Re: Please Help - CIDR - How the bits work [7:75050]
Fred, OSPF was just moved into the CCNA 3.0 Acad. which is JUST being released now. I wish we would have coverd that, and other things you mention. Steve Reimer, Fred wrote: May be I had advanced access to the new NA material then ;-) In my view, a NA should be able to handle basic RIP, OSPF, EIGRP in a small to medium sized network. That would certainly include CIDR. A NP, IMO, would be for advanced RIP, OSPF, EIGRP, and basic BGP, like for configuring a mid-large sized network for connection to the Internet including minimal BGP. IE, IMO, is for ISP engineers that have to deal with extensive IS-IS, BGP using all options, etc, and large to huge (global) networks. May be I'm just expecting too much, but if you don't understand CIDR you shouldn't be allowed anywhere near a router, let alone be responsible for configuring them. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:33 PM To: [EMAIL PROTECTED] Subject: RE: Please Help - CIDR - How the bits work [7:75050] Reimer, Fred wrote: No offense, but this is CCNA material. Do they still teach classful for CCNA, though? Perhaps the only thing that's hard for him is that 192.168.24.0 has a mask of 255.255.255.0 in a classful system. Moving the prefix over to the left of that classful boundary isn't something they teach for CCNA yet. (They will soon. The new Networking Academy books teach it from the start now.) Priscilla If you are going for your CCNP, then you should already have your CCNA and know the answer. But anyway... If you need a network with 400 hosts, the smallest subnet would have a /23 mask. So take the first part of your given network and assign it to that: 192.168.24.0/23 (192.168.24.0-192.168.25.255) Then you need one with 200 hosts. Well, that could fit within a /24 subnet, so assign the next available to that: 192.168.26.0/24 (192.168.26.0-192.168.26.255) Now you only have 192.168.27.0/24 left from the original 192.168.24.0/23 (which covered 192.168.24.0-192.168.27.255). You need two 50's, so that should fit within /26 subnets each. Assign them: 192.168.27.0/26 (192.168.27.0-192.168.27.63) 192.168.27.64/26 (192.168.27.64-192.168.27.191) Finally, you need three subnets that can have two hosts each, which would fit within /30 subnets. So assign: 192.168.27.192/30 192.168.27.196/30 192.168.27.200/30 Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 8:02 AM To: [EMAIL PROTECTED] Subject: Please Help - CIDR - How the bits work [7:75050] I just started my routing class for my CCNP. We are covering CIDR. The book is VEERY vague on how the bit patterns break down and are used. This was a problem posed in one of my CCNP labs I have network number 192.168.24.0 / 22 from this I need networks with 400 hosts 200 hosts 50 hosts 50 hosts 2 hosts (for serial int - no ip un-numbered allowed ) 2 hosts 2 hosts Also no NATing Thanks all I really could use the help Steve **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75169t=75050 -- **Please
Re: Studying Switching [7:75030]
No sorry I know that peom, no spanning in there at all. LoL Steve Tom Lisa wrote: Priscilla, Didn't Radia write a poem that starts something like I have never seen a tree as lovely as a spanning tree? BTW, is it still possible to get a free copy of 802.1s w. I looked on the IEEE site but couldn't find them. Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Priscilla Oppenheimer wrote: Get a copy of Cisco LAN Switching by Kennedy Clark and Kevin Hamilton. It's right up there with Doyle as one of the best networking books ever written. It makes switching fun again! ;-) It's well written, technicaly accurate and interesting, and it doesn't just throw the latest marketing trends at you with no explanation of their history, like some switching material does. Also, CertificationZone has some good articles and study materials for switching. By the way, switching isn't as dull as it might seem. The spanning tree algorithm can be quite interesting to study. And there are enhancements to it now like 802.1s (multiple spanning trees) and 802.1w (rapid spanning tree protocol). Good luck! Priscilla Oppenheimer Nakul Malik wrote: Hi all, I started off studying routing and found it to be a topic that interested me a lot. I just couldn't get enough of halabi Doyle and the rest. I studied a lot, practiced a lot and was thrilled when I passed the exam in beta. Next I started studying for switching. That didn't turn out as well as I thought it would. I couldn't just work up the same level of interest. I have been analyzing the reasons and have come up with the following: 1. I've never worked with switches much, so I don't know too much about them, as opposed to routers. 2. Study materials. I've been wondering, has anyone else faced similar problems in their quest for CCNP. Also, could someone recommend some good materials/resources for switching other than the official Cisco book? Any/all answers would be appreciated. Thanks. -N -- Nakul Malik H-342 New Rajendra Nagar New Delhi - 110060 Mobile: +91-9811424477 Ph: +91-11- 2582 3488 +91-11- 2585 0155 Fax:: +91-11- 2575 2904 [EMAIL PROTECTED] **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75168t=75030 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
??? Dumb Consultant ??? - Please Help [7:75213]
Hello all, I need some folks with hopefully a CCIE to answer this question. If there is an un subnetted class A, and there are 25 or users on the network. would the fact that the network is unsubnetted cause a large load of network traffic? here is the reason and layout. Our company uses Xerox printers and they came with address 10.6.1.45 - 255.0.0.0 10.6.1.44 - 255.0.0.0 our clients are all on the same network using a DHCP pool of 10.6.1.100 - 10.6.1.150 even if there is broadcast it is one message across the network (lets say for Netbios name resolution) there is one broadcast not a unicast to 16,7xx,xxx some host. Only 25 hosts will answer correct? So how will a class A subnet mask cause this? Thanks for all input, please feel free to ramble, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75213t=75213 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Please Help - CIDR - How the bits work [7:75050]
I just started my routing class for my CCNP. We are covering CIDR. The book is VEERY vague on how the bit patterns break down and are used. This was a problem posed in one of my CCNP labs I have network number 192.168.24.0 / 22 from this I need networks with 400 hosts 200 hosts 50 hosts 50 hosts 2 hosts (for serial int - no ip un-numbered allowed ) 2 hosts 2 hosts Also no NATing Thanks all I really could use the help Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75050t=75050 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
CIDR - I was dumb - thanks every one [7:75079]
I think I was over looking something very simple. CLASS-LESS! If I understand things correctly. If I have 10 bits for my host section I have a total of 1024 hosts. What I was stuck on is liner break down dividing subnets in factors of 2. But ( here was my mistake ) by powers of 2, I'm not sure if I'm explaining it right, but I think I got it. I was over thinking the problem! Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75079t=75079 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Good network monitor prog. ??? [7:75081]
Any one know of a good network monitor prog.? It doesn't have to be free but not to expensive. My budget is nill. Any recomendations? Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75081t=75081 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Please Help - CIDR - How the bits work What I figured out [7:75086]
Priscilla Oppenheimer wrote: Reimer, Fred wrote: No offense, but this is CCNA material. Do they still teach classful for CCNA, though? Perhaps the only thing that's hard for him is that 192.168.24.0 has a mask of 255.255.255.0 in a classful system. Moving the prefix over to the left of that classful boundary isn't something they teach for CCNA yet. (They will soon. The new Networking Academy books teach it from the start now.) Priscilla If you are going for your CCNP, then you should already have your CCNA and know the answer. But anyway... If you need a network with 400 hosts, the smallest subnet would have a /23 mask. So take the first part of your given network and assign it to that: 192.168.24.0/23 (192.168.24.0-192.168.25.255) Then you need one with 200 hosts. Well, that could fit within a /24 subnet, so assign the next available to that: 192.168.26.0/24 (192.168.26.0-192.168.26.255) Now you only have 192.168.27.0/24 left from the original 192.168.24.0/23 (which covered 192.168.24.0-192.168.27.255). You need two 50's, so that should fit within /26 subnets each. Assign them: 192.168.27.0/26 (192.168.27.0-192.168.27.63) 192.168.27.64/26 (192.168.27.64-192.168.27.191) Finally, you need three subnets that can have two hosts each, which would fit within /30 subnets. So assign: 192.168.27.192/30 192.168.27.196/30 192.168.27.200/30 Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 8:02 AM To: [EMAIL PROTECTED] Subject: Please Help - CIDR - How the bits work [7:75050] I just started my routing class for my CCNP. We are covering CIDR. The book is VEERY vague on how the bit patterns break down and are used. This was a problem posed in one of my CCNP labs I have network number 192.168.24.0 / 22 from this I need networks with 400 hosts 200 hosts 50 hosts 50 hosts 2 hosts (for serial int - no ip un-numbered allowed ) 2 hosts 2 hosts Also no NATing Thanks all I really could use the help Steve **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75086t=75086 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
IP Subnet calc. [7:75085]
Any one know a good free subnet calc. After realizing how many break downs, and how many subnetworks you would have to figure for CIDR, I would rather not do it with pan and paper. Free is good, for the calc. cost. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75085t=75085 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Please Help - CIDR - How the bits work What I figured out [7:75087]
I was stuck on the idea that you could ONLY re subnet a remaining piece of a subnetwork. And not apply a mask to the whole span of the total available network. You can (unless I'm incorrect here) you just have to watch out for address over lap neer your subnetwork boundries. I think I got it. Man I love this news group! Steve Priscilla Oppenheimer wrote: Reimer, Fred wrote: No offense, but this is CCNA material. Do they still teach classful for CCNA, though? Perhaps the only thing that's hard for him is that 192.168.24.0 has a mask of 255.255.255.0 in a classful system. Moving the prefix over to the left of that classful boundary isn't something they teach for CCNA yet. (They will soon. The new Networking Academy books teach it from the start now.) Priscilla If you are going for your CCNP, then you should already have your CCNA and know the answer. But anyway... If you need a network with 400 hosts, the smallest subnet would have a /23 mask. So take the first part of your given network and assign it to that: 192.168.24.0/23 (192.168.24.0-192.168.25.255) Then you need one with 200 hosts. Well, that could fit within a /24 subnet, so assign the next available to that: 192.168.26.0/24 (192.168.26.0-192.168.26.255) Now you only have 192.168.27.0/24 left from the original 192.168.24.0/23 (which covered 192.168.24.0-192.168.27.255). You need two 50's, so that should fit within /26 subnets each. Assign them: 192.168.27.0/26 (192.168.27.0-192.168.27.63) 192.168.27.64/26 (192.168.27.64-192.168.27.191) Finally, you need three subnets that can have two hosts each, which would fit within /30 subnets. So assign: 192.168.27.192/30 192.168.27.196/30 192.168.27.200/30 Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Steven Aiello [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 8:02 AM To: [EMAIL PROTECTED] Subject: Please Help - CIDR - How the bits work [7:75050] I just started my routing class for my CCNP. We are covering CIDR. The book is VEERY vague on how the bit patterns break down and are used. This was a problem posed in one of my CCNP labs I have network number 192.168.24.0 / 22 from this I need networks with 400 hosts 200 hosts 50 hosts 50 hosts 2 hosts (for serial int - no ip un-numbered allowed ) 2 hosts 2 hosts Also no NATing Thanks all I really could use the help Steve **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=75087t=75087 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Cisco Vs. Low cost switches -Whats the Diff ? [7:74987]
Ok, So I know there is a big difference in the cost and performance of Cisco (even lower end models) and let say a netgear switch. But where do the difference lay? I know that there are memory issues and back plain differences in these 2 classes of switches. But how do I find out what a lower cost switch will perform like. I was doing some bench marking on a NetGear 100Mb switch, between a large file transfer off a Win2k Server and a client. The through put was only a few Meg a best. The NIC in the server is a Gbit NIC and shouldn't be over whelmed by a simple file transfer. (I was running this while every one else was out of office so I know that's not an issue). I know that with Ethernet there is collisions and the like so I may not get true 100Mb performance but the results were horrible. What should I look for even in lower cost switches to be sure I get at least decent performance out of them? Even if you ramble on in this point, GREAT! The more you know the better I say. Thanks all, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74987t=74987 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
??? Layer 2 routing ??? [7:74788]
Ok all I have a question on this subject. I know routing takes place at the network layer, and switching takes place at the data link layer because it works based on physical addresses. So how do we get route switching? I've just started my CCNP and we were learning about different cache methods to speed up performance, is this how route switching is done, is the routing calculation be performed on a per packet basis? I was reading that by default, Cisco routers only perform a routing calculation on the first packet for a destination network and then on less the no route-cache option is set all the rest of the packets are really only switched to the correct interface. Am I missing something? I would invision that a router would by default perform a lookup for each connection sequence. does layer 3 routing not do a look up for each sequence of packet? Does is look at an address and use an old pre say route that was cached in memory? If some one can give a good explanation I would greatly appreciate it. Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74788t=74788 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
??? Cisco Express Forwarding ??? [7:74794]
Another question, in CEF is the whole routing table held in a cache? If so what is the diffrence between this and the routing table held in RAM? Is the cache faster than the regular RAM in the router? Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74794t=74794 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Point to Point for a 26xx and a Watchguard SOHO [7:74719]
Hello all, I was wondering if any one has configured a Cisco and a Watchguard SOHO in Point to Point configuration to save on IP public IP addresses? Here is my situation. I have 1 router with 2 FE interfaces. There are 2 companies sharing a T1 line in a single building. One company wants to add VPN support for a home user. I would like to use Watchguard SOHO's at each end for easy setup (client is a MAC). Has any one set up a PtP interface with a WG SOHO? I saw in the instructions that the SOHO will support PPPoE. Can I use this in any way or am I stuck using IP addresses? Any ideas are appreciated. Steve - Still a Lowly CCNA ( But Starting CCNP classes today! ) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74719t=74719 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
2514 router [7:74592]
anyone can help with a configuration for dsl to a 2514? I just got the router and having a hell of time with it. thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74592t=74592 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Off topic - MCSE study groups [7:74112]
Hay, Any one know of some good MCP or MCSE study groups? If so can let me know the news server? Thanks all, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74112t=74112 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Example of reflexive access list with VPN access [7:73269]
Hello all, I need some help with ACL's. What my goal is to allow VNP traffic in to my network to one firewall (Static IP address). Also I want to allow traffic out of my FE 0/1 interface out to the net using established access lists. The services I want to let out are. HTTP HTTPS SMTP POP3 FTP SFTP If some one could help me out with a good start or at least a good explanation of the process and how established or reflexive lists work. my network set up is fairly simple ( internet )---Serial 0/1 |CISCO 2621XM| FE 0/1 (continued below) FE 0/1--|Firewall 1| 12.40.100.131 (Needs VPN port passed through) \ \ \ |Firewall 2| 12.40.100.132 (NO VPN ACCESS) All users need the above services. Thanks for all your help, Steven - CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73269t=73269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCNP MCSE hands on [7:73284]
you need an account on the 2k box with the cumputer name of the win 9x box. Then if you try to access the box it should ask you for a password. Simply enter the one you set and your good to go. Oh also do you have the client for MS networks installed Steve [EMAIL PROTECTED] wrote: Hi all, I have recently passed the CCNP but have little experience. I have started working on the MCSE Win2K Server. I have tried to get hands on practice by networking my desktop and laptop, and maybe add from there. But I can't even get the two to talk. Could someone please give a little advice?? I can ping but the Win98 laptop says it has no access to the network, whatever that means. The Win2K desktop seems to be able to see the whole C:\ drive of the laptop. I have used the HELP file and read books. I have run out of ideas. -edgar San Diego, CA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73289t=73284 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Microsoft VPN through a router [7:72824]
I was wondering what ports I would need to have open for a Microsoft VPN connection on my router. If I have done my home work correctly I think IPSec port: 50 L2TP port : 1701 PPTP port : 1723 Are these all TCP, UDP??? I don't really have a full understanding of how the protocal and port process of a VPN works. I understand the theroy; how IPSec incryptes the info in a tunnel data portion of another IP packet blaa blaa blaa. But any more aditional detailed info would be great. Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72908t=72824 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Microsoft VPN through a router [7:72824]
I was wondering what ports I would need to have open for a Microsoft VPN connection on my router. If I have done my home work correctly I think IPSec port: 50 L2TP port : 1701 PPTP port : 1723 Are these all TCP, UDP??? I don't really have a full understanding of how the protocal and port process of a VPN works. I understand the theroy; how IPSec incryptes the info in a tunnel data portion of another IP packet blaa blaa blaa. But any more aditional detailed info would be great. Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72824t=72824 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Networkers, pt. 2 [7:70768]
I'll be there. Looking forward to it. -- RFC 1149 Compliant. Mossburg, Geoff (MAN-Corporate) wrote in message news:[EMAIL PROTECTED] I know Robert McCallum already asked this, but who is going to Networkers in Orlando next week? Any cool GroupStudy router config parties gonna happen? :-) Geoff Mossburg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70922t=70768 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Upgrade license [7:70919]
I believe it's just a new activation key. Copied from Cisco's website: There are a couple of reasons that you may need to upgrade the activation key on your PIX. a.. Your PIX does not currently have VPN-DES or VPN-3DES encryption enabled. Note: VPN-DES encryption must be enabled for you to manage your PIX using PDM. Registered users may obtain a free 56-bit VPN-DES activation key by completing the PIX 56-bit License Upgrade Key form. VPN-3DES activation keys must be purchased through your local reseller or Cisco sales representative. b.. Your PIX currently does not have failover activated. c.. You are upgrading from a connection-based license to a feature-based license. -- RFC 1149 Compliant. maine dude wrote in message news:[EMAIL PROTECTED] Hi, Can someone please tell me the process of upgrading a restricted license to a unrestricted one a PIX firewall please. Is it just as simple as downloading a new IOS or more. Thanks is advance, -Dj - Yahoo! Plus - For a better Internet experience Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70923t=70919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Remote VPN config cause PIX-PIX link hang!! [7:70293]
Hi.. Group. Me again, I solved my no traffic pass thru problem but PIX-PIX link hang problem still there. After I added my remote VPN client config in my PIX, my PIX-PIX link to HK and Tokyo will hang after 10 hours. Any one know what is the problem? Below are my sh crypto isakmp sa result in my LonPIX when it hang dstsrcstate pending created 103.103.103.130 200.117.50.125(remote) QM_IDLE 0 2 hkpix 103.103.103.130 QM_IDLE 0 0 tokpix 103.103.103.130 QM_IDLE 0 0 I recall Daniel question for me as shown below? Should I ask Tokyo and HK admin to to change transform-set from esp-des to esp-des esp-md5-hmac as well? Is that the cause?? 4) You mentioned that you changed your transform set in London. Did you also change it to match in Hong Kong and Tokyo? Lonpix crypto ipsec transform-set lonset esp-des esp-md5-hmac TokPIX/ HKPIX crypto ipsec transform-set newset esp-des LonPIX isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 TokPIX/ HKPIX isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 Daniel Cotts wrote: 1) Can we assume that the client is fully authenticated? Your config looks good. There is a line crypto map lonmap client authentication RS that I don't understand. My guess is that authenticates remote users individually beyond the group password used between the Client and PIX. If there is any question, you could remove it temporarily for testing. 2) Is the Client installed on a PC that has a software firewall or the PC is behind a firewall? If so, check the settings there. 3) You are using VPN Client software 3.6 or thereabouts? 4) You mentioned that you changed your transform set in London. Did you also change it to match in Hong Kong and Tokyo? 5) use sh crypto isakmp sa and sh crypto ipsec sa to see what connections are up. HTH Let the list know when you are successful. -Original Message- From: Steven shinnick [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 9:23 PM To: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: VPN client can connect but no traffic can pass [7:70084] Hey.. Daniel and Study Group I follow the instruction to assign different IP range for my IPPOOLS, 172.16.4.1-172.16.4.31. But I still can't ping and talk to my local LAN after get connected. Any idea what's wrong? Besides, I want to make clear that I accidentally delete - at the following line when I send to u. It was no-nat in my config not nonat nat (inside) 0 access-list no-nat Besides, I want to discussing about the PIX-PIX hang problem (not immediately) after I add in additional config for remote VPN client. I suspect it is caused by change the following line from crypto ipsec transform-set lonset esp-des to-- crypto ipsec transform-set lonset esp-des esp-md5-hmac without changing this my client can't get authenticated I have 2 isakmp policies , 10 was originally set for PIX-PIX to HK and Tokyo, and I add in 20 for Remote VPN connection. Any idea about my PIX-PIX hang problem with additional Remote VPN config? isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 My New config is LONPIX# wr term Building configuration... : Saved : PIX Version 6.0 nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname LONPIX domain-name xxx.co.uk fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 70.7.75.150 HKpix name 20.2.25.150 tokpix access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 access-list no-n! at permit ip 172.16.3.0 255.255.255.0 172.16.4.0 255.255.255.224 access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0 255.255.255.224 access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0 255.255.255.255.224
RE: VPN client can connect but no traffic can pass [7:70084]
Hi.. Daniel and Group.. Thanks a millions..!! I SOLVED the issue. It was bcoz I installed Two different VPN clients in my PC. 1)VPN Systems VPN client 3.6.4 2)Cisco Secure VPN client (Safenet). I uninstall both and reinstalled # 1 only. I can connect to LAN now. I have some extra questions 1) how many remote VPN connections can connect to the PIX515 at the same time? 2) Can I assign the same local LAN IP range for VPN client IPPOOLS? Thanks Daniel Cotts wrote: 1) Can we assume that the client is fully authenticated? Your config looks good. There is a line crypto map lonmap client authentication RS that I don't understand. My guess is that authenticates remote users individually beyond the group password used between the Client and PIX. If there is any question, you could remove it temporarily for testing. 2) Is the Client installed on a PC that has a software firewall or the PC is behind a firewall? If so, check the settings there. 3) You are using VPN Client software 3.6 or thereabouts? 4) You mentioned that you changed your transform set in London. Did you also change it to match in Hong Kong and Tokyo? 5) use sh crypto isakmp sa and sh crypto ipsec sa to see what connections are up. HTH Let the list know when you are successful. -Original Message- From: Steven shinnick [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 9:23 PM To: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: VPN client can connect but no traffic can pass [7:70084] Hey.. Daniel and Study Group I follow the instruction to assign different IP range for my IPPOOLS, 172.16.4.1-172.16.4.31. But I still can't ping and talk to my local LAN after get connected. Any idea what's wrong? Besides, I want to make clear that I accidentally delete - at the following line when I send to u. It was no-nat in my config not nonat nat (inside) 0 access-list no-nat Besides, I want to discussing about the PIX-PIX hang problem (not immediately) after I add in additional config for remote VPN client. I suspect it is caused by change the following line from crypto ipsec transform-set lonset esp-des to-- crypto ipsec transform-set lonset esp-des esp-md5-hmac without changing this my client can't get authenticated I have 2 isakmp policies , 10 was originally set for PIX-PIX to HK and Tokyo, and I add in 20 for Remote VPN connection. Any idea about my PIX-PIX hang problem with additional Remote VPN config? isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 My New config is LONPIX# wr term Building configuration... : Saved : PIX Version 6.0 nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname LONPIX domain-name xxx.co.uk fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 70.7.75.150 HKpix name 20.2.25.150 tokpix access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 access-list no-n! at permit ip 172.16.3.0 255.255.255.0 172.16.4.0 255.255.255.224 access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0 255.255.255.224 access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0 255.255.255.255.224 no pager logging on logging buffered errors logging trap errors logging history errors logging facility 18 logging host inside 172.16.3.101 no logging message 400010 interface ethernet0 100basetx interface ethernet1 100basetx mtu outside 1500 mtu inside 1500 ip address outside 103.103.130.130 255.255.255.240 ip address inside 172.16.3.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool IPPOOLS 172.16.4.1-172.16.4.31 pdm history enable arp timeout 14400 global (outside) 1 103.103.103.131 nat (inside) 0 access-list no-nat nat (inside) 1 172.16.3.0 255.255.255.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 103.103.103.129 ! 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa-server RS protocol radius aaa-server RS (inside) host 172.16.3.101 RSKEY timeout 5 aaa authentication ssh console LOCAL no snmp-server location
Re: VPN client can connect but no traffic can pass [7:70084]
Hey David and Group I have done as what you had asked me to change but no luck. Still no traffic can pass thru although it can connect. My new config is at the end of the mail. Anyone have idea why?? I really feel strange, as my username and password can be authenticated by my W2K radius server but why no traffic can pass to LAN after get connected? I saw the traffic statistic of VPN client increase but I can't connect to any thing on the LAN. Why? P/s: why you suggest to change from crypto map from 30 to 35 ? David Tran II wrote: After looking at your configuration, you need to do this: change from: crypto map lonmap 30 ipsec-isakmp dynamic outside_dyn change to: crypto map lonmap 35 ipsec-isakmp dynamic outside_dyn and add in this line: crypto map lonmap client configuration address respond crypto map lonmap client authentication RS (I think you already have this line) It looks to me like you are using xtended authentication, it is a good idea to upgrade your code from 6.0.x to at least 6.2(2) or better yet, 6.3(1). I know for a fact that the configuration above works for version 6.2(2) or higher. 6.3(1) supports NAT traversal. My New config is LONPIX# wr term Building configuration... : Saved : PIX Version 6.2 nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password encrypted passwd encrypted hostname LONPIX domain-name xxx.co.uk fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol ils 389 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names name 70.7.75.150 HKpix name 20.2.25.150 tokpix access-list 111 permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list 112 permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 10.10.0.0 255.255.0.0 access-list no-nat permit ip 172.16.3.0 255.255.255.0 172.16.4.0 255.255.255.224 access-list no-nat permit ip 192.168.3.0 255.255.255.0 172.16.4.0 255.255.255.224 access-list no-nat permit ip 10.10.0.0 255.255.0.0 172.16.4.0 255.255.255.255.224 no pager logging on logging buffered errors logging trap errors logging history errors logging facility 18 logging host inside 172.16.3.101 no logging message 400010 interface ethernet0 100basetx interface ethernet1 100basetx mtu outside 1500 mtu inside 1500 ip address outside 103.103.130.130 255.255.255.240 ip address inside 172.16.3.254 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool IPPOOLS 172.16.4.1-172.16.4.31 pdm history enable arp timeout 14400 global (outside) 1 103.103.103.131 nat (inside) 0 access-list no-nat nat (inside) 1 172.16.3.0 255.255.255.0 0 0 conduit permit icmp any any route outside 0.0.0.0 0.0.0.0 103.103.103.129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius aaa-server LOCAL protocol local aaa-server RS protocol radius aaa-server RS (inside) host 172.16.3.101 RSKEY timeout 5 aaa authentication ssh console LOCAL no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec no sysopt route dnat crypto ipsec transform-set lonset esp-des esp-md5-hmac crypto dynamic-map outside_dyn 30 set transform-set lonset crypto map lonmap 10 ipsec-isakmp crypto map lonmap 10 match address 111 crypto map lonmap 10 set peer hkpix crypto map lonmap 10 set transform-set lonset crypto map lonmap 20 ipsec-isakmp crypto map lonmap 20 match address 112 crypto map lonmap 20 set peer tokpix crypto map lonmap 20 set transform-set lonset crypto map lonmap 35 ipsec-isakmp dynamic outside_dyn crypto map lonmap interface outside crypto map lonmap client configuration address respond crypto map lonmap client authentication RS isakmp enable outside isakmp key address hkpix netmask 255.255.255.255 isakmp key address tokpix netmask 255.255.255.255 isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup GROUP address-pool IPPOOLS vpngroup GROUP dns-server 172.16.3.101 vpngroup GROUP wins-server 172.16.3.101 vpngroup GROUP default-domain company.com vpngroup GROUP idle-time 1000 vpngroup GROUP password telnet
RE: VPN client can connect but no traffic can pass [7:70084]
255.255.255.0 inside ssh timeout 60 username pix password xxx encrypted privilege 2 username user1 password encrypted privilege 2 terminal width 100 Cryptochecksum:xxx : end [OK] Daniel Cotts wrote: I believe that your IPPOOLS ip range should be different from your local LAN so that they can communicate. Maybe make it 172.16.4.1-172.16.4.31 Then build an access-list for the Clients that goes inside address, pool address access-list CLIENTS permit ip 172.16.3.0 255.255.255.0 172.16.4.0 255.255.255.224 The above gets you to the London LAN access-list CLIENTS permit ip 192.168.30 255.255.255.0 172.16.4.0 255.255.255.224 This gets your clients to the HK LAN access-list CLIENTS permit ip 10.10.0.0 255.255.0.0 172.16.4.0 255.255.255.255.224 This gets you to the Tokyo LAN Obviously Hong Kong and Tokyo will have to permit traffic from their LAN to the Client IPPOOLS range of addresses. You have a line nat (inside) 0 access-list nonat but there is no access-list nonat There is an access-list no-nat Just erase that and create an access-list (try the name VPNs) that has all the information in acl 111, 112, and CLIENTS. Use that acl in your nat 0 statement. There is a more elegant way to do this last step. Not sure which version allows it. There are several books on PIX configuration available. Cisco Secure PIX Firewalls by Chapman and Fox, Cisco Press, ISBN 1587050358 Cisco PIX Firewalls by Richard Deal, Osborne McGraw Hill, ISBN 0072225238 I'd suggest you buy both. -Original Message- From: Steven shinnick [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 10:56 PM To: Daniel Cotts; [EMAIL PROTECTED] Subject: RE: VPN client can connect but no traffic can pass [7:70084] Hey... Attached is my full config. I think I have to specify and access list to make No NAT for my IPPOOLS traffic right. For example I specified ip local pool IPPOOLS 172.16.3.11-172.16.3.20 which is same network as my local LAN, then I got to specify the following access list to make No NAT for the IPSec traffic right? But I am curious to see many example on the web that they specify IPPOOLS which is not the same network as the local LAN. Why? Can it connect if IPPOOLS not the same subnet as LAN? access-list no_nat permit ip 172.16.3.0 255.255.255.0 172.16.3.0 255.255.0.0 - Do you Yahoo!? Free online calendar with sync to Outlook(TM). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70163t=70084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN client can connect but no traffic can pass [7:70084]
I had installed a VPN client in home PC to connect to PIX in my company. It can connect and get authenticated and login. But I can't ping and talk to any PCs in my company. why?? I specify the IPPOOLS in my PIX config. It means my VPN client will get these IP right? But how about subnet mask? How do PIX know what subnet mask to give? ip local pool IPPOOLS 10.1.1.241-100.1.1.250 - Do you Yahoo!? Free online calendar with sync to Outlook(TM). Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70084t=70084 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: hacking challenge [7:66720]
Depending on the servers you could do it in 5 min. There is an annonamys account that runs over netbios in the 130's port area. If there isn't a firewall in place to filer this port you can use the net use command and have access to the box. After this you can download the backup copy of the SAM off the server run a crack program like lophtcrack and BLING BLING. You have every user name and password on the system. All to easy. I would recommend the Hacking Exposed book. If you want to protect your system from cracker / hackers. You need to know what they can and will do to get what they want. However don't let a firewall be your end all do all solution. Look into hardening you Server OS, if its Win2k try learning about group policy's they are a wonderful addition. If it's Novell or Linux, sorry I can't be much help. But the rule applies Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66753t=66720 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speed Duplex Talk again [7:66402]
Ok seeing as how were talking about duplex mismatches. I have one workstation on my LAN that is clearly a dog when it comes to network traffic. I have set it to all different duplex settings and speeds, hoping to notice a change. How would I detect if there was a speed type mis-match? I'm not getting any errors on the workstation. The switch I have it not manageable. It is for a smaller LAN 10 - 15 users. But we do transfer VERY large files all day. None of the other workstations have this prob. And this box is a P4 1.5Ghz with 512 RAM. So I know there is no prob with the horse power of the box. Can I look at the packets with a sniffer? If so what should I look for? Help, ahh Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66552t=66402 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DS3 bandwidth issues [7:65790]
Wow Thank you sooo much. This is the best explanation of T-carrier Vs. Dx-Carrier I've ever read. I work in the IT field for some time, but not to much in the telco side and I could never really find what the difference was. THANKS A TON Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65922t=65790 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is 10baseT dead? [7:65263]
Ok, I am still a lowly CCNA however Einstein said make things as simple as they need to be and no more. I work on a LAN where we transmit large print files to Xerox laser printers. These files can get up to 1.5Gb in size and sometimes a bit larger. The Printers run on older Sun workstations and they have 10Mb cards. I have never come across a situation where the server has been able to over flow first of all the switches buffer and second of all it's NICs buffer. I know I am not the only sys admin who randomly sits on the network with a packet sniffer and analyses traffic from the major sources of traffic on their network, yes sometimes there will be some retransmit requests by the Xerox workstations however nothing of large significance. Also these retransmits usually occur when another workstation is processing a separate file also about 1Gb or more and that data is being transferred over the network from workstation so the server. Also what kind of network environment would you be in where your server would be slammin one workstation? Even real-time video would create this type of overload, especially since I can imaging it would be run over UDP and packets would be dropped if they were out of order. Theoretically you may be able to overwhelm a 10base T card however I would even doubt that considering the windowing and source quenching built into TCP/IP (source quench may be the wrong term but you all should know what I am talking about). I think it is far better to have the bandwidth ready and available then to fall short. That's just my opinion on the humble, Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65357t=65263 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE [7:65426]
Wow, I am so much more motivated to get my CCIE now. ahaha, that was hilarious. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65444t=65426 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is 10baseT dead? [7:65077]
Scott, I think you have a great point, it seems that most of the computer technologies we have today are not taken full advantage of. However instead of taking the air out the sale's staff sales as it were ( no pun intended ). Why not suggest upgrade from the Idf's to the server farm. You could suggest Ether Channel to combine some of the runs you have put in ( I'm sure ) when you are upgrading your networks. This way you have more bandwidth to the server farm and fault tolerance. WOW now that's a selling point. Also it can be done with out raising up the costs on hardware to much. You can get duel interface NIC's for your servers that are fairly reasonable now. I am amazed at the push for processor speed now, I can think if very few people that NEED 3Ghz with 2Gb of RAM. However no one NEEDS a Jaguar eigther, some people just want it and if they can afford it so be it. Look at the situation this way at least if your going for over kill the network will perform well, that is better than underselling and then having your clients be upset because they are limited in the future. But hay that's just my 2 cents. Take it with a grain of salt. = ) Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65181t=65077 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
??? CCS ??? [7:65056]
Why can I not access some of the links people are posting point to Cisco's web site. It asks for a CCS login? Can any one get one and how would I go about it? Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65056t=65056 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PRI [7:64999]
If I remember correctly there are 64 channels in a PRI ISDN. I could be wrong it was one of things I memorized for my CCNA. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65055t=64999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
??? MPLS ??? [7:64898]
Sorry for such a newbe question. But what is MPLS? And what is it? Any one have a link they can point me too? Just trying to learn more. Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64898t=64898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
??? Etherchannel ??? [7:64900]
Ok please don't be annoyed I have another vocab question. I know what Ethernet is and I'm fairly sure fiberchannel is basically some sort of fiber line. What is Ether channel? And where is it commonly used. Any one have a good link? Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64900t=64900 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Security News Groups [7:64907]
Hello all, I saw a post a little bit ago about security news groups. I'll ask again because I also have been looking for one. Any one know of a good security news group? If so please share. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64907t=64907 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
??? 2 Default Gateways ??? [7:64913]
Hello all I was just wondering if you could have 2 Default gateways, using static routes? If so what would you do just enter the ip default route command twice? Also will the router auto detect if one of those routes goes down and pass traffic only to the active interface. I know you can do load balancing with routing protocols, but it seems to me that if you were on a stub, why would you want to run a routing protocol? I'm interested in this because of a post a while back. Any info would be helpful. Thanks, Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64913t=64913 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
EtherChannel - WOW Thats great [7:64940]
That's for all the info on Ether channel. What a wonderful idea. Is Ether channel hard to set up? I don't have the 100 Mb routers to try this at home or even 2 100Mbs switches. Does any one have a sample config file form a router or switch that uses it? Thanks again all you are all great ( especially those who answer my questions! ) Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64940t=64940 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
??? collapsed backbone ??? [7:64467]
Hello all, in a recent post I saw the term collapsed backbone. I know that the network backbone is usually a high speed connection that a server farm sits on, and could even extend out to your IFD's. However I'm fuzzy on the term collapsed backbone. What dose this imply. Thank you all, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64467t=64467 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF attempting to form adjacencies with non-DR/BDR [7:64468]
Kelly, I'm going to take a stab at this because I JUST started working with OSPF in my lab at home. However, in the Cisco doc.s they were saying it's good practice to set your priority level to zero. Actually here is the paragraph. OSPF routers all have the same priority value by default: 1. You can assign a priority from 0 to 255 on any given OSPF interface. A priority of 0 prevents the router from winning any election on that interface. A priority of 255 ensures at least a tie. The Router ID field is used to break ties; if two routers have the same priority, the router with the highest ID will be selected. You can manipulate the router ID by configuring an address on a loopback interface, although that is not the preferred way to control the DR/BDR election process. The priority value should be used instead because each interface can have its own unique priority value. You can easily configure a router to win an election on one interface, and lose an election on another. This is from the Cisco Semester 5 Networking academy. I hope it helps. Also the info was saying if you wanted to make one router always be the DR to set the loopback address a very high ip address. This ensures that as long as the router is up the loopback with the highest address will always be the DR. Just a request for all who read this. Please let me know if this is correct. As I stated I'm just starting on OSPF and would love feed back to see if I am understanding this correctly. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64468t=64468 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multiple WAN Connections to a Network [7:64469]
Terry, I'm not totally sure what you are doing with your setup. Are you web hosting and you have the 2 connections up for fault tolerance? or some other reason. Unless I am mistaken is you are running between to AS's on the net you need to use BGP. ( Please all correct me if I'm wrong, I'm still a lowly CCNA ) But I know that when we had our Qwest line installed they asked us if we had another service provider for this reason. Also if you are a stub network why not use default routes? Like I said it's hard to say for sure with out knowing what your doing. That's just what occurred to me. Hope it helps. Again please to all in the group correct me if I am mistaken, I'm more than happy to be corrected if it means I have a greater understanding of the subject. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64471t=64469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF into RIP redistribution [7:64502]
First I'm sorry if this has been asked before, but I'm just looking for a general overview and maybe a few good links. I've been told that there are some issues with RIP and OSPF redistribution. If so what are they and why. Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64502t=64502 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 2501 DC Power adaptors ? [7:64300]
I just had this prob. I got a router for my home lab that had DC power. Actually I just swapped an AC power supply from the same series router that I had into the one I wanted to use and it works just fine. Hope that helps, also I'm sure you can find them on e-bay. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64344t=64300 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
routername(boot) ??? [7:64188]
I have recently received some routers for a home lab. When I boot one it displays the following. routername(boot) what is this (boot) mean and how do I get ride of it? I've worked on routers before and never seen this. Thanks in advance. Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64188t=64188 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
??? IS-IS ??? [7:63875]
Hello All, I'm wondering was IS-IS is. No pun intended. I'm assuming it's a routing protocol? I've gone through Cisco, CCNA acad. and have my CCNA and I've even started going over Semester 5 for the CCNP, but IS-IS is no where to be found... Is this a new protocol? Or does someone know where I can find a good over view? Thanks for brain food, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63875t=63875 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Wildcard Masking on the BSIN Exam [7:63887]
Any one know if they cover wild card masking in depth on the BSIN Exam? Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63887t=63887 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
The CCNP BSIN ( I Think Exam ) [7:63749]
I have been readibng through the boards and from what I've seen the new CCNP Routing exam seems to be a bear. This is the next test I am studying for. Any one out there that have passed the test, that can give me a generally study out line? Also what books or test prep did you use. You guys ( and ladies ) are all great, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63749t=63749 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Telnet Hole [7:63627]
I was told that there was a telnet security hole in Cisco's IOS. I was told there was a way where you could specify a level to telnet into and doing so could over ride passwords set on the VTY term. Does any one know if this is true? Second has it been patched in IOS 12.x? and lastly how is this attack performed Thank you, Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63627t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Where to Start for CCNP [7:63630]
I recently passed my CCNA, and I am interested in starting on my CCNP. I am taking classes at a local college that offers 10 week classes based around each of the 4 tests. Basically the CCNP path lasts 40 weeks. I start in the fall and I wanted to get a jump start on my learning as I have been told the skill level between the 2 certs is great. I have a few low end routers as home, and 1 5000 switch. Can any one point me in the right direction as far where I should start? Should I just buy a book on OSPF or BGP for the routing section? Or is there a better way. Thanks all, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63630t=63630 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Telnet Hole [7:63627]
Larry, Thank you for your reply, however what I was speaking of did not involve SSL. I know this may seem strange I know I am not mistaking. I checked with my Cisco instructor and he also remembered the exploit. The instructor even verified the passwords and config on the router. I am assuming he knows what he is doing because he is certified by Cisco to teach. He however could not recall how to preform the attack. This attack involed straight Telnet. I know in our labs at school we use IOS 11.2, and the attack was successful. Any one else know of this? Thank you, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63635t=63627 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Site to Site VPN Monitering on PIX [7:62676]
CiscoWorks VMS 2.1 -- RFC 1149 Compliant. Curious wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have setup Site to Site VPN between our corporate PIX 515 and our developers PIX 501, i want to moniter the VPN traffic of these Site to Site VPN connections. Please tell me what tools are available to accomplish this. thanks, -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62693t=62676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Route Summarization [7:62347]
Hello All, I have a question about route summarization. I was reading over the material from Cisco on the matter, I was wondering; or actually assuming. If you want to have route summarization in place to you need continuos network numbers? I know that the docs. said you would send a network address upstream that would reflect the bit that are common to all networks thus decreasing the size of the routing tables which is great. But what if someone else owned a network block on the net that was randomly missing from your group? Again, I can only assume that you must have all continuous networks. Is this correct, or am I missing something? Thank you all, Steven Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62347t=62347 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP from behind PIX [7:60859]
Just so I understand (crypto is a tough subject for me), if one knows the length of a packet before crypto processing, it becomes a weakness because(fill in the blank). Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... At 12:03 AM + 1/13/03, Steven A. Ridder wrote: I agree with Matt. The PIX 515 introduces jitter. Not sure what the Cisco IPT Safe document is talking about. This may be a rather obscure point, but if a cryptographic device takes different amounts of time to encrypt and decrypt equal-length blocks of text with different contents, it is a cryptographic vulnerability and may also provide a covert channel. These time differences, however, have to be constant. If they are simply a function of processing load, there is no vulnerability. Latency is not a cryptosecurity issue, although, obviously, it can affect speech intelligibility. Matt Hill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good luck.. However you will get latency and jitter issues during the time the PIXs encrypt/decrypt the voice packets... Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Simer Mayo Sent: Friday, 10 January 2003 6:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: VoIP from behind PIX 1. Will PIX 515 handle VoIP traffic? 2. Will PIX 501 handle VoIP traffic? 3. Can we VPN between 2 (site-to-site) and pass VoIP traffice thru the VPN Thanks Simer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60956t=60859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fragmentation question [7:60643]
Thanks! I was just curious. What about L2 headers in Frame Relay Fragmentation (frf.12)? Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Steven A. Ridder wrote: Does anyone know if a packet is fragmented, that the specific values in a field are replicated across all headers of the fragmented packets, or just the first one? Meaning, if I have a packet that has IP Prec 5, and a router along the way has to fragment the packet, would it be so kind as to put IP Prec on all the headers? Yes, it should. Per RFC 791, a router (or gateway as the RFC calls it) copies the contents of the header fields from the original datagram into the new headers of all the fragments. Of course, the following fields may change, however: (1) options field (2) more fragments flag (3) fragment offset (4) internet header length field (5) total length field (6) header checksum Also, with the options field, options may or may not be copied into each fragment. There's a bit that the sender can set saying whether they must be or not. But in general, all bits and bytes are copied into each fragment IP header. Prscilla Steve Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mossburg, Geoff (MAN-Corporate) wrote: Thanks for clearing that up; No problem. I don't mind being told I'm mistaken. I recently decided that the only way I'm really going to learn from this group is to take a chance on confirming what I THINK I know, and asking questions about what I DON'T know. :) A lesson in humility, to be sure. I know what you mean. I like to pretend to be an uber goddess of all things tech, but to learn, I have to admit to lots of cluelessness in some areas. It can be a bit painful, but definitely worth it! :-) Priscilla GM -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 5:35 PM To: [EMAIL PROTECTED] Subject: RE: fragmentation question [7:60643] Mossburg, Geoff (MAN-Corporate) wrote: Someone correct me if I'm wrong: OK, you're wrong. :-) Look it up or use a protocol analzyer. All the fragments have the TCP/UDP/IP headers, or else they can't be routed to their destination. Routing to their destination just requires the IP header, which is in each fragment. The TCP or UDP headers are not in the fragments, past the first one. The IP layer at the end device puts it all back together and hands the packet to the TCP or UDP layer. TCP or UDP get the full packet and can route it to the correct process, based on the destination port number. Fragmentation is just a way of breaking up the data payload into smaller Data payload from IP's point of view. packets, but it puts individual headers on each packet. MTU is the total size of each packet, including the header. The term isn't always used that way, though. GM -Original Message- From: Paul Dong So [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: fragmentation question [7:60643] Hi All, Please shed a light on this as I am confused. Fragmentation for UDP/TCP: * Only the first fragment contains the UDP or TCP header, not the sequencial fragments? Fragementation for IP packets * every fragmented packet will contains ip header? MTU 1500 bytes, doesn't it mean the data payload can not exceed 1500 bytes or the whole packet size(payload+header) can not exceed 1500 bytes? Thanks in advance Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60958t=60643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP from behind PIX [7:60859]
I agree with Matt. The PIX 515 introduces jitter. Not sure what the Cisco IPT Safe document is talking about. Matt Hill wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good luck.. However you will get latency and jitter issues during the time the PIXs encrypt/decrypt the voice packets... Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Simer Mayo Sent: Friday, 10 January 2003 6:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: VoIP from behind PIX 1. Will PIX 515 handle VoIP traffic? 2. Will PIX 501 handle VoIP traffic? 3. Can we VPN between 2 (site-to-site) and pass VoIP traffice thru the VPN Thanks Simer Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60923t=60859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: fragmentation question [7:60643]
Does anyone know if a packet is fragmented, that the specific values in a field are replicated across all headers of the fragmented packets, or just the first one? Meaning, if I have a packet that has IP Prec 5, and a router along the way has to fragment the packet, would it be so kind as to put IP Prec on all the headers? Steve Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Mossburg, Geoff (MAN-Corporate) wrote: Thanks for clearing that up; No problem. I don't mind being told I'm mistaken. I recently decided that the only way I'm really going to learn from this group is to take a chance on confirming what I THINK I know, and asking questions about what I DON'T know. :) A lesson in humility, to be sure. I know what you mean. I like to pretend to be an uber goddess of all things tech, but to learn, I have to admit to lots of cluelessness in some areas. It can be a bit painful, but definitely worth it! :-) Priscilla GM -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 5:35 PM To: [EMAIL PROTECTED] Subject: RE: fragmentation question [7:60643] Mossburg, Geoff (MAN-Corporate) wrote: Someone correct me if I'm wrong: OK, you're wrong. :-) Look it up or use a protocol analzyer. All the fragments have the TCP/UDP/IP headers, or else they can't be routed to their destination. Routing to their destination just requires the IP header, which is in each fragment. The TCP or UDP headers are not in the fragments, past the first one. The IP layer at the end device puts it all back together and hands the packet to the TCP or UDP layer. TCP or UDP get the full packet and can route it to the correct process, based on the destination port number. Fragmentation is just a way of breaking up the data payload into smaller Data payload from IP's point of view. packets, but it puts individual headers on each packet. MTU is the total size of each packet, including the header. The term isn't always used that way, though. GM -Original Message- From: Paul Dong So [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: fragmentation question [7:60643] Hi All, Please shed a light on this as I am confused. Fragmentation for UDP/TCP: * Only the first fragment contains the UDP or TCP header, not the sequencial fragments? Fragementation for IP packets * every fragmented packet will contains ip header? MTU 1500 bytes, doesn't it mean the data payload can not exceed 1500 bytes or the whole packet size(payload+header) can not exceed 1500 bytes? Thanks in advance Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60924t=60643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco IP Telephony Certification.... [7:59274]
Hi, So far I have not heard any response, appreciate greatly if someone can share some lights on this topic. Thank you.. With regards Steven Quek HP Network Ser vices Hewlett Packard Singapore Sales (Pte.) Ltd. DID: 65-6374 9369 Mobile: 65-9797 4526 -Original Message- From: Quek, Steven Sent: Monday, December 16, 2002 2:12 PM To: [EMAIL PROTECTED] Subject: Cisco IP Telephony Certification [7:59274] Hi, I believe this has been posted before, I wish to pursue the Cisco IP Telephony track. Like to check which Cisco Press book must I get hold to read up for the tests. From the Cisco URL they have revised and named it as Enterprise Voice Over Data Design. Deploying QoS For Enterprise Network. These 2 tests you must passed to get Specialized. Hopefully you can let me know the passing marks and time needed for the tests. Appreciate anyone out there can provide me other valuable information so that I can work on it. Thanks again have a Merry Christmas. With regards Steven Quek Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59367t=59274 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco IP Telephony Certification.... [7:59274]
Hi Juan, Munit Binh, Appreciate very much for the information. Merry Christmas to all. With regards Steven Quek HP Network Ser vices Hewlett Packard Singapore Sales (Pte.) Ltd. DID: 65-6374 9369 Mobile: 65-9797 4526 -Original Message- From: Juan Blanco [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 12:03 AM To: [EMAIL PROTECTED] Subject: RE: Cisco IP Telephony Certification [7:59274] Steve, The following will be a start for your goal.. CIPT 9E0-402 Cisco IP Telephony by ciscopress - David Lovell Cisco IP Telephony Network Design Guide http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/network/ Cisco IP Telephony Solution Guide http://www.cisco.com/warp/public/788/solution_guide/index.html DQoS 9E0-601 DQoS is all QoS, pretty straight forward. Hands on experience helped quite a bit. There is a QoS book from Cisco Press, the book is a few years old and is poorly layed out. The IOS 12.2 QoS guide follows the exam blueprint pretty closely and is a great reference. Cisco AVVID QoS Guide http://www.cisco.com/univercd/cc/td/doc/product/voice/ip_tele/avvidqos/index .htm Cisco IOS QoS Solutions Guide 12.2 http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos _c/ CVOICE 9E0423 Cisco Voice over Frame relay, ATM and IP by ciscopress - Steve McQuery http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/voice _c/vcprt1/index.htm Be aware that for this kind of certification you need to find as many pdfs as possible related to the topic because the technology is still going trough many changes The order of taking the test I recommend is the following: DQoS --- CVOICE --- CIPT Good luck, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Quek, Steven Sent: Tuesday, December 17, 2002 9:50 AM To: [EMAIL PROTECTED] Subject: RE: Cisco IP Telephony Certification [7:59274] Hi, So far I have not heard any response, appreciate greatly if someone can share some lights on this topic. Thank you.. With regards Steven Quek HP Network Ser vices Hewlett Packard Singapore Sales (Pte.) Ltd. DID: 65-6374 9369 Mobile: 65-9797 4526 -Original Message- From: Quek, Steven Sent: Monday, December 16, 2002 2:12 PM To: [EMAIL PROTECTED] Subject: Cisco IP Telephony Certification [7:59274] Hi, I believe this has been posted before, I wish to pursue the Cisco IP Telephony track. Like to check which Cisco Press book must I get hold to read up for the tests. From the Cisco URL they have revised and named it as Enterprise Voice Over Data Design. Deploying QoS For Enterprise Network. These 2 tests you must passed to get Specialized. Hopefully you can let me know the passing marks and time needed for the tests. Appreciate anyone out there can provide me other valuable information so that I can work on it. Thanks again have a Merry Christmas. With regards Steven Quek Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59423t=59274 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco IP Telephony Certification.... [7:59274]
Hi, I believe this has been posted before, I wish to pursue the Cisco IP Telephony track. Like to check which Cisco Press book must I get hold to read up for the tests. From the Cisco URL they have revised and named it as Enterprise Voice Over Data Design. Deploying QoS For Enterprise Network. These 2 tests you must passed to get Specialized. Hopefully you can let me know the passing marks and time needed for the tests. Appreciate anyone out there can provide me other valuable information so that I can work on it. Thanks again have a Merry Christmas. With regards Steven Quek Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59274t=59274 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: callmanager 3.3 [7:59160]
Supposedly by end of the month. Docs and stuff are slowly trickling out, but noting good yet. -- RFC 1149 Compliant. supernet wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Several months ago, Cisco TAC told me that CallManager 3.3 would be released in Nov. this year. Is it out yet? I don't see it in Cisco download area. Thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59169t=59160 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - Missed it by that much - CCIE Lab report [7:58587]
was your problem split horizon? The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... In the words of the esteemed Maxwell Smart, missed it by that much. Good test. Liked it a lot. Can't say much about the content, obviously. The 3550's were there. I think that those who have expressed reservations about this will find little to worry about. The Lab writers did a pretty good job of integrating the devices into the rack and the exam. I think I was more surprised by what I did NOT see than by what I did see. Wish I could say more. There were the usual off the wall requirements. I knew the names, or had heard of the technology, but had never practiced it. Here's where the doc CD came in handy. It was very easy to locate the information and do the required configuration. I did have one very odd problem I was unable to solve. My own practice, not to mention the doc CD configuration guide, told me that a particular configuration should have worked. But it didn't. I've mocked up the configuration here at home, and it took a total of 10 minutes to start from a router with no configuration and have it up and running correctly. But in the Lab it just would not work. I have an inquiry in to the CCIE Lab folks, asking them to check the rack. I believe there is a physical problem, although for the life of me I cannot come up with a plausible explanation as to why. I would get more specific, except this would be a direct violation of NDA. I will say that anyone who sits at rack 12 in San Jose - if you are absolutely certain your configuration is correct, tell the proctor. I hesitated to do so, and I paid the price. You'll know when you see it ;-) I did one stupid thing, and the more I think about it, I should have corrected it immediately when I discovered it. When I first created my notepad file with my alias commands, I stupidly did most of them as alias configure rather than alias exec Given that the lab is graded pretty much by scripts, I have this bad feeling that this mistake may have interfered with the operation of some of those scripts, meaning that I was not given credit for successfully completed tasks just because the script was unable to function properly. You are no longer given a point total in your report. When I counted up points in the late afternoon, I thought I had between 60 and 70. I had no reachability problems, save to one interface, and that interface had nothing depending upon it. I knew I didn't have enough points to pass, but I thought I was close. To judge from my score report, the final total was maybe 35-45 depending. As those of you who have been there know, the dependings will kill you every time. :-) I can say I had a lot of fun doing this test. That's probably part of the reason I failed - I'm having too much fun. I can also say I'm hot to trot. I can taste it. I'm yay close to passing, and I want back in as soon as I can get there. You can bet I'm checking CCO regularly for those open dates. Afterwards, I had the pleasure of hooking up with groupstudy regular Larry Letterman. Larry - thanks for the tour - it was impressive. I was reminded of exactly why I got into the tech business in the first place - the desire to do things like you are doing, important things, things that keep businesses competitive. You're doing a great job and I appreciate your taking some time to show me what you're working on. well, another time. Back on the road again. -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58587t=58587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: is there anyone migrating isdn backup to dsl b [7:58568]
I say DSL has no multi-service (or very limited) capabilities. There isn't much in terms of QoS, LFI or other voice/video tools. Plus there is no QoS across the DSL network (if over Internet) and no standard nation-wide (no National provider). If you say, there is no voice going across network, or video, then you are doing your client a dis-service by providing no upgrade path towards that eventual path. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... It sounds like DSL has a low mean time between failure (MTBF) but a high mean time to repair (MTTR), which can be just as bad, especially if it's your only backup. Of course, your mileage may vary (YMMV), depending on the service provider. Also, a service level agreement (SLA) would help, as Chuck mentions. Does that message set a record for the number of acronyms used? :-) Priscilla The Long and Winding Road wrote: Mirza, Timur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... we are looking to migrate isdn backup at our retail stores to dsl...is there anyone that has performed this already? CL: having done a number of data networks that were DSL based ( but none migrating ISDN to DSL ) I can offer this consideration: if a DSL link goes down for whatever reason, it may take more than a couple of days for your telco to get it back up and working. You will want to have some solid service level agreements in place. DSL on the whole is extremely reliable. The problem tends to be during those rare instances when it is down for whatever reason, some telcos seem to have DSL repair low on their priority list. CL: other than that caviat, why not? Timur Mirza Principal Network Engineer Network Planning Engineering, West Region 15505-B Sand Canyon Avenue Irvine, California 92618 Verizon Wireless 949.286.6623 (o) 949.697.7964 (c) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58589t=58568 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Enterprise technologies [7:58493]
I'd focus on Avvid technologies, centraly managed security and storage solutions across nation-wide networks and public Internet (Cisco Works/ACS), and on-line collaboration tools using open standards like LDAP, X.509, h.323/SIP, etc. That is where Enterprises are moving. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I may be starting a new project doing some writing about technologies used in enterprise networks. (read not service provider) Do I need to cover IS-IS? Or is it mainly ISPs that use this? How about MPLS? I should discuss it briefly, but aren't the main users of MPLS ISPs, not enterprise networks? Anyone using GARP? That's on my list to research too. I thought that Garp was a hero in a John Irving book. Alas, I have a lot to learn. Thank-you VERY much for answering these quick questions. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58590t=58493 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: AW: Port Security on 3550 based on given MAC-Addre [7:58591]
You are correct. I read it too quickly. William Lijewski wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, The default for the maximum number of mac-addresses is one, and the default violation is shutdown. Bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58591t=58591 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 based on given MAC-Address and [7:58326]
Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58326t=58326 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 based on given MAC-Address and [7:58332]
No, just do the mac address. That's what they're looking for. Then limit it to 1, because the default is 150. On another note, what does the AW in the subject line (RE: in English)stand for in German? I used to live in y and I can't think of the word... MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Because there must be a way, and I was asked about it in our Company. I know there is some secret behind ! -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Steven A. Ridder Gesendet: Samstag, 30. November 2002 13:42 An: [EMAIL PROTECTED] Betreff: Re: Port Security on 3550 based on given MAC-Address and [7:58326] Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58332t=58332 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Port Security on 3550 based on given MAC-Address and [7:58331]
MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Because there must be a way, and I was asked about it in our Company. I know there is some secret behind ! -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Im Auftrag von Steven A. Ridder Gesendet: Samstag, 30. November 2002 13:42 An: [EMAIL PROTECTED] Betreff: Re: Port Security on 3550 based on given MAC-Address and [7:58326] Don't worry about the IP address. The command you had was correct. Why do you ask? -- RFC 1149 Compliant. MK wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... How can I configure PortSecurity based on MAc-Address and IP-Address. I only know about switchport port-security mac-address but there must be a way to manage this in conjunction with an IP Static ARp entry Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58331t=58331 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multicast QOS Book .....Any Good?? [7:58137]
I heard from Wendel Odom himself that he is coming out with a Cisco-press QoS book for the Exam, so I'd wait for that. I thought I heard December. -- RFC 1149 Compliant. dre wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, Has anyone used this book by Carl Timm for the CCIP MCast and Qos exam published by Sybex? Is it worth it to buy this book? How much does it help just to pass the exam?Thanks for all your input.Sincerely. Ccip: Multicast and Qos Study Guide Carl Timm Jeff Witkowski I would concentrate on passing the BSCI and MPLS tests before bothering with the MCAST/QOS CCIP exam (unless assuming you have already passed both). I really like Doyle (Vol. II) and Vegesna (Cisco Press IP QoS) for studying for this material. The multicast info on ftp-eng.cisco.com should suffice for the most part. I would instead recommend reading Vegesna and CCO a few times about QoS/MQC/etc and then going through the formal training (the web-based training is generally $499) if you fail the test once: TRN-QOS: Implementing Cisco QoS (QOS) v1.0 http://www.cisco.com/pcgi-bin/front.x/wwtraining/CELC/index.cgi?action=Cours eDescCOURSE_ID=1583 rather than buying the Sybex book mentioned. -dre Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58159t=58137 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP Testing :MOS Vs PQSM [7:58061]
Just use the MOS charts alread yout there and not worry about it. Why reinvent the wheel? -- RFC 1149 Compliant. neil K. wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Guys, VoIP Testing, do you go by MOS or PQSM. I mean when testing VoIP will perform on a network before implementing it. There are many tools that give a MOS score and many other tools give a PSQM report. What do you recommend? Thanks, Neil K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58066t=58061 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Multicast Traffic Question [7:57932]
ping a multicast address. -- RFC 1149 Compliant. H wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have just started to study for Multicast, and I am wondering whether there is any simulator / programs that can simulate Multicast traffic. Also, can I use a Cisco router to act as Multicast Source (pumping out Multicast traffic), or used it as a Group member?? Sorry if these are silly questions, but any advice would be greatly appreciated. Regards, H. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57933t=57932 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Block MSN Messenger [7:57595]
no. don't waste your time. Ahed Naimi wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear All; Is there any way to block MSN Messenger by using the access-list statements on an IOS Cisco router. Thanks All. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57607t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Networkers download sessions [7:57587]
I lost it. Could you post it please? thanks Steve Howard C. Berkowitz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks. I have the information. At 1:37 AM + 11/18/02, Howard C. Berkowitz wrote: I confess to having download problems with a couple of recent Networkers sessions. I was able to get to the recent European one (www.cisco.com/global/EMEA/networkers/), but at least half of the optical and routing presentations I downloaded had PDF file errors. Has anyone else had this problem? On going to www.cisco.com/networkers/nw02/pres, I can find the abstracts but not the download page similar to the one for '00 and '01. Is there no download page yet for '02? TIA, Howard Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57592t=57587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF adjacencies [7:57410]
It looks like the options in the packets do not march. Any way to get a sniffer on there to see what each is sending as options. It could also be a priority issue if the network is a broadcast/nbma network where neither is being elected a DR? Finally, could a checksum be bad? -- RFC 1149 Compliant. Jenny McLeod wrote in message news:200211140127.BAA14210;groupstudy.com... OK, I'll admit this is a real-life problem, not strictly a study question. I have a couple of OSPF adjacencies that refuse to start up. Just to make this entertaining, these are not router to router - they are Cisco to mainframe, over a CIP. Five IP stacks neighbour the router - two are OK, three get stuck in EXSTART/EXCHANGE. The five IP stacks also connect to a different router, and these adjacencies are fine. It looks to me like the classic MTU mismatch symptoms, but a printout of the m/f definitions shows the MTUs to be 4096, as does show int on the router. I'll get the m/f guru to check the definitions for white space - I don't know if that will affect it. There have been various m/f changes lately (and a couple of router ones) errors may have crept into the configs. What has me baffled is some of the debug output from the router (debug ip ospf events). Nov 14 11:51:14.121 ESuT: OSPF: Rcv DBD from x.x.x.x on Channel6/0 seq 0x3DCDF2DA opt 0x2 flag 0x7 len 32 mtu 0 state EXCHANGE Nov 14 11:51:14.121 ESuT: OSPF: Send DBD to x.x.x.x on Channel6/0 seq 0x3DCDF2DA opt 0x42 flag 0x2 len 1472 The debug doco isn't particularly detailed for this command, but I assume opt refers to the options field. RFC 2328 seems to think that the first two bits of the options field should be cleared, so the value of 0x42 being sent by the router surprises me. Obviously the value of MTU being reported in the received DBD is also a concern! Other debug output indicates that the m/f sends the same DBD several times (same seq), which the router acks, then after this is received several times the router claims Nov 14 11:51:20.037 ESuT: OSPF: EXCHANGE - OPTIONS/INIT not match Nov 14 11:51:20.037 ESuT: OSPF: Bad seq received from 92.1.2.20 on Channel6/0 Is anyone aware of any other gremlins that cause similar symptoms? Or any other ideas? Thanks, JMcL Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57413t=57410 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DQOS course and the CCIE Lab?? [7:57154]
I'd recommend knowing QoS in and out for the new lab format, as those are topics I think Cisco wants you to understand. As people have been saying for a while, they took out TR and IPX, but they have to replace it with something. Cisco Nuts wrote in message news:200211090308.DAA08923;groupstudy.com... Hello,Does anyone have any recommendation/comments regarding the DQos course from Cisco regarding the CCIE Lab exam? I mean, how much would topics out of this course be covered in the new Lab as of the 4th? Topics like Nbar, Diffserv, CBWFQ etc.Is it worth taking the course in terms of preparing for the Lab exam? And also, would Qos topics be asked in relation to the 3550 switch?Any ideas?Please advise.Thank you.Sincerely. MSN 8 helps ELIMINATE E-MAIL VIRUSES. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=57156t=57154 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The 1250$ question [7:56898]
I've been studying too hard, because I thought this was a REGEX question. Greg Nathan wrote in message news:200211051415.OAB12451;groupstudy.com... Hello fellow ciscoites The question should include vat because that is is what cisco charge for the lab, 1500$. CCIE topics are well covered by now, and every candidate has a fair idea of what to concentrate his sudies on. However, reading through some of the posts on the 3550 and the speculations on topics and features one will be tested on I find little to work on. I am staring at the 3550 on my desk wondering what I should concentrate on practising first. Any realistic speculations anyone? I heard Vlan tunneling, etherchannel etc. But then the magic word: QOS. This can mean quite a lot. Could anyone narrow this down? Much appreciated if you could. PS Being the realist, I see myself carpet bombing all possible topics to have any chance of covering the lot. But a bigger degree of focus would really help. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56909t=56898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco 3550 study materials and resources [7:56725]
I think they may focus on QoS stuff, but we'll see (I'll be prepared for everything) as I'm taking the new test this Friday. I know that they'll have 2 Cat 3550's from what they said in the summer, so I guess trunking, etherchannel and other things like you mention, VLAN tunneling may pop up as well. Just as in the Routing and Bridging part, you'll need to focus on the weird and twisted things they can come up with with these new switches. We'll see... Juan Blanco wrote in message news:200211032314.XAA24604;groupstudy.com... Chuck, Great job, we all appreciate your valuable time on doing this homework Keep it up and good luck in your coming LAB Juan Blanco -Original Message- From: [EMAIL PROTECTED] [mailto:nobody;groupstudy.com]On Behalf Of The Long and Winding Road Sent: Sunday, November 03, 2002 2:39 PM To: [EMAIL PROTECTED] Subject: Cisco 3550 study materials and resources [7:56725] As of this morning, I have been able to verify the following resources for Cisco 3550 study and practice. By Monday, not only will these switches be in the CCIE Lab, but test takers will be responsible for all L2 and L3 functionality, including things like VLAN tunneling, BGP, and a wealth of other things. This otter be fun! 1) Configuration guides and command references on CCO http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12111ea1/index.htm watch the wrap 2) NLI ( www.ccbootcamp.com ) I spoke to Mark Russell. Somewhere on the site there is a free white paper covering 3550 basics. To judge from the web site, it appears that 4 of the 5 rental racks have 3550's in them. Mark also said that his package of updated and new scenarios is due real soon now I'd like to say in a couple of weeks, but I don't remember if that's exactly what Mark said. 3) IPExpert ( www.ipexpert.net ) has a new study guide out, which includes scenarios with the 3550. The web site says that there are 3550's in the rental racks. ( The diagram needs to be updated. ) 4) Hello Computers ( www.hellocomputers.com ) has rental racks that include 3550's. They also sell a Lab study book with 24 scenarios and an optional rack access purchase, including consulting with a CCIE 5) There are any number of e - bay auctions of rack rentals. rack rental seems to be a going concern these days. 6) Certification Zone ( www.certificationzone.com ) has announced the release of my white paper on the 3550. For a limited time, non subscribers may download the two 3550 Lab scenarios with sample configurations that I wrote as part of this white paper free of charge. Subscribers get the white paper, the QA, and the labs. ( disclaimer - I was paid to write the Cert Zone material, so I have a vested interest in its success ) Hope this helps. Chuck Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56778t=56725 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Storage Area Networking [7:56857]
We in the Cisco world are just entering the SAN arena, but it isn't new technology. The only new thing will be iSCSI. My company is HP and EMC's largest reseller, so we have been doing this stuff for a while, but it's brand new to me. I have been picking everyone's brains the past few months to understand what all the hubbub is about in the SAN arena. Here is what I have learned so far. The obvious: First off you need a off disk place to store the data should the HD fail. In the beginning there was the tape drive, usually connected to the same SCSI bus as the hard drives of the server. Since everything was SCSI, and local to the server, it was quick and speedy, and you didn't have to worry about disc timeouts, LUN addressing, or distance etc.. The limitation was obviously the challenge of managing potentially hundreds of tape drives. So someone came out with the idea of creating a large disc system that many servers could connect to via SCSI. This offered a more centralized solution for locally connected servers, but if a large company had many clusters of servers over a large city, state, country, continent and so on, this solution couldn't meet that need since the servers still connected to the central disc system via a SCSI bus. What was needed was a way to transport data over a network. At those times, 10/100 Ethernet was not fast enough, both because of the 100MB limitation (VS the GB speeds of a local SCSI bus) and the MTU of Ethernet. If I tried to transfer even a 512 byte chunk of data from a SCSI HD to another over Ethernet, the HD would timeout and give errors. I think this is where FC came in, with initial speeds of 1 GB and a direct encapsulation of raw SCSI data, eliminating the timeout issues and the MTU size, as a raw file could be large than 1500 bytes. The FC spec also offered a way to address LUN's on servers. The only problem I can find with FC is that there is no standardization as each FC switch vendor offers it's own flavor of FC, which in turn needs it's own approved FC cards for the server and each vendor of server/disc system needs to approve it's use. The next step is iSCSI, which will offer vendor interoperability and eliminate the separation of IP and FC networks. On the LAN end, Cisco is going after Brocade with a new Switch in the 9xxx family (can't remember the exact name) that, from a technical issue, beats any Brocade switch hands down (now if only the EMC's, HP's, Hitachi's and IBM's would certify it). The 9xxx has 128 ports on 1 bus, vs a large brocade that has 32 ports over 2 busses, for a total of 64. Not only that, the 9xxx switch looks like a Cat 6k, and therefore is modular, and can combine FC/IP/iSCSI all in 1 box. Cisco hasn't come up with a go-to-market strategy yet, but I have met with one of the Technical Product Managers at Cisco, and it's coming any day now, so expect to see Cisco go head to head with Brocade. That may tackle one issue, but I have other needs where I need Cisco today: Now the big thing is DR, where I can back up data over WAN's to a remote DR site. The problems I am encountering now is two fold: I can't use a Cisco WAN router to take FC on LAN end and send over WAN such as a T1 or T3. I have customers doing AVVID and storage, but it's over IP, and not FC or iSCSI. Cisco is off on the right foot with AVVID, but it needs an S at the end (S is for storage). Once I can combine all 4, (from what I can gather, storage is just another application with it's own needs- *CAN* use a ton of bandwidth and is latency sensitive like SNA or Video) I can tell large, LARGE enterprises that we have a great DR solution. I don't think that SAN's are for most companies, just the large ones. The other problem I have is that none of the Cisco gear is certified, and it doesn't matter how awesome Cisco's gear is, if the vendors won't certify it, then they will fail. If I had to add a third problem, I'd say iSCSI hasn't lived up to it's hype yet, and there are very few products (servers and disc systems) out there that offer native iSCSI. I am not a SAN expert, but I have seen more companies willing to invest in a SAN than a IP Tel network, so it's a good thing to learn, but not today. Priscilla Oppenheimer wrote in message news:200211050001.AAA21659;groupstudy.com... Is anyone using Storage Area Networking? How do you use it? How well does it work? What problems does it solve for you? It it really networking, the way we know the term?? It sounds like it's sort of the next generation of file servers, but it also sounds like it's just a new way of managing hard drives. I'm having a difficult time figuring out what it is really. Thanks for helping me understand it. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56871t=56857 -- FAQ, list archives, and
DHCP (client) problem on Cisco 2514 [7:56573]
Got this weird problem with a 2514 I use as a broadband router. I connect the router to a DSL modem, but it doesn't get an IP address assigned. I got the correct IOS, and have ip address dhcp configured on the outside interface. When I connect a PC directly to the DSL modem, it gets an IP address without any problems... Of course I release the IP again before I disconnect the PC. Also tried to statically assign the IP (obtained by DHCP with a PC) to my router, and everything works just fine... But my provider changes the IP every 24hrs. :-( I have other routers (not 2500s), but didn't have the time yet to try with those. Wonder if any of you got similar problems and knows what is wrong? Here is some debug output, FWIW YahooBB-Router# Oct 30 18:56:13 JST: DHCP: DHCP client process started: Oct 30 18:56:17 JST: DHCP: Shutting down from get_netinfo() Oct 30 18:56:17 JST: DHCP: Attempting to shutdown DHCP Client Oct 30 18:56:18 JST: DHCP: allocate request Oct 30 18:56:18 JST: DHCP: new entry. add to queue Oct 30 18:56:18 JST: DHCP: SDiscover attempt # 1 for entry: Oct 30 18:56:18 JST: DHCP: SDiscover: sending 298 byte length DHCP packet Oct 30 18:56:18 JST: DHCP: SDiscover 298 bytes Oct 30 18:56:21 JST: DHCP: SDiscover attempt # 2 for entry: Oct 30 18:56:21 JST: DHCP: SDiscover: sending 298 byte length DHCP packet Oct 30 18:56:21 JST: DHCP: SDiscover 298 bytes Oct 30 18:56:24 JST: DHCP: SDiscover attempt # 3 for entry: Oct 30 18:56:24 JST: DHCP: SDiscover: sending 298 byte length DHCP packet Oct 30 18:56:24 JST: DHCP: SDiscover 298 bytes [OK] YahooBB-Router# YahooBB-Router#%Unknown DHCP problem.. No allocation possible Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56573t=56573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: DHCP (client) problem on Cisco 2514 [7:56573]
I suppose posting the config would help... YahooBB-Router#sh run Building configuration... Current configuration : 1779 bytes ! ! Last configuration change at 16:42:47 JST Wed Oct 30 2002 ! version 12.2 no service single-slot-reload-enable service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime show-timezone service timestamps log datetime localtime show-timezone service password-encryption service udp-small-servers service tcp-small-servers ! hostname YahooBB-Router ! logging rate-limit console 10 except errors enable secret 5 $1$c9.a$lpUgd8kGiwWmFJ.yTpfAD. ! clock timezone JST 9 ip subnet-zero no ip finger ip name-server x.x.x.x ip dhcp excluded-address 192.168.1.1 192.168.1.15 ! ip dhcp pool PrivateNet network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server x.x.x.x ! ip cef no ip dhcp-client network-discovery ! ! ! ! interface Ethernet0 description toLAN ip address 192.168.1.1 255.255.255.0 ip nat inside no ip mroute-cache load-interval 30 ! interface Ethernet1 description ToYahooBB_Modem ip address dhcp ip nat outside no ip mroute-cache load-interval 30 ! interface Serial0 no ip address no ip mroute-cache shutdown ! interface Serial1 no ip address no ip mroute-cache shutdown ! ip kerberos source-interface any ip nat inside source list 101 interface Ethernet1 overload ip classless ip route 0.0.0.0 0.0.0.0 ethernet 1 no ip http server ! access-list 1 permit x.x.x.x 0.0.0.255 access-list 1 permit x.x.x.x 0.0.0.255 access-list 1 deny any log access-list 101 permit ip 192.168.1.0 0.0.0.255 any ! ! line con 0 exec-timeout 500 0 transport input none line aux 0 transport input all line vty 0 4 access-class 1 in exec-timeout 500 0 password 7 xxx login ! ntp clock-period 17180016 ntp server x.x.x.x ntp server x.x.x.x end YahooBB-Router# Steven wrote in message news:200210310447.EAA24091;groupstudy.com... Got this weird problem with a 2514 I use as a broadband router. I connect the router to a DSL modem, but it doesn't get an IP address assigned. I got the correct IOS, and have ip address dhcp configured on the outside interface. When I connect a PC directly to the DSL modem, it gets an IP address without any problems... Of course I release the IP again before I disconnect the PC. Also tried to statically assign the IP (obtained by DHCP with a PC) to my router, and everything works just fine... But my provider changes the IP every 24hrs. :-( I have other routers (not 2500s), but didn't have the time yet to try with those. Wonder if any of you got similar problems and knows what is wrong? Here is some debug output, FWIW YahooBB-Router# Oct 30 18:56:13 JST: DHCP: DHCP client process started: Oct 30 18:56:17 JST: DHCP: Shutting down from get_netinfo() Oct 30 18:56:17 JST: DHCP: Attempting to shutdown DHCP Client Oct 30 18:56:18 JST: DHCP: allocate request Oct 30 18:56:18 JST: DHCP: new entry. add to queue Oct 30 18:56:18 JST: DHCP: SDiscover attempt # 1 for entry: Oct 30 18:56:18 JST: DHCP: SDiscover: sending 298 byte length DHCP packet Oct 30 18:56:18 JST: DHCP: SDiscover 298 bytes Oct 30 18:56:21 JST: DHCP: SDiscover attempt # 2 for entry: Oct 30 18:56:21 JST: DHCP: SDiscover: sending 298 byte length DHCP packet Oct 30 18:56:21 JST: DHCP: SDiscover 298 bytes Oct 30 18:56:24 JST: DHCP: SDiscover attempt # 3 for entry: Oct 30 18:56:24 JST: DHCP: SDiscover: sending 298 byte length DHCP packet Oct 30 18:56:24 JST: DHCP: SDiscover 298 bytes [OK] YahooBB-Router# YahooBB-Router#%Unknown DHCP problem.. No allocation possible Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56574t=56573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Redistributing RIP into OSPF Lab practice [7:56313]
THe trick is to see if you can do it in 1 access-list statement. I think it can be done in 1. -- RFC 1149 Compliant. J B wrote in message news:200210252026.UAA12924;groupstudy.com... Thanks for the Help JB Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56364t=56313 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: redistributing question... [7:56327]
without looking at the lab, try summary address at the (or all) ospf asbr's. -- RFC 1149 Compliant. Edward Sohn wrote in message news:200210260007.AAA12983;groupstudy.com... I'm working on Solie's skynet lab... If one router (R2) redistributes summarized EIGRP routes (from R5) into OSPF (R1,R2,R3,R4), and then OSPF is redistributed into IGRP (R6), how do I make the IGRP domain see the EIGRP routes? In the /24 mask OSPF domain, the redistributed EIGRP routes show up as a /15 mask. I know this is why they won't go into IGRP, but I don't know how to solve the problem without using statics, which I am not allowed to do. For more info, please see the lab...i can't figure it out using the downloaded PDF solutions, either... Anyone? Thanks, Eddie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56336t=56327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off topic - my first AVVID install [7:56305]
I'm gone for a week, and already I'm being attacked :) -- RFC 1149 Compliant. The Long and Winding Road wrote in message news:200210251844.SAA20015;groupstudy.com... Someone a lot smarter than I did the intelligent work - i.e. the call plan and the server configuration. I was one of the warm bodies corralled to do installation of the desk sets. Some idle thoughts. ( Mr. RFC 1149 Compliant is free to laugh loudly at me and make denigrating comments :- ) 1) there is no glamour in deploying IP phones. About the only difference between deploying a phone and deploying a computer is that phones are a LOT lighter. However, when deploying phones it's still doubly difficult because you end up having to string the PC cable over to the phone ( to get the in line power ) and then the phone cable back to the PC. 2) I was too old for this kind of work 10 years ago, and I'm definitely too old now. My knees hurt. My back huts. And my head hurts. You folks who crawl around under desks and benches to set things up and cable them know exactly how hard those upper surfaces can be ;- 3) doing this kind of work during business hours is not a real good idea. It was taking neighborhood 15 minutes per station to get a phone deployed. No I did not have the luxury of setting up several phones in an area. Had to do it one at a time because of the physical layouts and the user requirements. 4) I was overjoyed to finally figure out that it is a lot faster if some low level ( me ) plugged lots of phones directly into a switch, let them go through their download and upgrade shenanigans, then hand them out to a couple of folks to deploy. If this is done in advance, the process takes only a minute or two to register and go through TAPS In conclusion, IP telephony intelligence is all in the server, gateway, and router configuration. The phone deployment itself is still monkeywork. -- www.chuckslongroad.info Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56337t=56305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off topic - my first AVVID install [7:56305]
I agree that the phone deployment process is monkey work and could be subbed out for dirt cheap $$, just as long as the unions don't get their hands on it as they do in the real voice world. -- RFC 1149 Compliant. The Long and Winding Road wrote in message news:200210251844.SAA20015;groupstudy.com... Someone a lot smarter than I did the intelligent work - i.e. the call plan and the server configuration. I was one of the warm bodies corralled to do installation of the desk sets. Some idle thoughts. ( Mr. RFC 1149 Compliant is free to laugh loudly at me and make denigrating comments :- ) 1) there is no glamour in deploying IP phones. About the only difference between deploying a phone and deploying a computer is that phones are a LOT lighter. However, when deploying phones it's still doubly difficult because you end up having to string the PC cable over to the phone ( to get the in line power ) and then the phone cable back to the PC. 2) I was too old for this kind of work 10 years ago, and I'm definitely too old now. My knees hurt. My back huts. And my head hurts. You folks who crawl around under desks and benches to set things up and cable them know exactly how hard those upper surfaces can be ;- 3) doing this kind of work during business hours is not a real good idea. It was taking neighborhood 15 minutes per station to get a phone deployed. No I did not have the luxury of setting up several phones in an area. Had to do it one at a time because of the physical layouts and the user requirements. 4) I was overjoyed to finally figure out that it is a lot faster if some low level ( me ) plugged lots of phones directly into a switch, let them go through their download and upgrade shenanigans, then hand them out to a couple of folks to deploy. If this is done in advance, the process takes only a minute or two to register and go through TAPS In conclusion, IP telephony intelligence is all in the server, gateway, and router configuration. The phone deployment itself is still monkeywork. -- www.chuckslongroad.info Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56338t=56305 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Jitter, RTD [7:56150]
Cisco has a product that does some reporting - it's QPM (QoS Policy Manager). Steve -Original Message- From: RJ [mailto:ronaldjcw;yahoo.com] Sent: Wednesday, October 23, 2002 9:28 AM To: [EMAIL PROTECTED] Subject: Jitter, RTD [7:56150] Does anyone know there is any good tools (hardware or software) can do an accurate measurement then generate reports accordingly? Also, any good tools for measuring the QoS with each Class of Service(say, Gold, Silver, Bronze classes)? Thanks in advance... * The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=56160t=56150 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PAT And VPN [7:55942]
Hi all simple question. Is it possible to configure VPN on a router connecting to the internet using PAT? Presumably it would need some static mapping to enable the connections to be rooted to the router. has anyone managed this any info is appreciated thanks Steven Greeno Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55942t=55942 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Strange 6509 problems [7:55871]
what is the bootflash setting? Price, Jeffery (TIFPC) wrote in message news:200210181305.NAA26473;groupstudy.com... All, I am hoping that you can help shed some light on a problem we had early this morning. We lost power to our data center and when the power came back on our 3 core 6509 switches came back up with out any configs on them. We restored the configs from backups but the real puzzler is why they lost the configs at all. Anyone out there ever run in to this kind of problem. Thanks Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55872t=55871 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Would this break the NDA [7:55799]
NO. Thomas Crowe wrote in message news:200210171509.PAA16135;groupstudy.com... I remember a while back I had the question of which terminal emulator is being used for the CCIE lab. Well after taking the Lab (and yes I was honored with an invitation to come back and try again one day soon :-o ) I now definitively know the answer to this question. As I recall others also had this question, in trying to avoid a flaming war, what is the group's consensus on this. Do you feel that it would violate the NDA to disclose this information, it doesn't address any of the technical content of the lab (and NO I will not disclose any of those, so please do not ask) so I don't feel that it would. This is simply an effort to help out some people with their studying efforts so that they are not wasting time getting accustomed to a new and totally different terminal emulator. __ Thomas Crowe Senior Systems Engineer / Senior Architect EMC Proven Master Architect EMC Proven Master Operator CTS Professional Services - Atlanta __ [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Thomas Crowe.vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55838t=55799 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Public Internet Access [7:55898]
Not sure I understand how you are running your network, but if you deny the lawyers VLAN from accessing the other VLAN's in your network, you should be all set. That way you only have one deny statement to add to each VLAN. I think what's throwing me is the 300 line access-list statement. There's a ton of solutions out there for you, but you need to be more clear in terms of describing your internal network. Robert Edmonds wrote in message news:200210181908.TAA09447;groupstudy.com... I work for a county government. As part of building a new courthouse, I am tasked with providing attorneys in courtrooms with Internet access through my network. Of course, I would like to provide them access to what they need while blocking access to our internal network. My network is setup in the following manner: In the new courthouse, the MDF has a 3550-12G acting as the root switch for the building, and has the layer 3 image. It connects directly to my core, with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515 for Internet access. I plan on creating a separate VLAN for the public Internet access, but beyond that I'm left a bit short. Obviously I don't want to create a 300 line access-list that would deny them access to each internal VLAN, then each of our servers in turn. Can someone give me some suggestions to get this done? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55899t=55898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Public Internet Access [7:55898]
I guess policy routing is what I'd recommend, or put a firewall in front of the servers and set up the appropriate controls. Policy routing is what that type of application was inteded for, so you are along the right track, although it's far from secure. If security isn't an issue, then check out a firewall. If you got the cash, get the firewall blade for the 6500, and implement the controls there. Then you have optimal control over all aspects of the network that pass through it. Robert Edmonds wrote in message news:200210181926.TAA13264;groupstudy.com... First, the 300 line access-list was a bit of an exageration, more to make the point that I don't want an ungodly long access-list. Well, basically every floor in each building has its own /24 subnet. Unfortunately the real problem is that to get to the Internet, traffic must traverse VLAN 1, which also houses all my servers. That's the real problem. Is it possible to force traffic from one VLAN to go only out through my PIX and not be able to browse the servers on that subnet? Not being really familiar with the concept, I was thinking along the lines of policy routing. Is this the type of application it is intended for? I'm still trying to find good information on it. Steven A. Ridder wrote in message news:200210181920.TAA12300;groupstudy.com... Not sure I understand how you are running your network, but if you deny the lawyers VLAN from accessing the other VLAN's in your network, you should be all set. That way you only have one deny statement to add to each VLAN. I think what's throwing me is the 300 line access-list statement. There's a ton of solutions out there for you, but you need to be more clear in terms of describing your internal network. Robert Edmonds wrote in message news:200210181908.TAA09447;groupstudy.com... I work for a county government. As part of building a new courthouse, I am tasked with providing attorneys in courtrooms with Internet access through my network. Of course, I would like to provide them access to what they need while blocking access to our internal network. My network is setup in the following manner: In the new courthouse, the MDF has a 3550-12G acting as the root switch for the building, and has the layer 3 image. It connects directly to my core, with a 6506 with Sup2 and MSFC2, which in turn connects to my PIX 515 for Internet access. I plan on creating a separate VLAN for the public Internet access, but beyond that I'm left a bit short. Obviously I don't want to create a 300 line access-list that would deny them access to each internal VLAN, then each of our servers in turn. Can someone give me some suggestions to get this done? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55902t=55898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: run VoIP on a frame network at BIR instead of CIR rates [7:55833]
This was Cisco's old theory. In theory, it would work, but in reality, if the frame switch saw a packet come into it's ingress interface with the packet already marked DE, it will drop it because it was unexpected. I asked the telco's your question last year and that's the answer they gave me. Cisco seems to have abandoned that theory a while ago, which is probably why you haven't seen it written anywhere. dj wrote in message news:200210171534.PAA26762;groupstudy.com... Running a VoIP application over a frame-relay network with 256k CIR and 512k BIR. From the LLQ docs I reviewed, to guarantee good voice quality, traffic shaping all frame traffic to CIR is recommended along with LLQ of voice packets. Would like to take advantage of BIR bandwidth and still guarantee voice packets are not dropped by the frame relay switch network when congestion occurs. Here are my thoughts: What if the router were to pre-mark all data packets as Discard Eligible (DE) on the outbound serial interface connected to the frame network. Voice packets would NOT be marked DE. Then run up to BIR rates with LLQ prioritization for voice. Would the carrier frame network switches drop only the pre-marked DE data packets (by the router) when congestion occurred and NOT drop any voice packets? I haven't found any Cisco links that addressed QOS in this fashion. Any links on this topic would be greatly appreciated. The objective is to squeeze more bandwidth (BIR vs CIR) out of your frame relay network without dropping any voice packets. Why would this not work and what are the caveats? regards, dj Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55833t=55833 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CallManager query to Win2k Active Directory [7:55789]
ONe place is the corporate directory, which is usually in the DC direcrotry. YOu get that by clicking on the directory button. Is that what you are talking about, or are you talking about personal directory, or the AD plugin, or the Exchange PAB plug-in? If it's what I think it is, the Active Directory, you probably have to run the Active Directory Plug in again: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186 a0080094493.shtml Jay Dunn wrote in message news:200210170828.IAA04931;groupstudy.com... I have inherited responsibility for our IP phone system and am using OJT to figure everything out. We are using CallManager 3.2 and receiving our directory user lists from our win2k AD. The tech that originally set this up created separate OUs in AD for onsite and offsite personnel. CallManager only queries the onsite OU for our user directory list. A user's phone extension is looked up in the telephone number field in the user's AD profile. I now have reason to change the OU hierarchy in AD. I would also like to change the field where CallManager looks up a user's extension. Could someone point me in the right direction for determining where these queries are configured? I've examined the system parameters and the ASP pages referenced in the directory URL as well as the registry on the CCM server. I've also run the AD plug-in, but I'm stumped. Thanks.. Jay Dunn IPI*GrammTech, Ltd. www.ipi-gt.com Nunquam Facilis Est Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55834t=55789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP server again !!!!!!!!!!!!!! [7:55836]
I think you have to be an NTP server, as I don't think a workstation can peer with you. wrote in message news:200210172226.WAA27043;groupstudy.com... Hi, I am trying to configure my NTP server on the cisco 7505 router. The configuration which I did is as follows: router#ntp master 10 router#ntp peer 192.168.0.72 192.168.0.72 is the address of the Windows 2000 client which I am using. I am getting the following o/p for sh ntp associations router#sh ntp associations address ref clockst when poll reach delay offset disp *~127.127.7.1 127.127.7.1 9 21 64377 0.0 0.0016000 ~192.168.0.72 0.0.0.0 16-1024 00.0 0.0016000 I don't know why my client(windows 2000) is not getting synced? I also tried to connect a Solaris machine and the result is the same.It seems that ntp is not getting broadcasted from cisco router. I am not using authentication and access lists.Just two commands as shown above.Is that enough or something else is required at the router end. I am sure that something else is wrong in my config It will be greatful if anybody can throw some light into this. Thanks, Jay __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55837t=55836 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP Clarification. [7:55682]
The CM uses the MAC as a unique identifier in it's SQL database. It's actually a distorted version of the MAC, such as a phone's identifier - SEP003094C26105 -- RFC 1149 Compliant. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Great answer. Finally an explanation that makes sense for the marketing babble about IP Telephony making Moves, Adds, and Changes easier. ;-) One quesiton though, does CallManager really care about MAC addresses? Unless the receiving phone is on the same network segment as the calling phone, the MAC address won't help matters. ARP would take care of getting the MAC when it's needed. Priscilla Bruce Enders wrote: B. J. The only trick here is to remember that the User phone number is mapped to the MAC address and IP address of the ethernet interface associated with the hard phone, or the laptop in the case of Softphone. (Both are PCs running specific applications software). Whenever either is disconnected from the network long enough for link to drop, they have to check in with DHCP when they are re-connected to the network. Both also have to check in with their CallManager. During that process, they identify themselves using their MAC address, and announce their current IP address. After that, the CM can simply forward based on the IP address. This capability is one of the primary reasons that Moves, Adds, and Changes in an IP Telephony system are far more simple than in a legacy PBX environment. (The logic behind your response sounds like it comes from the legacy telephone world, which is very used to working in a very static addressing environment). Bruce B.J. Wilson wrote: Hi Vance - I too am studying All Things VoIP, and I'm curious how this would work. Say you have User A trying to call User B. User B is currently in the office. So User A dials '' which is User B's phone number (or route pattern if you want to be specific). CallManager picks up the route pattern, looks up User B's location, and forwards the call on. All is good. Now, say User B is telecommuting. How does CallManager know this? How does your RAS (remote access) server notify CM that User B's geographical location has moved? Is there something in User B's RAS (Registration, Admission and Status) setup that alerts CM to the fact that they're dialing in from home? Thanks, BJ - Original Message - From: Vance Krier To: Sent: Wednesday, October 16, 2002 4:08 AM Subject: Re: VoIP Clarification. [7:55682] Hey Stu, In simple terms, yes you are correct. However, as I'm sure you know, you need to take this type of setup with a grain of salt. If you have a decent bandwidth, low latency, consistent connection between the phone and CM, it works fine. There's absolutely no guarantees for QoS on the Internet. Now, FWIW, I use softphone on my laptop when I travel and I've gotten satisfactory results (IMO) better than 75% of the time. I always pitch this as being a *kewl* feature, but never as a selling point. I'm very, very cautious with customers over this. As long as the user using it is understanding and realizes there will be times when it doesn't work or the quality is really crappy, then typically they stay happy. Not something I'd give to Internet/computer/technology illiterate executive. I love it, by the way. Good luck, Vance Stuart Pittwood wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good Morning all, I am just starting to look into VoIP as I have been asked by my manager to do some research and find out if there are any benifits from VoIP for our firm. Am I right in saying that if we had a solution based on Cat 6000 (or similar) switches, with a cisco VPN solution for the home workers, that users who use their laptop at home with cisco softphone or hardware phone could have their telephone extenstion follow them? Please forgive the simplicity of my question, just making sure I am thinking along the right lines. Thanks Stu -- Bruce Enders Email: [EMAIL PROTECTED] Chesapeake NetCraftsmen o:(410)-280-6927, c:(443)-994-0678 1290 Bay Dale Drive, Suite 312 WWW: http://www.netcraftsmen.net Arnold, MD 21012-2325 Cisco CCSI# 96047 Efax 443-331-0651 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55753t=55682 -- FAQ, list archives, and subscription info:
Re: VoIP Clarification. [7:55682]
(Didn't come through in last one.) SEP003094C26105 The SEP stands for Selius Ethernet Phone, and the numbers are the MAC address. A gateway has a different 3 letter code, can't rememner it though, and it all depends on the protocol it uses, such as mgcp or h.323, as the latter doesn't have identifiers. -- RFC 1149 Compliant. Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... The CM uses the MAC as a unique identifier in it's SQL database. It's actually a distorted version of the MAC, such as a phone's identifier - SEP003094C26105 -- RFC 1149 Compliant. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Great answer. Finally an explanation that makes sense for the marketing babble about IP Telephony making Moves, Adds, and Changes easier. ;-) One quesiton though, does CallManager really care about MAC addresses? Unless the receiving phone is on the same network segment as the calling phone, the MAC address won't help matters. ARP would take care of getting the MAC when it's needed. Priscilla Bruce Enders wrote: B. J. The only trick here is to remember that the User phone number is mapped to the MAC address and IP address of the ethernet interface associated with the hard phone, or the laptop in the case of Softphone. (Both are PCs running specific applications software). Whenever either is disconnected from the network long enough for link to drop, they have to check in with DHCP when they are re-connected to the network. Both also have to check in with their CallManager. During that process, they identify themselves using their MAC address, and announce their current IP address. After that, the CM can simply forward based on the IP address. This capability is one of the primary reasons that Moves, Adds, and Changes in an IP Telephony system are far more simple than in a legacy PBX environment. (The logic behind your response sounds like it comes from the legacy telephone world, which is very used to working in a very static addressing environment). Bruce B.J. Wilson wrote: Hi Vance - I too am studying All Things VoIP, and I'm curious how this would work. Say you have User A trying to call User B. User B is currently in the office. So User A dials '' which is User B's phone number (or route pattern if you want to be specific). CallManager picks up the route pattern, looks up User B's location, and forwards the call on. All is good. Now, say User B is telecommuting. How does CallManager know this? How does your RAS (remote access) server notify CM that User B's geographical location has moved? Is there something in User B's RAS (Registration, Admission and Status) setup that alerts CM to the fact that they're dialing in from home? Thanks, BJ - Original Message - From: Vance Krier To: Sent: Wednesday, October 16, 2002 4:08 AM Subject: Re: VoIP Clarification. [7:55682] Hey Stu, In simple terms, yes you are correct. However, as I'm sure you know, you need to take this type of setup with a grain of salt. If you have a decent bandwidth, low latency, consistent connection between the phone and CM, it works fine. There's absolutely no guarantees for QoS on the Internet. Now, FWIW, I use softphone on my laptop when I travel and I've gotten satisfactory results (IMO) better than 75% of the time. I always pitch this as being a *kewl* feature, but never as a selling point. I'm very, very cautious with customers over this. As long as the user using it is understanding and realizes there will be times when it doesn't work or the quality is really crappy, then typically they stay happy. Not something I'd give to Internet/computer/technology illiterate executive. I love it, by the way. Good luck, Vance Stuart Pittwood wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Good Morning all, I am just starting to look into VoIP as I have been asked by my manager to do some research and find out if there are any benifits from VoIP for our firm. Am I right in saying that if we had a solution based on Cat 6000 (or similar) switches, with a cisco VPN solution for the home workers, that users who use their laptop at home with cisco softphone or hardware phone could have their telephone extenstion follow them? Please forgive the simplicity of my question, just making sure I am th
Re: Cisco ExecNet [7:55573]
I think wireless and converged data over high speed links wil co-exist, not compete for same space n market. I can't see high-speed wireless out in the WAN of a cellular network anywhere down the road. Without that speed over wireless, we are stuck with being able to DL e-mails and web-pages at a slow, but decent rate. The high speed stuff will happed over wires for a while, and although I don't see PC's being used as TV's, I do forsee the PC being the digital gateway/servwer of the high-speed home where other devices like a TIVO work off of the gateway and provide TV services to the family and a phone will be a phone, just getting it's information form same gateway and the phone will provide the phone services for a family. Our consulting side does see wireless devices with two bands - 802.b/a/g for use in hot spots and GSM/GRPS over the WAN, and this is going to be the way of wireless for a while. While your at a hotspot, maybe a hotel or airport (or Starbuck now, which we helped developed for them) you can get high speeds and DL video, maybe play a java game with a buddy. Then you have to leave the area, and now you rely on GSM. You still have connectivity, but in a limited fashion. I work for a company that tests, writes, and demos the latest devices from that carriers, and so I get to play with them as well, and I have seen a lot of innovative devices, (right now I get a T-Mobile Pocket PC Phone Edition as my cell phone) and I love them, but what I'm seeing is not the devleopment of bandwidth over their networks, but the 2.5G network development, and the standardization of the network with 1 common signal. -- RFC 1149 Compliant. The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I always thought that the PSTN was based off of that fact that not all phones would be calling at once, and if they did, then some would get through while others wouldn't. CL: yes. true. however, decades ago the Bell folks knew and practiced the optimum manner in which to provision such that you or I or any other individual would experience dial tone almost all of the time. We know this through the Ehrlang calcualtions. Then to ensure that important calls got through during these periods, there was the priority network that gov't officials have with their PINS, etc. (Can't remember the name, but there's also an IETF working group working on the same thing.) CL good idea. having been through an earthquake or two, I'm quite familiar with fast busy's during emergencies. nice to know there is a means for the right people to be able to get through. I don't think that the Converged Network theory is reinventing the wheel and is a dead end. I think the opposite is true. The TDM/PSTN world is dead (or dying) and that most calls are circuit-switched across ATM now. CL: different issue. the Bell network grew and matured because of regulation that guaranteed return on capital. therefore it was in Bell's interest to invest in capital - switches, lines, CO's. Since deregulation in 1984 it can be argued that the appropriate investment has not been made in the network - all that has happened is that the CLECs have cherry picked the most concentrated and profitable areas while underinvesting in not so profitable areas. I sometimes sign my messages TANSTAAFL - there ain't no such thing as a free lunch. Right now, for all intents and purposes, the internet is free. What happens when people have to start paying for their proportional share of services? Assuming the internet becomes the replacement for the telco netowrk? CL: I'm not saying that there is room for improvement. There is no reason that a PBX has to be larger than a couple of IBM mainframes. But I gotta ask - is it really a good idea to make your PC into a telephone into a television? Now if someone could just solve the last mile CL: oh boy. video on demand. OC192 to the television set. I can hardly wait. CL: much as I despise the idea, I go along with the school of thought that wireless is the future, not voice and data converged. It's another one of those trekkie tech things, but telcos continue to lose 10's of thousands of lines per year to wireless, and most people just want to yak on the phone, no matter where they are. Which is one more reason to telecommute. -- RFC 1149 Compliant. The Long and Winding Road wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Steven A. Ridder wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I understand the technology and stand by whoever said what IP telephony/VoIP isn't a bandwidth hungry app. It isn't. G.729, which can use as little as 8k with proper compresion, has nearly the same MOS score as G.711, which is toll quality.
Re: Cisco ExecNet [7:55573]
I understand the technology and stand by whoever said what IP telephony/VoIP isn't a bandwidth hungry app. It isn't. G.729, which can use as little as 8k with proper compresion, has nearly the same MOS score as G.711, which is toll quality. Even though it's not officially toll quality I consider it toll quality, as I can't tell the difference, and most people couldn't either. Even if using G.711, I can still use compression and VAD to get down to 25K or so, which isn't bandwidth hungry in my book either. I think the apps that will be on a converged network in the future will be bandwidth hungry, such as video. Voice isn't. -Original Message- From: Joe A To: 'Nathan Chessin'; 'Albert Lu'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: 10/14/02 11:52 AM Subject: RE: Cisco ExecNet Maybe I should say IP Telephony, not VoIP. How many uncompressed, toll-quality calls can you push out simultaneously over a T1??? Have you done the math? 24? Maybe 23 on a good day. Sure, if you use compression you can squeeze in quite a bit more, but you can't deny that IPT is bandwidth-hungry, with streaming MOH, voicemail audio streams, the calls themselves. Believe me, VoIP is absolutely a bandwidth-hungry app. No one who understands the technology would deny that. Joe -Original Message- From: Nathan Chessin [mailto:[EMAIL PROTECTED]] Sent: Friday, October 11, 2002 1:56 AM To: 'Joe'; 'Albert Lu'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Cisco ExecNet 1) Since when is VoIP a bandwidth-hungry app Nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joe Sent: Thursday, October 10, 2002 8:42 PM To: 'Albert Lu'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Cisco ExecNet Technology isn't necessarily heading in that direction - Cisco is driving it there. Bottom line is this: Cisco is traditionally a router and switch manufacturer, and no one buys routers and switches these days, at least not enough to provide continued growth for Cisco. Company infrastructures are already built, have been for years, and are running for the most part nowhere near capacity. These technology applications, besides generating hardware sales directly, will also increase bandwidth consumption, thereby causing indirect hardware sales when customers upgrade their routers and switches to support the new bandwidth-hungry apps like VoIP. If Cisco can drive the customers' purchases in that direction, they win. My two cents. Joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Albert Lu Sent: Thursday, October 10, 2002 8:16 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: OT: Cisco ExecNet Hello Group, Has anyone checked out the Cisco ExecNet, which is basically thoughts about where technology is heading in the future from the VPs at Cisco. http://newsroom.cisco.com/dlls/tln/execnet/ From what they are saying (specifically Mike Volpi), the direction for technology is heading towards: CDN, Security, Wireless, IP Telephony, VPN. Reegineering business processes to best utilise these technologies in order to improve productivity and reduce cost for enterprises. Does anyone have any comments about this, and where money will be spent in the future for technologies? Regards, Albert Lu CCIE #8705 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55596t=55573 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VoIP QoS [7:55597]
LLQ would be his best option, not WFQ. If he is using it, that's probably his issue. -- RFC 1149 Compliant. lamb stephen wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Group, Hoping that someone can help me out with a VoIP QoS issue that I am currently dealing with. I work for a service provider, and I am currently troubleshooting a VoIP over frame relay quality complaint. My end user has a 768K host with four 256K drops dedicated solely to VoIP traffic. My customer states that he experiences intermittent jitter on his calls, but they follow no real pattern. We have had his vendor place test calls, and sometimes 7 simultaneous calls can go through fine while 3 simultaneous calls will experience poor call quality and excessive jitter. The end user's vendor is of no real help with this issue stating that his configurations are fine and the trouble must be with the WAN link. I have verified that the entire network is clean, no T1 performance monitor errors , no input errors on the customer's serial interfaces, and no input errors to my frame switch. No apparent utilization issues, the host averaged 50% port utilization during a 24 hour sniff. We have also verified the drops are not receiving any FECNs or BECNs. I have a copy of the customer's router configurations and his map-class statements appear to be correct as well. His CIR and MINCIR are set to match the frame relay PVC CIR in my network (which I believe means that he has configured the statements to prevent any bursting, please correct me if I am wrong). On to my question. The only discrepancy I find with this customer's configuration is his queuing. On all four of his drop routers he has configured WFQ, on his host he has no queuing specified. Could this be the cause of all of his problems? Would WFQ be the most desirable method? What I have read in the past led me to believe that a fragment statement in the map-class was the most desirable because it activated the dual-FIFO feature on the physical interface. I do not have a great deal of experience with VoIP so all I have to go on right now are theories. Any direction is greatly appreciated. Thanks, Steve Lamb CCDA, CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55598t=55597 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: suppress-map with summary-only?? [7:55599]
I think the aggregate address has to be in your routing table first. Someone please correct me if i'm wrong, as I'm trying to get it right from memory. -- RFC 1149 Compliant. Cisco Nuts wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, Does the suppress-map work along with the summary-only keyword? I would only like to see the summary 13.0.0.0/8 but I keep seeing the rest of the networks. Here is the config: R7-FR(config)#aggregate-address 13.0.0.0 255.0.0.0 suppress-map CHECK summary-only route-map CHECK permit 10 match ip address 21 access-list 21 permit 13.4.0.0 0.0.255.255 access-list 21 deny any This works as it should.denies netw 13.4.0.0/16 and permits the rest, 13.1.0.0/24, 13.2.1.0/24, 13.3.0.0/16 and 13.0.0.0 BUT I would only like to see the aggregate 13.0.0.0/8 Am I even asking the right thing here? :-) Just checking. Thank you. Sincerely. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55600t=55599 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: QoS and CBWFQ [7:55546]
THe only reason I can see using QoS is to limit traffic to certain amouts of BW. Even then it's tricky becasuse in CBWFQ, you are guaranteing a minimum, not a maximum amout of BW for a class. You could police certain classes of traffic to never exceed a BW, but that can be crummy as well, espcially if there isn't congestion. -- RFC 1149 Compliant. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... John Neiberger wrote: JM wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have Internet connection to IPS and I don't know what QoS politic to choose. I have now 4 classes and CBWFQ: gold ( SMTP , POP 3) etc. silver HTTP bronse ( FTP) default ( fail-queue) and service-policy out. Is there any sense to use CBWFQ on a serial interface like service-policy in ? My ISP can't mark or shape my traffic. What is it the best QoS solusion for input traffic ? Thanks a lot. JM Others might disagree but I see no advantage whatsoever to using QoS mechanisms on the link going to your ISP. Would it depend on the bandwidth of his circuit? WFQ is on by default for speeds of E1 and less. Perhaps that's all he needs if he has a low-speed circuit. He probably doesn't need anything special if the circuit is higher speed. For low-speed, he could at least prioritize the order of packets sent (and possibly dropped) by his own router. He should check the circuit speed and load to see if he needs to do anything. Also, it would be silly to make SMTP and POP3 highest priority in many environments. Is there a local e-mail server for SMTP and POP3? If yes, the clients are sending and receiving locally. The server also sends SMTP traffic to servers on the Internet probably, but if that gets congested, the server will simply try again. There's no user waiting around for this. In most cases, server-to-server delays aren't noticeable by users. But if the e-mail server is offsite, then maybe it makes sense to prioritize SMTP and POP3. ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Once you hand off traffic to them you're completely at their disposal. You have no control over traffic within their network so why even bother adding queueing to your outgoing interface? If your link is congested often enough that you feel it's necessary I'd suggest getting another circuit installed, if that's possible. Incoming I'd think that CAR would be useful depending on what you're really trying to accomplish. It would at least allow you to classify traffic based on your own criteria and then mark it for special handling within your network. All of this really depends on your specific situation and your goals. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=55601t=55546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]