class B and Class C Flash file systems only. To reclaim space on Flash file systems after deleting files using the delete command, you must use the erase command. This command erases all of the files in the Flash file system. scott Sales wrote in message news:[EMAIL PROTECTED] Some possible things to try would be to use the /force switch with the delete command. Also try erase versus delete to see if that helps. Thanks, www.ccie4u.com Rack Rentals and Lab Scenarios -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tafasi Sent: Saturday, March 15, 2003 11:09 PM To: [EMAIL PROTECTED] Subject: Unable to delete flash [7:65529] Hi Group, I have a problem deleting a file from a 4500 series flash memory. The file shows up as been deleted but the available free space indicates that the file has not been deleted yet. I tried to use the squeeze command but it will not work with this file system. Can you guys suggest something. Thanks John Tafasi r1#show fla System flash directory: File Length Name/status 1 10031664 c4500-a3jk8s-mz.122-7b.bin [deleted] 2 3668568 c4500-i-mz.120-25.bin [13700360 bytes used, 3076856 available, 16777216 total] 16384K bytes of processor board System flash (Read/Write) r1#delete flash:c4500-a3jk8s-mz.122-7b.bin Delete filename [c4500-a3jk8s-mz.122-7b.bin]? Delete flash:c4500-a3jk8s-mz.122-7b.bin? [confirm] %Error deleting flash:c4500-a3jk8s-mz.122-7b.bin (No such file or directory) r1# Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65773t=65529 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Anybody heard of banff counters? [7:65765]
Hey Dave, The loop argument was a little far fetched. Seems anytime anybody calls TAC these days for a switch problem, that is their first answer. Think you probably hit the nail on the head. Thanks for your help. Scott -Original Message- From: MADMAN [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 19, 2003 3:09 PM To: Scott Cc: [EMAIL PROTECTED] Subject: Re: Anybody heard of banff counters? [7:65765] I don't buy the layer 2 loop argument, it's more likely an ASIC problem, the banff is a chipset consisting of three ASICs. Do a sh banff-reset and if you have a large number of reset you probably need to replace hardware. I assume this is a Cat5000 series switch. Dave Scott wrote: They are some sort of counters in engineering mode on the catalyst. The only info. I could find on them says they have something to do with the EARL. TAC is telling somebody that it's a sign of a layer 2 loop. Anybody? Thanks, Scott -- David Madland CCIE# 2016 Sr. Network Engineer Qwest Communications 612-664-3367 I would rather have a German division in front of me than a French one behind me. --- General George S. Patton Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65786t=65765 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrading IOS with new flash on my 2500's [7:65472]
I can honestly say that I've never upgraded my IOS's by console cable. I didn't even know that the 2500 supported that, I only thought that it was the 3600 that supported transfer over the console cable? has anyone done a console cable transfer with a 2500? william, you can do your upgrade in one of two ways, put the new flash into the secondary flash bank and tftp copy to the second flash partition or you can boot to the rom boot-helper with your new flash in the first bank and then tftp. another possibility i suppose you could do is have enough dram memory and do a network boot and then do a tftp copy to the flash. scott Clements, William (Bill) wrote in message news:[EMAIL PROTECTED] All, I recently bought some new flash for my 2500's and would like to know if there is an easier way to upload the newest IOS, other than with the console cable. Thanks, Bill Clements MCSE, CCNP Network Engineer INS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65677t=65472 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE [7:65426]
yes definitly a knock, couldn't remember where I had heard a lot of this before, but the link reminded me. still parts of this were good, some though need some work. perhaps we could all rewrite part of this to come up with a really good job description? I'd change the part at the same time, perform decimal to binary conversion for very large numbers. to 'at the same time, perform hexidecimal to binary to decimal coversions for very large numbers. scott nrf wrote in message news:[EMAIL PROTECTED] Ah, so I see somebody is familiar with Hugh Gallagher's infamous essay. http://urbanlegends.miningco.com/library/blbyol3.htm - Original Message - From: Juan Blanco To: Sent: Friday, March 14, 2003 6:34 AM Subject: CCIE [7:65426] Team, I got this from a friend but I not sure if you have seen this or not but only someone pursuing the CCIE would laugh at it!! In the course of my day-to-day work, people ask me what is a CCIE? I thought about this for some time. I wrote some notes. And this is what I came up with: I am a dynamic figure, often seen scaling 8 foot computer racks and charming magnetic security cardswipes. I have been known to remodel SME networks on my lunch breaks, making them more efficient in the area of capital deployment, reliability and performance. I translate technobabble for Management, I write award-winning technical presentations and deliver them better than an American president announcing tax cuts. I can recite complete chapters of the Cisco Documentation CD, backwards and, with little effort and at the same time, perform decimal to binary conversion for very large numbers. I woo women with my sensuous and godlike MIDI playing on a notebook. I can pilot computer trolleys up severe inclines with unflagging speed, and I can rack Cisco gear faster than Arnold Schwarznegger can bench press. I am an expert in network diagramming tools, a veteran in web surfing, and know the Cisco Web Site better than I know my own family. Just to keep it interesting, I occasionally tread water for three days while programming Cisco practice labs. I manage time efficiently and can complete a timesheet every week. In addition, I know the part number for every Cisco router cable. Using only a Chinese AC power cord and a large glass of water, I once single-handedly rebuilt the network core of major co-location facility after the roof fell in. I used to play games, but now it's serious. I am the subject of numerous urban myths and I am the creator of a few as well. When I'm bored, I test fiber optic cable, calculate power loss sums on UTP and the minimum refraction index for 50 micron multimode fiber. I mean, what IS the point of it ? I understand that DLSW and Source Route Translational Bridging actually has a reason for existence. It's not just IBM playing a practical joke. Really. I enjoy urban guerilla activities. I can build a 802.11b parabolic dish antennae using surplus antennae from defunct satellite companies and a juice can. It has better performance than off the shelf products. I think that having a wind generator and solar array as power backup for my practice lab is not only responsible preparation, it's environmentally friendly too. On Wednesdays, after work, I repair old monitors free of charge for my local charity. I know that canonical to non-canonical conversion is not about religion, it's about ART. Microsoft geeks worldwide swoon over my original line of corduroy evening wear, which I don't understand -- it was supposed to be funny. I don't perspire. I am a private citizen, yet I receive fan mail. I have been caller number ten and have won the cash jackpot. I can speak IPX NLSP, AppleTalk, ATM PVC, QoS, and BGP to name a few, and redistribute routes at will, with filtering, using non contiguous masks. I install IPV6 on customer sites whenever I can, just so I can play with it. Same for OSPF NSSA. Children trust me. I can hurl squishy giveaway tradeshow toys at sales personnel with stunning accuracy, and ensure that the dweeb from administration gets the blame. I have charisma beyond normal mortals; if I didn't the boss would have sent the other guy to this exam. I once read Cisco Quality of Service, Caslow Bridges and Routers 2nd Ed, and Jeff Doyles' Routing TCP/IP Vol2 in one day, and still had time to do practice on a Frame Relay multipoint network, using OSPF and IGRP, split horizon, route maps and ISDN. I know the exact location of every food item in the supermarket and I use a link state protocol to calculate the shortest path to get there. I have performed several covert operations with the CIA. It was kind of fun having them follow me around. I know that security and privacy is a phantasm-like myth created
Re: Layer 3 Switches Vs Routers [7:65215]
In the end, the device either routes or bridges the frames it receives, but takes no action that can be distinctly described as layer three switching. Pete to my basic understanding ALL routing has a switching component to it already, whether we're talking about regular routers or L3 switches. process switching, fast switching, autonomous switching, distributed switching, etc... are all the ways the packets are moved between interfaces on a router. therefore both layer 2 and layer 3 'switch' irregardless of the name on the chassis. I personally view the sole distinction between the standard routers/bridges and the multilayer switches as the use of ASICs. scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65449t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Main Diagnostic Menu on 2501 router??? [7:64427]
thanks for letting us know, it seems rare that people respond and let us know what happened. glad you know whats wrong now! those boot roms only cost about $20 on ebay. scott Jean-Marc Simard wrote in message news:[EMAIL PROTECTED] You were pretty close. I opened it last week and I found 2 Diag roms instead of the needed boot roms. Thanks everyone. JM Scott Roberts wrote in message news:[EMAIL PROTECTED] what I would check isopen up the case and see if there is a credit card/PC card/pcmcia flash memory module inserted into the mainboard (you'll see the slot, its obvious). also make sure there is standard memory inserted in the regular memory slots. lets us know what you find. scott Jean-Marc Simard wrote in message news:[EMAIL PROTECTED] I just bought a 2501 router through Ebay for my CCIP/CCNP study and it's not supposed to have an IOS on it. When I power it up, instead of getting the rommon prompt, I get the Main Diagnostic Menu as shown below. If I execute the diag tests offered all the tests pass, but I just can't get past this menu. Can someone, please, tell me what is wrong with it or how I can work around it? Thanks a lot JM (I had some problems with my mailer, so sorry if it gets posted twice) --- (output at power up)-- cisco Systems Diagnostic Monitor Testing boot state Exiting boot state Testing Main Memory from 0h to E000h. data equals address Testing Main Memory from 0h to E000h. checkerboard Testing Main Memory from 0h to E000h. inverse checkerboard Clearing bss Enabling interrupts Exiting init Diagnostic Monitor for CANCUN, Version 1.7.4(4) Compiled by haidung on Wed 19-Nov-97 14:26 Main Diagnostic Menu a: alter diag flags b: basic utilities c: do all diags in this menu d: do group of diags in this menu e: bus error test f: image checksum test g: timer interrupt test h: size memory i: main memory test j: main memory parity test k: shared memory test l: shared memory parity test m: flash memory test n: nvram test o: aux port test p: serial cookie test q: serial interface test s: ethernet (Am79C90-LANCE) test FLAGS: Continuous OFF Stop on error OFF Ext. loopback ON Abbr. test OFF enter Main Diagnostic Menu item --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65451t=64427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Question [7:65095]
strange that it would create another translation instead of using the old one?? I suppose its more an error in the client software thinking it still has a valid server connection and tries to open a brand new one then. the only thing that comes to my mind would be to expire your translations faster, but I've never done this, so I don't even know if its possible. scott Manny wrote in message news:[EMAIL PROTECTED] I ran into a situation today where we had a machine that was trying to FTP through the firewall. We allow FTP outbound. The problem that came up was that the user had no idea that an FTP client was setup on his machine. The FTP client (spyware) kept trying to connect to a server (ispynow.com) using the incorrect user name and password. For every attempt an xlate entry was created. It created about 7000 entries in a matter of minutes. The firewall was paralyzed. I had to console in and look at the xlate table. Even through the console I had a hard time viewing the table. Is there any way to prevent this from happening again?This is the second time this year an incident of this nature with the xlate table has occurred. How can I monitor the xlate table for strange behavior? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65331t=65095 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: slow wan connection [7:65165]
my guess is similair to guys, I think you might be getting some routing issue with packets not going optimally between your two carriers. obviously try tracing and better than that use the ip option for recording routes. see how the packets are really negotiating the outside. scott Lupi, Guy wrote in message news:[EMAIL PROTECTED] Are both of these T1s from the same provider, or is one from Sprint and one from Qwest? From looking at your NAT pools, and the whois information (below), it appears to be one from Sprint and one from Qwest. I am not sure how the router would make the decision when doing PAT, but it is going to pick one of the NAT pools, and then load balance across the T1s (whether per destination or per packet cannot be determined without seeing if CEF is turned on and seeing the whole serial interface configurations). In this scenario, you would be trying to send some packets out to each provider with source IP addresses that are not valid source IPs for that network, this may or may not be your problem. Some portion of your packets may be being dropped by the providers when they see source IP addresses that they did not provide you. Or, all of your packets are sourced from Qwest, since that is the first NAT pool, and you are load sharing outbound, but all return traffic is coming in on the Qwest T1 and using up all your inbound bandwidth. Check to see which one of these is the case, or if neither applies, and get back to us. whois -h whois.arin.net 65.120.161.167 Qwest Communications NET-QWEST-BLKS-4 (NET-65-112-0-0-1) 65.112.0.0 - 65.127.255.255 THREE Z PRINTING COMPANY Q1007-65-120-161-160 (NET-65-120-161-160-1) 65.120.161.160 - 65.120.161.191 # ARIN WHOIS database, last updated 2003-03-11 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. whois -h whois.arin.net 65.160.124.199 Sprint SPRINTLINK-2-BLKS (NET-65-160-0-0-1) 65.160.0.0 - 65.174.255.255 PowerNet Global Communications SPRINTLINK (NET-65-160-124-192-1) 65.160.124.192 - 65.160.124.223 # ARIN WHOIS database, last updated 2003-03-11 20:00 # Enter ? for additional hints on searching ARIN's WHOIS database. -Original Message- From: Terry Oldham [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 12, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: slow wan connection [7:65165] Hello All, I recently posted to the newsgroup about configuring a mulitple T1 connection to a single network. I have since then got the configuration up and running however the connection out to the net is very slow. I cannot seem to figure out why. Here is the basics of the config: Fasteth0ip address 172.16.100.2 ip nat inside Serial0 ip address 144.x.x.x ip nat outside Serial1ip address 65.x.x.x ip nat outside ip nat pool Qwest 65.120.161.167 65.120.161.190 netmask 255.255.255.224 ip nat pool Sprint 65.160.124.199 65.160.124.222 netmask 255.255.255.224 ip nat inside source route-map Qwest1 pool overload ip nat inside source route-map Sprint1 pool overload ip nat inside source static 172.16.100.5 65.120.161.162 ip nat inside source static 172.16.200.5 65.160.124.194 ip nat inside source static 172.16.100.6 65.120.161.163 ip nat inside source static 172.16.200.6 65.160.124.195 ip nat inside source static 172.16.100.7 65.120.161.164 ip nat inside source static 172.16.200.7 65.160.124.196 ip nat inside source static 172.16.100.8 65.120.161.165 ip nat inside source static 172.16.200.8 65.160.124.197 ip nat inside source static 172.16.100.9 65.120.161.166 ip nat inside source static 172.16.200.9 65.160.124.198 ip classless ip route 0.0.0.0 0.0.0.0 65.x.x.x ip route 0.0.0.0 0.0.0.0 144.x.x.x ip route 65.0.0.0 255.0.0.0 Serial1 ip route 144.0.0.0 255.0.0.0 Serial0 ip route 172.0.0.0 255.0.0.0 FastEthernet0 ip http server ! ! access-list 10 permit 172.16.100.0 0.0.0.255 access-list 10 permit 172.16.200.0 0.0.0.255 The Serial interfaces are not showing any kind of problems and packets are going out of each of them. Thanks in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65334t=65165 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
is 10baseT dead? [7:65077]
I don't know why I started to think about this topic over the weekend, but I got to thinking about network design using 10baseT ethernet. I'm a network engineer and work closely with sales. everytime in the past two years we've gone into a project, sales has always used upgrading to 100baseTX as a huge selling point. I can understand this, since the salemen and the customers can readily see 100 as being better than 10, but honestly IMO more than half the users have no reason to upgrade to 100base. plus considering that on many of these projects they don't use anything greater than 100base from the switches to the main server block, so therefore with all the desktops running 100base and browsing the internet, they are technically oversubscribed. what I'm wondering is, how should I say to the salemen that this isn't right, to keep them at 10base for the casual users and only the power users get 100base? I just don't have enough to really take away their best selling point. anyone work in a large company where its implemented like this or is everyone putting the average users desktop to 100base and oversubscribing the uplinks? scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65077t=65077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help In T1 CSU/DSU [7:64962]
what command are you using and what type of line are you trying to connect to? (frame or t1?) what are the specifications of that line? scott Monu Sekhon wrote in message news:[EMAIL PROTECTED] Hi all I have T1 Csu/dsu card on 2691 platform Whenever I execute any service module command it gives the following error Example:command given service module t1 clock source internal %Serive moduule command failed,Lock timeout error Can any body guide me out what is this error why I am unable to execute the commands Thanx in advance Monu Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65083t=64962 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth calculations [7:65008]
what do you mean by bandwidth useage? if you talking about baseband, the entire bandwidth is used. broadband of course would be calculated upon what spectrum range you're using. scott Robert Perez wrote in message news:[EMAIL PROTECTED] Anyone know how the conversion techniques for converting bits, bytes, kilobits, etc, to calculate bandwidth usages? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65084t=65008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 10 half or 100 full [7:64931]
if I understand what you're saying, I think its always been like that, cisco hasn't changed it. you're refering to the fact that the IOS switch don't let you change the speed? I think thats strange also, the set based switch can allow you to change speed, but after the IOS upgrading of switches they don't allow you to change a 10/100 at the switch, but rather require you to configure the desktop to 10 or 100 speed manually. I suppose the idea is that everyone should be using autonegotiation according to cisco. scott John Neiberger wrote in message news:[EMAIL PROTECTED] I wanted to mention that we've been in the process of upgrading our switches, as well, and I discovered that since we've started using the new Cisco switches we've been having all sorts of problems getting the speed and duplex settings set correctly. We've discovered that if you have relatively new NICs with updated drivers, set both sides to AUTO. Never, ever, set only one side to AUTO. I'd also avoid manually configuring the speed and duplex unless you have to do so to fix a specific problem. Here's why: There is no standardized behavior for 100BaseTX when you manually configure settings! The only setting mentioned in the specification is AUTO; the behavior of the NIC with any other setting is up to the vendor and not everyone handles it the same way. Cisco appears to have changed the way they handle it, which is the cause of a lot of our problems. If you hard-set the speed and duplex there are two ways to handle this: 1. Use the configured settings and still participate in autonegotiation only offering the configured settings. 2. Use the configured settings and do not participate in autonegotiation Cisco's new switches seem to use option #2, while a great number of our end devices use option #1. Why is this a problem? Here's what happens when you connection an option #1 device to an option #2 device: #1 participates in autonegotiation, only offer the configured settings. #2 does not participate in autonegotiation at all and will forcefully use the configured settings. #1, seeing that there's nothing on the other side using auto assumes it is connected to a HUB, and just might set itself to 10/Half regardless of the manually configured settings! As you can guess, this is bad mojo. The moral of the story is that you should try to start using AUTO on BOTH sides if you're using newer Cisco switches, in particular the 2950 series. In some cases this won't work and you'll have to resort to manual settings. HTH, John Priscilla Oppenheimer 3/10/03 10:58:56 AM Mike Momb wrote: To all, We recently replaced our Nortel switches and routers with Cisco 2980 switches and 6509 routers. We have two buildings, 10 floors each and a router in each building. We have a combination of NT and Novell servers. After replacing all this equipment, we have noticed that when we access files on the NT servers, the speed is acceptable. When we access files on the Novell servers, it is very very slow. Could the switches or routers be configured incorrectly for IPX. Is there something that we can change. On Cisco's web page it mentioned something about enabling ipx broadcast-fastswitching. Any input or comments would be appreciated. I doubt that ipx broadcast-fastswitching will help you unless you are using an ipx helper-address. With ipx helper-address (just like ip helper-address) you can tell a router to forward a broadcast, which it normally doesn't do. This would be useful for some rare IPX application that sent broadcasts that needed to reach the other side of the router. In typical IPX networks, there's no such need. When there is a need, you can speed it up with the ipx broadcast-fastswitching command. You titled your message 10 half or 100 full. I think this was a Freudian slip. I bet your problem is related to a full-duplex mismatch. Perhaps the NICs in the NT servers negotiated correctly but the NICs in the Novell servers did not and you have a mismatch. With a mismatch, the full duplex side will send whenever it wants. The half duplex will get upset if it sees the other side sending while it is also sending and will backoff and retransmist, leaving behind a CRC-errored runt. That side will reports a collision. The other side will report runts and CRC errors. So, look for lots of Ethernet errors when you do a show int or show port. Also feel free to send us the output of various show commands and your router config. There are some IPX gurus on this list. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com thanks Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64947t=64931 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure
Re: 10 half or 100 full [7:64931]
I see what you're saying now. what would be nice to see is what traffic there is on a protocol analyzer. I would think that #2 should be the situation and your #1 is not the proper negotiation. I've never tried to cpature auttonegotiation with an analyzer before, I wonder if you can even capture that stuff? scott John Neiberger wrote in message news:[EMAIL PROTECTED] No, that's not at all what I was referring to. I'm speaking of the behavior of switch interfaces when they're set to AUTO. Nortel switches (at least the ones that we used) and some older Cisco switches like the 2924XL seemed to behave like Option #1 below, while the 2950 behaves like Option #2. If both the switch and the device are using Option #1 you'll be fine. If you then upgrade to a Catalyst 2950 that uses Option #2, you'll have all sorts of issues that need to be resolved. We've had a mixture of 2924XL and Bay 303/310 switches at our branchse for quite a while with no issues. When we started replacing the Bays with Catalyst 2950s we started having all sorts of problems, and it took quite a bit of research into FastEthernet NWAY/Autonegotiation to determine the problem. Just a forewarning. :-) Scott Roberts 3/10/03 12:12:48 PM if I understand what you're saying, I think its always been like that, cisco hasn't changed it. you're refering to the fact that the IOS switch don't let you change the speed? I think thats strange also, the set based switch can allow you to change speed, but after the IOS upgrading of switches they don't allow you to change a 10/100 at the switch, but rather require you to configure the desktop to 10 or 100 speed manually. I suppose the idea is that everyone should be using autonegotiation according to cisco. scott John Neiberger wrote in message news:[EMAIL PROTECTED] I wanted to mention that we've been in the process of upgrading our switches, as well, and I discovered that since we've started using the new Cisco switches we've been having all sorts of problems getting the speed and duplex settings set correctly. We've discovered that if you have relatively new NICs with updated drivers, set both sides to AUTO. Never, ever, set only one side to AUTO. I'd also avoid manually configuring the speed and duplex unless you have to do so to fix a specific problem. Here's why: There is no standardized behavior for 100BaseTX when you manually configure settings! The only setting mentioned in the specification is AUTO; the behavior of the NIC with any other setting is up to the vendor and not everyone handles it the same way. Cisco appears to have changed the way they handle it, which is the cause of a lot of our problems. If you hard-set the speed and duplex there are two ways to handle this: 1. Use the configured settings and still participate in autonegotiation only offering the configured settings. 2. Use the configured settings and do not participate in autonegotiation Cisco's new switches seem to use option #2, while a great number of our end devices use option #1. Why is this a problem? Here's what happens when you connection an option #1 device to an option #2 device: #1 participates in autonegotiation, only offer the configured settings. #2 does not participate in autonegotiation at all and will forcefully use the configured settings. #1, seeing that there's nothing on the other side using auto assumes it is connected to a HUB, and just might set itself to 10/Half regardless of the manually configured settings! As you can guess, this is bad mojo. The moral of the story is that you should try to start using AUTO on BOTH sides if you're using newer Cisco switches, in particular the 2950 series. In some cases this won't work and you'll have to resort to manual settings. HTH, John Priscilla Oppenheimer 3/10/03 10:58:56 AM Mike Momb wrote: To all, We recently replaced our Nortel switches and routers with Cisco 2980 switches and 6509 routers. We have two buildings, 10 floors each and a router in each building. We have a combination of NT and Novell servers. After replacing all this equipment, we have noticed that when we access files on the NT servers, the speed is acceptable. When we access files on the Novell servers, it is very very slow. Could the switches or routers be configured incorrectly for IPX. Is there something that we can change. On Cisco's web page it mentioned something about enabling ipx broadcast-fastswitching. Any input or comments would be appreciated. I doubt that ipx broadcast-fastswitching will help you unless you are using an ipx helper-address. With ipx helper-address (just like ip helper-address) you can tell a router to forward a broadcast, which it normally doesn't do. This would be useful for some rare IPX application that sent broadcasts that needed to reach the other
Re: Network Design - What Priscilla did NOT cover in her book: [7:64957]
wow, I've never worked on such a large order, but the RFPs I've designed out have never been this much of a joke. it seems that the IT staff of this company had no clue what they wanted or needed and decided to get some free advice! the only similair scenario I can mention is when a small private school was looking to upgrade their network to gigabit (yet never fully utilized the old FE) and were shocked at the cost of the equipment. they dropped the whole upgrade totally at that point. I'm interested in hearing if any others have seen such a poor of a 'scope of work' put out before? scott Symon Thurlow wrote in message news:[EMAIL PROTECTED] Yikes! You must have big plums to persist with a customer like that. It sounds like a disaster waiting to happen! Symon -Original Message- From: The Long and Winding Road [mailto:[EMAIL PROTECTED] Sent: 08 March 2003 19:44 To: [EMAIL PROTECTED] Subject: Network Design - What Priscilla did NOT cover in her book: WAS [7:64842] Symon Thurlow wrote in message news:[EMAIL PROTECTED] Hey Chuck, How did that big design go, the one you mentioned on the list a few months ago? Symon You mean the Never Ending Design? The Nightmare before the CCIE Lab? Here is a brief rundown. I will say in advance that as all of you who work in the real world with real world management, real world customers, and real world situations already know, the real work is at layers 8,9, and 10. Project Summary: large organization, 2000+ employees, 10,000 data ports, 3 dozen locations, with each location being a campus of several buildings or several floors within buildings. The project RFP called for a complete forklift of the existing infrastructure - routers, switches, PBX. It also called for wireless for voice and data. The project goal was to create a network fully capable of providing seamless integrated services for data, voice, and video. Oh yes, there was a three week turnaround deadline for the response, and there was no flexibility in this. Meet the customer date or lose the opportunity. On top of that, as is typical with most RFP's, all questions are to be submitted in writing, and all responses go to all bidders. Clues that something is strange: 1) for any wireless response this complex, detailed site surveys are required. there is not time to do this. answer: well then just do a site survey. besides, we have aerial photographs of all of our locations posted on our web site. you can use those to determine what you need. 2) you're RFP provides numbers of IDF's in each location and total number of ports required. e.g. site X has 7 IDF's and 257 data ports. do you have detail as to how many data ports are in each specific closet? answer: use an average, or come out here and do a site survey and figure it out for yourself. 3) you're RFP calls for L3 switching in each and every closet. Is this necessary, given that there is only a single ingress/egress, and that all sites are hub and spoke? plus L3 is more expensive, and I'm not sure there is anything to gain. answer: we want L3 everywhere. are you saying your ( Cisco ) equipment does not do L3? Customer: oh by the way, we will be opening a new location sometime in the next 18 months. I want you to include that location in this response. 4) how many closets? how many phones? how many data ports? answer: just take locations a,b, and c, and average those out to get the numbers. These were the major things, and should give you a pretty good idea of the upper layer issues. Well, I work my ass off to meet the deadlines. We and a couple of other vendors respond. The presentation meeting takes place with all vendors in the same room at the same time. Oh joy, but at least we can see eachothers' hands. All vendors come back with total cost in the 8-9 million range. Now the customer reveals that his budget is 5 million. This is something that was asked, and which the customer refused to discuss previously. I should add that as this is a non profit organization, and some of the funding is from grant money with particular restrictions, this is not as straightforward in terms of budget as might first appear. The grants will pay for some types of equipment and services, but not others. The 5 mil is for a complete package including data circuits, all equipment, and all services. so subtract the total 5 year cost of data circuits from that 5 mil. divvy up what's left between what the grants will buy and what the customer himself will buy. OK, so now we have to scramble. The customer finally gets a clue that things cost money, and the more you want, the more you have to pay. So - trim your proposals, and get back with just what is required for end to end voice over IP plus new WAN equipment. No wireless. No new switches other than those needed to directly support the IP telephones. back to the drawing board. All non-phone switches are out
Re: Main Diagnostic Menu on 2501 router??? [7:64427]
what I would check isopen up the case and see if there is a credit card/PC card/pcmcia flash memory module inserted into the mainboard (you'll see the slot, its obvious). also make sure there is standard memory inserted in the regular memory slots. lets us know what you find. scott Jean-Marc Simard wrote in message news:[EMAIL PROTECTED] I just bought a 2501 router through Ebay for my CCIP/CCNP study and it's not supposed to have an IOS on it. When I power it up, instead of getting the rommon prompt, I get the Main Diagnostic Menu as shown below. If I execute the diag tests offered all the tests pass, but I just can't get past this menu. Can someone, please, tell me what is wrong with it or how I can work around it? Thanks a lot JM (I had some problems with my mailer, so sorry if it gets posted twice) --- (output at power up)-- cisco Systems Diagnostic Monitor Testing boot state Exiting boot state Testing Main Memory from 0h to E000h. data equals address Testing Main Memory from 0h to E000h. checkerboard Testing Main Memory from 0h to E000h. inverse checkerboard Clearing bss Enabling interrupts Exiting init Diagnostic Monitor for CANCUN, Version 1.7.4(4) Compiled by haidung on Wed 19-Nov-97 14:26 Main Diagnostic Menu a: alter diag flags b: basic utilities c: do all diags in this menu d: do group of diags in this menu e: bus error test f: image checksum test g: timer interrupt test h: size memory i: main memory test j: main memory parity test k: shared memory test l: shared memory parity test m: flash memory test n: nvram test o: aux port test p: serial cookie test q: serial interface test s: ethernet (Am79C90-LANCE) test FLAGS: Continuous OFF Stop on error OFF Ext. loopback ON Abbr. test OFF enter Main Diagnostic Menu item --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64665t=64427 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
EIGRP is a hybrid. It can be said that it is a distance vector routing protocol that acts like a link state routing protocol. Scott - Original Message - From: Johan Bornman To: Sent: Friday, March 07, 2003 7:11 AM Subject: EIGRP for CCIE Written [7:64707] Is EIGRP a Hybrid or Distance Vector protocol? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64721t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP vs HDLC [7:64362]
I guess my understaning is limited, so I'm interested in hearing the results of this also. I've seen the flags left off of various protocols before, but I assumed they were simply being sloppy. I can't understand how any protocol could be transmitted without any flag/preamble at all. scott Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] s vermill wrote: Cisco HDLC just has this: Address - 1 byte Control - 1 bytes Protocol - 2 bytes It's curious that Cisco HDLC doesn't have the flag fields. Maybe they just aren't mentioned in the only document I have on Cisco HDLC?? The 0x7E flag is present in most derivatives of HDLC, including SDLC. It's used to signal the beginning and end of a frame and can be sent multiple times and during silence to keep the link up, from what I remember. Every HDLC derivative I've ever worked with uses the ol' 7E7E idle pattern. Next time I have an o'scope out, I'll take a peek at a Cisco HDLC encapsulated link. Oh, yes, do please get your scope out! :-) I'm really curious about Cisco HDLC and expect the doc I have doesn't tell the whole story. I wonder if a scope would strip out the flags, sort of like an Ethernet analyzer doesn't show the preamble, though. THANKS Priscilla Howard would know for sure, but I thought it was necessary in order for the other end to synch up. Than's the general idea. You don't want to wait until there's data to be transferred before declaring protocol down. Loss of, say, three consecutive idles can trigger a protocol down condition. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64736t=64362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
in real life its hard for me to keep my mouth shut, so even if I intend to be elusive in answers from now on, I'll probably just shoot my mouth off here too and just give the answer. I suppose some of us new-comers will keep you 'old farts' on your toes! ;) (you know who you are!) scott fred barreras wrote in message news:[EMAIL PROTECTED] CiscoPress book for CCNP routing is very specific on changing hello setting and having dead/interval setting changing automatically. I would have given the answer and said where I found it. What some people are suggesting is that when anybody posts a question the answer should be, buy my book. If people do not to want help other people out, or at least point them in the right direction, then what is the point of groupstudy? Just like any other sire, this one is also not perfect. I guess I just have to learn whose threads to bypass and not read at all. Just curious. nilesh bothra wrote: Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64737t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Silly EIGRP question [7:64259]
never heard of that command...doesn't exist to my knowledge (at least on 12.0) scott Shyam, Sharma S (CAP, GECIS) wrote in message news:[EMAIL PROTECTED] Missed the command show ip eigrp timers rgds -- From: Shyam, Sharma S (CAP, GECIS) Reply To: Shyam, Sharma S (CAP, GECIS) Sent: Thursday, March 06, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Silly EIGRP question [7:64259] Michael I am not much experiencd but can we use for this. Rgds Sky -- From: Michael Williams[SMTP:[EMAIL PROTECTED] Reply To: Michael Williams Sent: Tuesday, March 04, 2003 6:41 AM To: [EMAIL PROTECTED] Subject: RE: Silly EIGRP question [7:64259] Priscilla Oppenheimer wrote: A protocol analyzer? ;-) And one that does a decent job with EIGRP. A lot of them don't. I think EtherPeek does in its latest software. Network Associates does a good job with EIGRP. I'll span a the port connecting out WAN router to the core switch (I'm 99% sure we're getting hit with updates from the WAN). We use NA, but haven't had the need to use it for EIGRP.. You can turn the router into a troubleshooting tool with the various debug commands, of course. There's quite a few for EIGRP and at least one would give you the info that you seek, (probably debug eigrp packet). But, you didn't want to use debugging, for good reason probably. Yeah we don't take debugging on the core routers/switches to easily =) Ever since a new guy decided to debug EIGRP in an EIGRP storm without a no logging console. Thanks! Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64740t=64259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
I agree completely. I think the whole hybrid was a marketing department decision. I'm just glad to find out I wasn't the only one who thought this. scott Peter van Oene wrote in message news:[EMAIL PROTECTED] At 03:54 PM 3/7/2003 +, The Long and Winding Road wrote: Peter van Oene wrote in message news:[EMAIL PROTECTED] At 12:11 PM 3/7/2003 +, Johan Bornman wrote: Is EIGRP a Hybrid or Distance Vector protocol? Cisco calls it Hybrid. It looks pretty distance vector to me though. in what way? the hop count is pretty well hidden in the dark interior of the code. all those cost numbers, the ( also somewhat hidden ) topology table, and the ( somewaht hidden ) successor table certainly give it the appearance of link state. In a link state algorithm, a router builds a complete topology table for the bounded area in which it operates and then uses a spanning tree like algorithm (dijkstra in most cases) to calculate loop free paths. EIGRP simply does not do this. Primary and secondary paths in EIGRP are calculated based upon indirect information relayed by direct neighbors only using an advanced distance vector algorithm (DUAL). I think Cisco likes to call it Hybrid since many folks feel distance vector routing is inferior to link state and thus by labelling EIGRP as the best of both approaches, Cisco has put a positive spin on the protocol. This is typical marketing garbage from one of the best spin companies on the planet (in a neck and neck race with Microsoft and Harley Davidson for that matter) Pete Chuck who considers all this stuff a kind of magic A hello mechanism and adjacencies does not a link state one make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64741t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: it started out as a really good idea ... [7:64638]
nice catch daniel, I've never used that before, will be mulling this one over in my lab for the next week. learn something new everyday, scott Daniel Cotts wrote in message news:[EMAIL PROTECTED] standby track (interface) might do the trick. http://www.cisco.com/warp/public/619/6.html I've never seen HSRP on both sides of a router. Maybe each side could track the ethernet interface on the other side. If the far side goes down then the monitoring side decrements its priority and allows the other router to take over. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Thursday, March 06, 2003 6:52 PM To: [EMAIL PROTECTED] Subject: Re: it started out as a really good idea ... [7:64638] Larry Letterman wrote: that was my answer as well...the broken connection will black hole the path on one side or the other... Larry Letterman Network Engineer Cisco Systems Whew! I wasn't losing it. :-) For this to work, you would need a way to tell Router 1 (as well as Router 2), if my E0 interface goes down, make sure I'm not the default gateway on my E1 interface. (And vice versa.) Maybe you can do that with HSRP? I don't know how though. HSRP does have an advanced feature to avoid LAN users using a default gateway that has lost its access to the rest of the network on its other interface. I can't remember how to do that, but it's supported somehow, from what I understand. But I don't think that helps. It's not the same as no longer being the default gateway for the LAN that reaches the rest of the network because you're no longer the default gateway on the local LAN. Sorry if that's convoluted. I can't think of a better way of saying it! ;-) I think a routing protocol solves the problem too, but there are some gotchas. Assuming I understand his topology correctly, with a distance-vector routing protocol, Router 2 would not send via its E0 interface a route that tells Router 1 that Router 2 can get to network 10.3.0.0, due to split horizon. That's fine. However, Router 2 would tell Router 1 this information via its E1 interface. When there's no problem, Router 1 would ingore this information because Router 1 can get to network 10.3.0.0 directly already. Now Router 1's E0 goes down. After the route comes out of holdown (could be a long time for some routing protocols) Router 1 will accept Router 2's offer to send to network 10.3.0.0. Now, it gets a little hairy. Packet comes in on Router 1's E1 interface destinated to 10.3.x.x. (That's the ping reply from PC 2 to PC1.) Router 1 should send the packet back out E1 and let Router 2 pick it up. Router 1 may send an ICMP redirect too, which would avoid the extra hop in the future, except that ICMP redirects are often disabled with HSRP. I think that would work? It's not too pretty, but that's OK, he said it was a lab network. :-) I think the general-purpose answer is that the original poster did sort of misunderstand HSRP's purpose. In a hierarchical network design, you probably wouldn't have a router that was a default gateway on both sides of it. Instead, you might have two routers on a LAN acting together (with HSRP) as the default gateway. Both these routers can also get out to the rest of the network, for example the rest of the enterprise network or the Internet, so it doesn't matter which one gets used. Priscilla - Original Message - From: Priscilla Oppenheimer To: [EMAIL PROTECTED] Sent: Thursday, March 06, 2003 3:23 PM Subject: Re: it started out as a really good idea ... [7:64638] Um, he already has both the E0s in the same subnet and both the E1s in the same subnet, according to his config. His drawing is confusing but I think he's got PC1 and both E0s in subnet 10.3.0.0/16, say on a hub or a switch. He's got PC2 and both E1s in subnet 10.4.0.0, on another hub or switch. If the problem isn't related to misconfiguration of the default gateway on the PCs, I do have another theory. :-) Say he pulls the E0 cable on Router 1. No problem, PC1 will start using Router2. Then he pings from PC1 to PC2. The ping will probably get there but what about the reply coming back? What happens if PC2 is using Router 1 and Router 1 has no way to send PC2's packet from itself to Router 2 due to the missing cable, not to mention lack of any routing protocol configured. Think about it! :-) Priscilla The Long and Winding Road wrote: garrett allen wrote in message news:[EMAIL PROTECTED] i have a need for a high availability solution for a default gateway configuration. just finished the ccdp and thought it might
Re: network design [7:64422]
I guess I'm the only one with the problem of that many then. I'll take your words for it that it works OK, but I still keep thinking back to that one study (don't recall its name), and can't help but think effiecency would go by some noticeable degree. anybody can through switch and hubs around, we're supposed to do it right, not just to get by. I mean if 700 is ok, then why not 1000? at some point you have to agree there is going to be a performance hit. hasn't any manufacturor thought to retest this performance issue with the newer equipment? scott Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] Great answer Chuck. It sounds like you figured out his/her basic needs, though we would need more detail to provide a detailed design, of course, and payment for design services. :-) Well, actually your idea of asking a vendor to do an RFP might mean a free design (that would be biased toward the vendor, of course, but still a good start.) I'm not in disagreement that today 700 nodes in one broadcast domain might be OK. In other words, I would probably recommend no VLANs as a start. VLANs complicate matters. If the network admins are somewhat new to networking, they should avoid VLANs to start. The reason 700 nodes in one broadcast domain could work is because NICs and CPUs are really not bothered by broadcasts like they were in the mid-1990s. They are much fast, have better buffers, etc. Some would argue they never were affected as much as Cisco claimed! I help out once in a while on a city-wide school network with that many nodes in one broadcast domain. It has all the risk factors: Lots of AppleTalk traffic Lots of Novell traffic Lots of NetBIOS traffic Lots of IP traffic Ancient PCs with slow CPUs There are no performance issues. Priscilla The Long and Winding Road wrote: ferry ferry wrote in message news:[EMAIL PROTECTED] I need a scheme of network.It need seven hundreds points.please give me some advice on how to design it.It include that how to select network product,product configuration.They are seted in a building.It have twenty layers. Let's see if I understand you correctly. A company is located in a multistory building. There are 700 users spread out among 20 floors. So on average there are 35 users per floor. I'm going to assume a single data center with your servers and internet connection. Got fiber running from your data center to the various floors? How is this structured? how far from the dataccenter to each of the floors? the answer to this will help determine if you use a collapsed backbone or if you connect your switches in series. do you have groups of users who should logically be separated from eachother. Some companies like their payroll department to be on a separate network from other departments, for example. are there some services that need to be separated and unavailable to some users? These days, 700 uses, particularly in a switched environment, is not such a large braodcast domain ( stop grinding your teeth, Priscilla ;- ) but still, you might just want to separated out logical groups into vlans. or maybe do it by grouping a couple of florrs together into vlans. my knee jerk thought, not knowing too much about the particulars, is determine your port counts per floor, determine connectivity - fiber runs between closets, and where those runs terminate. if it's copper, you got troubles :- determine your logical / vlan structures. who needs to see what and when. Then go through the provisioning process. Don't be afraid to call in a couple of vendors to help you. ask for proposals. If you have a vendor who works closely with you and wants to help educate you, that's your guy ( or gal, for the politically correct ) hope this helps you get started. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64756t=64422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Teminal server problems [7:64746]
you didn't show your interface configuration, do you have at least one not shut down with the ip address 1.1.1.1 ? scott McHugh Randy wrote in message news:[EMAIL PROTECTED] I cant seem to access any of my routers from the term server . Here is the config and what errors i am getting ! ! ip subnet-zero no ip domain-lookup ip host r1 2097 1.1.1.1 ip host r2 2098 1.1.1.1 ip host r3 2099 1.1.1.1 ip host r4 2100 1.1.1.1 ip host r5 2101 1.1.1.1 ip host fr 2102 1.1.1.1 ip host cat 2103 1.1.1.1 ! TS# TS#clear line tty 97 [confirm] [OK] TS#clear line tty 98 [confirm] [OK] TS#clear line tty 99 [confirm] [OK] TS#clear line tty 00 ^ % Invalid input detected at '^' marker. TS#clear line tty 100 [confirm] [OK] TS#clear line tty 101 [confirm] [OK] TS#clear line tty 102 [confirm] [OK] TS#clear line tty 103 [confirm] [OK] TS#r1 Translating r1 Trying r1 (1.1.1.1, 2097)... % Destination unreachable; gateway or host down TS# Any one have any suggestions? I am working remotly. Randy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64747t=64746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Dynamic Natting with a CISCO 1601R [7:64757]
try putting more memory in, the max i think is 24, but default is like 12. ios 12.0 requires 8MB, so you're only really working with 4MB. scott Hyman, Craig wrote in message news:[EMAIL PROTECTED] ALL- I am having a problem with Dynamic Natting using a 1601R router over Frame Relay. Every time I set it up to use over 60 addresses the router hangs or reboots. I am using IOS 120221a IP PLUS I am being told by CISCO that this IOS is not specifically used for any form of natting. What do I do if I need to use Dynamic or PAT NAT Mapping? Any help would be well appreciated? Thanks in Advance SRS Implementation Team SRS Tier 2 Pager# 1-888-860-5913 Virtual Office# 303-604-0037 SUN Office# 303-272-2661 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64765t=64757 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
It was my understanding that EIGRP only notifies its neighbors of topology changes the same way OSPF works. This is in contrast to RIP which sends out an update at specified intervals (30 secs for RIPv1) regardless of whether a topology change or not. Scott - Original Message - From: John Neiberger To: Sent: Friday, March 07, 2003 2:02 PM Subject: Re: EIGRP for CCIE Written [7:64707] This really isn't the case. EIGRP is purely distance vector. In no way does it behave like a link state protocol. It establishes neighbor relationships and it uses hellos, as do OSPF and IS-IS, but those have nothing whatsoever to do with whether protocol is DV or LS. Some people get hung up on the complex metric, but who says DV protocols have to use only hop count? The actual operation of EIGRP is DV. There are no LS components to EIGRP. Regards, John Scott Terminiello 3/7/03 8:28:00 AM EIGRP is a hybrid. It can be said that it is a distance vector routing protocol that acts like a link state routing protocol. Scott - Original Message - From: Johan Bornman To: Sent: Friday, March 07, 2003 7:11 AM Subject: EIGRP for CCIE Written [7:64707] Is EIGRP a Hybrid or Distance Vector protocol? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64761t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISDN switch (beyond simulator) [7:64628]
if you didn't need the the simulated telco switch d-channel, then your best bet would be to use a PBX system. in other words, if you simple needed the lines to be circuit switched like a isdn cloud would do without the actual isdn protocols. this is basically putting in an NT2, but bypassing any need for a NT1 by not having any real outside isdn service. scott Howard C. Berkowitz wrote in message news:[EMAIL PROTECTED] We've all dealt with ISDN simulators, that look like a CO to a single or small set of interfaces. I'm dealing with a situation where I need to interconnect several simulated training sites (i.e., physically in the same room) and telephony servers through a PSTN simulation. In other words, I need a small CO switch, with the ability at least to interconnect several trunks (probably both T1 EM and ISDN PRI), with a static calling plan among tens of telephones. The switch would emulate several end offices, plus the PSTN interoffice connectivity between them. For the latter, however, I don't need to have physical interoffice trunks as long as I can simulate their effect in a dialing plan. The switch should also be able to simulate dedicated data links between sites. In the real world, this is no problem to do with off-the-shelf equipment that would support thousands of lines. Within the Cisco product line, I suspect I get close with an MGX or the like, but probably fall short in circuit-switch call supervision and routing. Thoughts? I'm going to review my Nortel Passport documents to see if it has the loop supervision capabilities available; I vaguely remember a version that might. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64648t=64628 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cheap Domain Name register? [7:64557]
considering that register.com provides DNS service also, I think its cheap. for eample, Time Warner charges $4/months for DNS service! scott Wes Stevens wrote in message news:[EMAIL PROTECTED] Any advice on a cheap and good domain name register? I am tired of paying out the nose for register.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64661t=64557 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Password recovery without reload? [7:64453]
next question is, who or why did they let the last admin near the servers/routers after he was fired? President Bigshot: sorry bob, I'm going to have to let you go Bob: no problem, I'll just go get my things next day President Bigshot: bob? you're still here? I thought I fired you yesterday? Bob: oh yes you did, I just had a few loose ends to tie up, all done now, bye! oscar wrote in message news:[EMAIL PROTECTED] but the pribles is that there is not only a password but a login. So I'm gonna need 3 years to discover the login/password :-( - Original Message - From: Troy Leliard To: Sent: Thursday, March 06, 2003 12:48 PM Subject: Re: Password recovery without reload? [7:64453] You can always try a brute force password attack. Solarwinds have some apps that do this, (that you can get on 30 day trial too ) M.C. van den Bovenkamp wrote: oscar wrote: SNMP is not an option because it is disabled. In fact the startup-configuration wasn't erased by mistake. The last admin did it because he was fired. Oh what fun. In that case you're out of luck. I think. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64662t=64453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF attempting to form adjacencies with non-DR/BDR [7:64664]
it might be interesting to see what would happen if you put their priorities up and rebooted the existing DR/BDRs, let them complete their adjacencies and then put them back down to normal (or even 0). then see if the behavior goes back to the previous. after that I'd try a different IOS image and report it as a bug. what IOS are you using right now anyway? scott Kelly Cobean wrote in message news:[EMAIL PROTECTED] Hey all, I'm seeing some weird behavior on a pair of 6509's that I can't explain. These two 6509/MSFC's are on an ethernet segment with two other routers that are the DR and BDR. The DR and BDR have formed adjacencies with the 6509s and with each other, the weird thing is that the 6509's are constantly trying to form adjacencies with each other. My understanding of OSPF was that routers on broadcast media only form adjacencies with the DR/BDR. Is it within the operation of the protocol that non-DR/BDR's will just continually try to form adjacencies with each other and fail from the 2-way state? These two 6509's do just that...They sit in 2-way state until the timeout expires, then they fall-back to a down state, then start all over again. Any idea's on what's going on? Configs are very basic, no tricky stuff. debug ip ospf adjacencies/events show's nothing out of the ordinary. Confused, Kelly Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64664t=64664 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: creating console cable for cs11152 [7:64368]
I see what you're after now. yes you can do this. the adapters are the trick here. cisco will use a rollover cable to essentially pair wire 1 on one end to wire 8 on the other end (2 to 7, 3 to 6, etc...). in theory what this does is reverses the the Tx and the Rx and the other corresponding wires for flow control and modem control. the adapter then comes in for when you plug it in to the interface. for example if I have a eia-232 configuration, then my adapter will have to be wired correctly to place the correct pin from the adapter to the correct wire on the rollover cable. same thing can be said if I have a v.35 cable, I need to have the adapter connect the Tx pin to the Tx wire of the cable. this is why cisco advertises their db-60 interface as being 5-in-1, because depending on how the pins match the wire, they have 5 different specifications possible(one being eia-232) now sticking to eia-232, the specification calls for 8 pins, which is perfect for 8-wire cable and thus why cisco uses it for all their modular console ports. now the adapters come into play. the adapters can serve one of two purposes, 1) straight-through or 2)rollover. if the cable you use is a rollover, well then the wires have already turned the Tx into a Rx wire and thus your adapter needs to be straight-through to accomplish having the ends stay Tx to Rx. if the cable you use is straight, well then the wires are Tx to Tx and thus you'll need an adapter to change the Tx to the Rx. now heres the kicker and the reason I suspect you're having problems. this whole discussion of Tx going to a Rx end-to-end depends on the fact that the console port of a router (or a CSS) is a DTE and your PC serial port is a DTE and thus needs to be rolled-over. on the other hand some older cisco equipment had their console ports configured as DCEs, which might very well be you case. so what to do? put the adapter onto your computers serial port, plug the cisco rollover cable into it and then right into the console port of your css. if it works you're done, if not get a standard straight-through cat5 cable to use instead of the cisco rollover, that one will then work. Sam Sneed wrote in message news:[EMAIL PROTECTED] When i plug rollover cable that i use for routers into routers console it works. When I plug it into CSS11152 console it doesn't work When I use the CS11152 adapter on rollover it does work. What I'm trying to figure out is what do I have to do to a cat5 cable to make it work without the CSS11152 adapter. Scott Roberts wrote in message news:[EMAIL PROTECTED] hopefully this time priscilla doesn't chastise me for helping out with CCO material!! ;) the link you supplied clearly states that its 9600 baud rs-232 and the table below it doesn't say anything in regards to pinouts for any console port. the rs-232 specification IS the pinout specification. CSS 11050 Front Panel Connectors and LEDs All front panels of the CSS 11050 models contain connectors and LEDs that vary according to their model number. For example, the CSS 11051 in Figure 2-3 has: a.. 1 RS-232 Console connector (9600 baud) b.. 1 RS-232 Diag connector, reserved for field service use only (115,200 baud) c.. 8 10/100-Mbps auto-sensing Fast Ethernet connectors and their associated Link/Activity status, 10/100 (Mbps), and Duplex (Half or Full) LEDs d.. Power, Status, and Ready LEDs Sam Sneed wrote in message news:[EMAIL PROTECTED] Actually its not. You need a special adapter to console into these switches. They come with them but I only have 1, I need 4. On Cisco's site they have the following but it looks like a typo http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_ guide_chapter09186a00800df9d6.html#xtocid3 if you look at the table they RXD and DSR both going to to pin 3. Scott Roberts wrote in message news:[EMAIL PROTECTED] the console port is identical to every other cisco router (eia-232, 9600 baud). http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918 6a0080094ce6.shtml scott Sam Sneed wrote in message news:[EMAIL PROTECTED] Has anyone done this before? I have a few CSS but don't have the adapters for console ports. I'm hoping I can create my own cable using cat5. If someone could enlighten me on how to do this that'd be great. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64506t=64368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 10 half or 100 full [7:64482]
yes cat3 can be used for 100base, but only wih 100baseT4 and chances are that the cards in your workstations are only TX. so its safer to run 10base over cat3 cabling. scott Mike Momb wrote in message news:[EMAIL PROTECTED] To all, I know this subject has been talked about on a workstation level but I want to ask it on a network level. We recently replaced our Nortel network with Cisco switches and we seem to have a slowness level across the network at certain times. We have a raging debate on what speed to set the NIC cards and switches. Some folks say set the switches and PCs at 10mb half duplex and others say set them at 100mb full duplex and still others say auto on both ends should work. It has been my experience that auto has never worked very well. My question is this, what has been this groups experience on how to set the ports for the maximum bandwith. We are using a combination of Cat 5 Cat 3 cables. Any advice would be appreciated. thanks Mike Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64520t=64482 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Password recovery without reload? [7:64453]
what? you don't have all your passwords printed out in large type on a sheet of paper taped to the equipment rack? what kind of operation you running there? :- damn I really did LOL at this! sorry oscar I think you're screwed without some form of password, the snmp idea is good, but the question is do you have it setup for snmp? scott The Long and Winding Road wrote in message news:[EMAIL PROTECTED] oscar wrote in message news:[EMAIL PROTECTED] Can I see the configuration of a Cisco router without a password recovery? The problem is that the configuration was removed from the startup-config by mistake and nobody remember the password and a password recovery here means loose the configuration. what? you don't have all your passwords printed out in large type on a sheet of paper taped to the equipment rack? what kind of operation you running there? :- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64538t=64453 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help Pix 501 [7:64278]
I agree with richard the only way you're going to do this with a single ip address is by setting up a vpn and then telneting as a second step. scott Richard Deal wrote in message news:[EMAIL PROTECTED] Juan, The PIX does not permit you to telnet into it from the outside interface--this is a security feature. There are two solutions available: SSH and a VPN. My recommendation is to go the hard route and set up a remote access VPN connection to the PIX--SSH has been shown recently to have some vulnerabilities. Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Juan Blanco wrote in message news:[EMAIL PROTECTED] Team, I want to be able to telnet to my internal network(terminal server) via the Pix 501, I have a connectivity via my cable provider, I have only one IP address. Before using the pix I have a router and I used to telnet to it from the Internet then connect to my terminal server, now I can't do it because there is no telnet capabilities from the Pix 501, Remember I have only one IPAny ideas how to do thisI looked in the Cisco Web and the examples that I was able to find they assume that I have more than 1 IP which is no my case.At the present time I have not problem connecting to the Pix from the Internet I really appreciate your help. Thanks, Juan Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64364t=64278 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PPP vs HDLC [7:64362]
I've never heard efficiency as a reason to use PPP over HDLC. there are more options with PPP, but otherwise both are based upon SDLC and therefore nearly identical from a protocol perspective. I suppose HDLC are a couple bytes smaller, but this would be negligable. I'd say if your PPP is configured and working fine, why bother to go through the motions of changing for a 0.1% benefit? scott Stuart Pittwood wrote in message news:[EMAIL PROTECTED] It has been mooted to me that we might get better performance from our 1Mb line by using HDLC rather than PPP. Is this correct? If so is it just a case of changing the Encapsulation PPP to Encapsulation HDLC on both ends of the link? Are there any implications I should be aware of? Thanks _ Stuart Pittwood, MCSE IT Technician Amery-Parkes Solicitors Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64365t=64362 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
shoulds like you're trying to answer a trick question on a test? I suppose The Long and Winding Road wanted you to work for your answer, but I'll come out and tell you. ospf defaults the dead-interval/hold-time as a multiple of the hello time, so if you change the hello time the dead interval changes automatically also. scott nilesh bothra wrote in message news:[EMAIL PROTECTED] Q. Change OSPF dead interval to 60 seconds. You are not allowed to use the command 'ip ospf dead-interval for accomplishing this task. Suggestions pls Nilesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64387t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: My Favorite Topic - RIP route propagation / redistribution [7:64388]
In my setup I saw that so long as I had the 200.0.0.4 address on the R4 loopback that the 200.0.0.0/24 refused to propagate. it did not show up in the R4 table. it has to be in your R4 routing table as a directly connected subnet. I suppose what you mean is that it doesn't show up as either a ospf or rip dynamic route. every router should send an update that its in their routing table, but because of administrative distances, the directly connected one always wins with a 0 distance. if he's getting something dynamically sent, I'd say he either didn't put the address/mask correctly on r4 or he changed administrative distances. scott The Long and Winding Road wrote in message news:[EMAIL PROTECTED] Cisco Nuts sent me this one off line. R3---R4---R5 OSPF RIP R4 redistributes RIP to OSPF and visa versa each router has a loopback with an address of 200.0.0.X / 32, where X is the router number RIP version 1 on R4 and R5. The loopback on R4 is in the OSPF domain, and the loopback on R5 is in the RIP domain. CN apparently did not see the same phenomenon that I did. In his setup, he saw the summary-address of 200.0.0.0/24 propagated onto R4. In my setup I saw that so long as I had the 200.0.0.4 address on the R4 loopback that the 200.0.0.0/24 refused to propagate. it did not show up in the R4 table. damn, I forgot to ask his IOS version. I'm running 12.1.5T10 solution? has to do with the various ways one can trick RIP into behaving as VLSM capable. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64388t=64388 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: creating console cable for cs11152 [7:64368]
the console port is identical to every other cisco router (eia-232, 9600 baud). http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918 6a0080094ce6.shtml scott Sam Sneed wrote in message news:[EMAIL PROTECTED] Has anyone done this before? I have a few CSS but don't have the adapters for console ports. I'm hoping I can create my own cable using cat5. If someone could enlighten me on how to do this that'd be great. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64393t=64368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NAT ON PIX QUESTION [7:64398]
basically yes, I think your statement is correct. 1) I haven't configured a PIX recently, but I don't recall it requiring an access-list for static address translation, since the port is actually part of the static (or conduit) command. Now I'm sure you'd want a ACL, but simply for the same reason you'd put it on any interface, nothing specific to NAT though. 2) as far as dynamic being one way, thats correct, but the way you worded the sentence seems to imply that its also a one way from outside to inside. dynamic is always inside to out and is blocked outside to inside. scott Sam wrote in message news:[EMAIL PROTECTED] Hey Guys. First of all, there aren't any words to express my appreciation for this list and all the guys who are always so helpful in here. These questions are regarding NAT in reference to PIX only. 1)Static NAT works both ways. From outside to inside and vice versa. However, You need an access-list configured if you are accessing from a lower-security interface to a higher-security one. 2)Dynamic NAT on the contrary doesn't work both ways. Connections can be initiated only from one interface to another and the other can only reply statefully. Am I right? Eg: If I configure an internal network(10.0.1.0) to translate to 64.4.4.10-64.4.4.30, 30 connections can be initiated towards the internet and they would work fine. Replies can be sent back to those initiated connections but no connections can be initiated from the Internet to the internal network. Hence, I call it stateful. Am I right about this full statement? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64404t=64398 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: creating console cable for cs11152 [7:64368]
hopefully this time priscilla doesn't chastise me for helping out with CCO material!! ;) the link you supplied clearly states that its 9600 baud rs-232 and the table below it doesn't say anything in regards to pinouts for any console port. the rs-232 specification IS the pinout specification. CSS 11050 Front Panel Connectors and LEDs All front panels of the CSS 11050 models contain connectors and LEDs that vary according to their model number. For example, the CSS 11051 in Figure 2-3 has: a.. 1 RS-232 Console connector (9600 baud) b.. 1 RS-232 Diag connector, reserved for field service use only (115,200 baud) c.. 8 10/100-Mbps auto-sensing Fast Ethernet connectors and their associated Link/Activity status, 10/100 (Mbps), and Duplex (Half or Full) LEDs d.. Power, Status, and Ready LEDs Sam Sneed wrote in message news:[EMAIL PROTECTED] Actually its not. You need a special adapter to console into these switches. They come with them but I only have 1, I need 4. On Cisco's site they have the following but it looks like a typo http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_installation_ guide_chapter09186a00800df9d6.html#xtocid3 if you look at the table they RXD and DSR both going to to pin 3. Scott Roberts wrote in message news:[EMAIL PROTECTED] the console port is identical to every other cisco router (eia-232, 9600 baud). http://www.cisco.com/en/US/products/hw/accessor/ps107/products_tech_note0918 6a0080094ce6.shtml scott Sam Sneed wrote in message news:[EMAIL PROTECTED] Has anyone done this before? I have a few CSS but don't have the adapters for console ports. I'm hoping I can create my own cable using cat5. If someone could enlighten me on how to do this that'd be great. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64405t=64368 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ip ospf dead-interval [7:64311]
good point, I'm new to the forum and wasn't quite sure of what approaches to answers people expected. I do like his approach to answering it, because if you look at the link, the answer is in there (with the use of some deductive logic). the only thing that worries me though, is that if people never get a straight answer, will they then stop asking questions? its nice to see an open forum about cisco networking thats actually well populated, I'd like to support it as much as I can. scott Priscilla Oppenheimer wrote in message news:[EMAIL PROTECTED] Scott Roberts wrote: shoulds like you're trying to answer a trick question on a test? I suppose The Long and Winding Road wanted you to work for your answer, but I'll come out and tell you. Why did you come out and tell the original poster the answer? Wouldn't the poster learn more from working it out? I liked The LW Road's answer much better. :-) Wouldn't the poster be a better representative of the relevant certification having worked it out? For example, if the poster is going for CCNP and manages to pass because people provided answers instead of methods for figuring out the answer, is that a good thing for the rest of us who wish CCNP to be a respected certification? The poster asked for suggestions, not answers, and that's what we should have provided. Hopefully the poster will try this in a lab. There is at least one minor gotcha that I can think of. Hey, you had to expect to get slammed for this! ;-) I'm doing this with all due respect and a recognition of how fun it is to give an answer. I think a lot of us participate on the list partly to give answers because it's fun and a nice ego stroke, myself included. But the real goal of Group Study is to help people learn. Priscilla ospf defaults the dead-interval/hold-time as a multiple of the hello time, so if you change the hello time the dead interval changes automatically also. scott nilesh bothra wrote in message news:[EMAIL PROTECTED] Q. Change OSPF dead interval to 60 seconds. You are not allowed to use the command 'ip ospf dead-interval for accomplishing this task. Suggestions pls Nilesh Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64409t=64311 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: can one someone pls recommend [7:64380]
boy you don't give up do you!! have you tried the http://www.ccbootcamp.com/index.asp scott Mirza, Timur wrote in message news:[EMAIL PROTECTED] a hands-on lab training course for the ccie lab exam...i want to prepare myself for my 6th attempt...i believe there was ecp course but i don't have the details...thx in advance Timur Mirza Principal Network Engineer Enterprise Core Network Verizon Wireless 15505-B Sand Canyon Avenue Irvine, California 92618 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64395t=64380 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: routername(boot) ??? [7:64188]
(boot) is for boot-helper image. That means that the configuration registers were set in a manner to either purposefully boot to boot helper mode or to boot to it if you have an error loading up an image from any other location. The boot helper image is basically a trimmed down version of the regular IOS images. You use it to have more functionality than the rommon. To get rid of it (which is technically not possible since they're on ROM chips), you should check to see what your config-registers are set to by using show version. Set them to 0x2102 to boot up the first regular IOS image it encounters on the flash memory. If the registers are already set to this, then you might not have a bootable image on flash (check this by show flash). Hope this helps, scott -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Saturday, March 01, 2003 6:53 PM To: [EMAIL PROTECTED] Subject: routername(boot) ??? [7:64188] I have recently received some routers for a home lab. When I boot one it displays the following. routername(boot) what is this (boot) mean and how do I get ride of it? I've worked on routers before and never seen this. Thanks in advance. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64279t=64188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: tftp to flash timeout [7:64226]
He still should be able to place it into flash irregardless of what router its meant for. I think the problem is a size issue. Every 12.0 ios requires 8MB of flash and I suspect the one he's trying requires 16MB. He should use the command no partition first to combine the flash partitions into one (which is 8MB) and then find an image that will require only 8MB. -Original Message- From: Larry Letterman [mailto:[EMAIL PROTECTED] Sent: Sunday, March 02, 2003 9:48 PM To: [EMAIL PROTECTED] Subject: Re: tftp to flash timeout [7:64226] is your text below a typo ? It looks like your trying to put C2500 code on a 4500 router... cisco 4500 (R4K) processor (revision B) with 32768K/8192K bytes of memory. Processor board serial number 04058420 R4600 processor, Implementation 33, Revision 1.0 c2500-ik8s-l.122-6-ipplussec Larry Letterman Network Engineer Cisco Systems - Original Message - From: Jason Steig To: [EMAIL PROTECTED] Sent: Sunday, March 02, 2003 8:24 PM Subject: tftp to flash timeout [7:64226] Copyright (c) 1986-1995 by cisco Systems, Inc. Compiled Wed 01-Nov-95 15:04 by vatran Image text-base: 0x600087E0, data-base: 0x60248000 ROM: System Bootstrap, Version 5.2(7b) [mkamson 7b], RELEASE SOFTWARE (fc1) Router uptime is 33 minutes System restarted by power-on Running default software cisco 4500 (R4K) processor (revision B) with 32768K/8192K bytes of memory. Processor board serial number 04058420 R4600 processor, Implementation 33, Revision 1.0 G.703/E1 software, Version 1.0. X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. 2 Ethernet/IEEE 802.3 interfaces. 4 Serial network interfaces. 128K bytes of non-volatile configuration memory. 4096K bytes of processor board System flash (Read/Write) 4096K bytes of processor board Boot flash (Read/Write) Configuration register is 0x2102 Router(boot)# Here is my 4500M. I'am trying to tftp into flash the new 12.2 c2500-ik8s-l.122-6-ipplussec IOS. however it is failing in the transfer becuase the router timesout. This is becuase of the 16mb limit correct? what do i have to upgrade for the router to stop timing out? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64281t=64226 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Silly EIGRP question [7:64259]
Show ip eigrp neighbor, will show the hold time. The hold time is updated when a hello packet is received. The default hello time interval is 5 seconds so you're neighbors will always be reporting a hold time between 10-15 seconds. scott -Original Message- From: Michael Williams [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 7:59 AM To: [EMAIL PROTECTED] Subject: Silly EIGRP question [7:64259] I know this question sounds silly, but I can't for the life of me figure out how to do this: Short of debugging, how can I tell the last EIGRP update that was received on a router, from what neighbor that update came, and for what network(s) it updated? I know I can 'sh ip prot' and see when the last update was, but this isn't what I'm looking for. TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64284t=64259 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: pinout for terminal cable [7:64269]
If the Livingston port is a eia-232/DTE then you're basically set to go. Just use a roll-over cable. On the chance that the livingston port is a DCE, use a straight-through cable (which might be the answer since it was a female to begin with). scott -Original Message- From: John Golovich [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: pinout for terminal cable [7:64269] Can anyone help me for the pinouts for this cables. From the back of a Livingston Portmaster 2E I have a gender changer plugging into a db25 cisco terminal to rj45 adapter. From here I want to plug a cat5 cable into the console of my ciscos. I could use some help with the pinouts if anyone has already done this. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64285t=64269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco 2511 and US robotics modem [7:64261]
I'm sure that the default usrobotics modemcap will work on your modem. What exactly is not working on your connection? What process have you gone through to connect it? Modemcap entries can be viewed on the router by 'show modemcap' to reveal the names of the modems supported by default scripts and then 'show modemcap usr_sportser' to show the actual AT commands used for that entry. The AT commands used by your modem can usually be seen in the help menu if you terminal into your modem. at$ or at$h usually brings up the help. scott -Original Message- From: Joupin [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 8:20 AM To: [EMAIL PROTECTED] Subject: Cisco 2511 and US robotics modem [7:64261] Hi I got really confused that Why can`t I connect e US ROBOTICS 56 k Message modem to a Cisco 2511 Router , I think my problem is because of MODEM CAP Properties. where can I find a Modem cap resources regarding this issue ? ANy Response appreciated Joupin www.joupin.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64286t=64261 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question on ISIS and IP Mismatches [7:64309]
The last word on I saw on this issue was that the adjaceny would still form. You could check into the release notes for the most recent releases, but 12.1 GD and before was still doing it. HTH, Scott CCIE #9340 CiscoNewbie wrote in message news:[EMAIL PROTECTED] Hi all. I am thinking of adding a few Cisco into my lab which consist of mainly Juniper routers running ISIS. A few months back I got caught up in a nice troubleshooting issue with ISIS on these routers while working on a PTP in that I had misconfigured an IP address on one side of an interface and a different network IP on the other side of the PTP. Being that ISIS does not care about IP, the adjacencies forms anyways like they should have. Now I know that this is the nature of ISIS and not an issue with the router but recently Juniper modified their JUNOS OS so that it checks for proper match of IP parameters. My question is, does Cisco have this built in behavior in that it will check for this mismatch? If so, what IOS code/train has it? Thanks. - Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, and more Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64310t=64309 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Log files Pix Chkpnt [7:63646]
www.opensystems.com They make a product called Private-I.. It's bar-none the best info-correlation product out there. -- Scott M. Trieste Information Security Consultant p: 201.618.8977 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know of a product that will merge log files from multiple sources Snort, PIX, Checkpoint, etc...? I'm trying to centralize much of our security management responsibilities. Thanx, Mike J. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63658t=63646 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Any Suggestions? [7:63598]
Since you didn't list which model of router you actually have or the version of IOS, config, etc., I would guess that it is a memory issue and/or an IOS issue or old bootrom not support by your current IOS Just some generic stuff that could affect any router. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63606t=63598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Cache engine tuning [7:63566]
Anyone else use the older Cisco Cache 2050 Cache engines? I am looking for anyone else that has this, that I can compare tuning settings with. It is a Cisco Cache Engine doing WCCPv1 . TIA Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63566t=63566 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
You can span/mirror 2 ports into one so we only have one set at each ISP connection. Most of the action is manual with the exception of some fairly proven exploits that we use ISS kills to handle, such as Napster traffic ( not a big deal now that it's gone ), gnutella, code red, DNS I-queries, etc. If I turn all of the automatic stuff on, when a known signature match is made, whomever that was is no longer able to gain access as via OPSEC connections ( http://www.opsec.com/solutions/sec_intrusion_detection.html ) , that block that connection and future connections for that IP for a pre-determined time. Cisco have the same type of deal for controlling Cisco devices via the Cisco IDS but I don't like IDS doing too much automatically though. It's all kinda like virus protection though, you have to have a signature match to detect it. Which means you have to have a signature written before that attack can be recognized. It's all a belt-and-suspenders approach really. With a combination of ACL's on the ISP connection router and firewall rules and then ACL's on the router after the firewall, we get most of the stuff. Snort requires a hardare investment and a lot of tuning. It's not for the novice but it is on my list of yet another IDS at some point. Probably after we do the Cisco blades on the 6500's.. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63506t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISS Real Secure Vs Cisco IDS [7:63461]
You are correct. That's why security should be a belt and suspenders approach. For the Code red stuff, SQL slammer, etc, we just used NBAR on Cisco to drop the packets. http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1 ISS gets some stuff, Checkpoint is good at getting some other stuff, etc., I also don't allow much UDP in. It's blocked by an inbound ACL, as it's not statefully inspected. UDP 53 ( DNS ) and some host to host special allow's and that's it. Everything else is TCP. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63551t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Lost Switch [7:63469]
That blows!! Uh, can you give me a clue as to which model switch you are talking about? Maybe a secondary address on the port going to the second switch, with the wrong address as the secondary? Does it have trunking to the second switch? Can you put yourself in the vlan with the switch and with a computer on the same vlan, set the laptop in the same subnet as the switch and do it that way? Just tossing stuff out here ;-) Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63472t=63469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ISS Real Secure Vs Cisco IDS [7:63461]
I use ISS, NFR and Checkpoint for IDS stuff but am looking into doing Cisco IDS on CAT 6500 stuff. I would get all of 'em if you can afford it. Each has missed stuff and has faults in one way or another. I tried the Cisco stuff 2 years ago and thought it was at the bottom of the heap then. Am going to eval it next month for a month to see what it's like now. My IDS approach has been to stage NFR on the outside of the firewall, Checkpoint Firewall 1's IDS runs on the firewall, and have ISS after the firewall to wack anything else that get's through. Since ISS can tie into the firewall that works for some weird cases but, as a rule, I am very careful on how I use that feature as you can DOS yourself if you are not careful and the intruders can use it against you as well. I am thinking of using Cisco IDS on the CAT6500 ( core of network ) with little or not signatures at first and only put signatures on them when a situation occurs such as Code Red, SQL snake, etc., until network is clean and then remove it again or something in that line of thinking anyway. Anyway, that's my line of thought... YMMV ( Your Mileage May Vary ) and just my .02 worth, etc., etc., .. ;-) Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63474t=63461 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Lost Switch [7:63469]
Yep. I forgot about that trick. If he is on the same vlan and can arp with it, I would just setup a laptop with the same network range and go from there actually. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63475t=63469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where physically does NAT take place, VIP or RSP? [7:63318]
On a 75XX w/ 4-50 cards, where does NAT actually happen at? Does it happen on the VIPs or on the RSP? I am hoping that it happens between the VIPs like dCEF I need to setup a temp link for backup purposes and if the VIPs do the NATing, If I can get by with an RSP2 with VIP4-50's, I won't have to get an RSP8. It will be NATing a DS-3 so, I want make sure I don't run out of resources. Can't seem to find out where it happens on Cisco's website. Anyone know where NAT actually takes place? Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63318t=63318 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Does switching on same card use backplane BW? [7:63320]
Does switching on same card use backplane BW? If, say, I am doing MLS ( L3 switching ) on a CAT 5000, and I setup two hosts, one on port 1 and the other one port 2 on the same card ( ws-x5201R which does the L3 MAC rewrite itself ), does this type of setup use any backplane bandwidth? Or does it still have to pass through the SUP? TIA Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63320t=63320 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
NAT and VIP2-xx's [7:63166]
On a 75XX w/ 4-50 cards, where does NAT actually happen at? Does it happen on the VIPs or on the RSP? I am hoping that it happens between the VIPs like dCEF I need to setup a temp link for backup purposes and if the VIPs do the NATing, If I can get by with an RSP2 with VIP4-50's, I won't have to get an RSP8. It will be NATing a DS-3 so, I want make sure I don't run out of resources. Can't seem to find out where it happens on Cisco's website. Anyone know where NAT actually takes place? Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63166t=63166 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FW: Lab workbook? amp; Voice modules? [7:63163]
I would recommend a well-rounded set of prep material. Out of all of them, CCBootCamp is the most consisten and widest range of simper to very complex labs to attack all of the difficulties you want to see. As for the voice stuff, it is increasing in its point value on the exam. So I wouldn't blow it off, but you needn't necessarily spend your money on the stuff either! There are plenty of remote racks to rent that have that equipment in it already (and ATM). Check out www.ccbootcamp.com and you'll see all of that stuff to help you along. And check out www.@!#$.com as well for the QA forums on the labs that you get! Hope that helps, Scott Morris, MCSE, CCDP, CCIE3 (RS/ISP-Dial/Security) #4713, CCNA-WAN Switching, Security Specialist, Cable Communications Specialist, IP Telephony Support Specialist, IP Telephony Design Specialist, CISSP CCSI #21903 [EMAIL PROTECTED] -Original Message- From: edward Huang Newsgroups: groupstudy.cisco Sent: Monday, February 17, 2003 9:18 AM Subject: Lab workbook? Voice modules? [7:63163] I'm preparing for ccie rs exam. But I lived out side U.S.;Could anyone recommend any lab_workbook for studying self? BTW, I'm collecting for the rack equipment, is it worth to invest on voice modules(ex.NM-1V,2FXS...etc.) for practice? I've heard that this part only be tested very little of the Lab ,is it true? Thanks! Best Regards, Edward Huang Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63223t=63163 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Packet Magazine and the CCIE Lab [7:62994]
ket_department09186a0080142dfb.html#title Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62994t=62994 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CCIE and Packet Magazine (attempt 2) [7:62995]
ket_department09186a0080142dfb.html#title ;) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62995t=62995 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
