RE: RE: Slow Browsing via 500 Pix firewall [7:74583]

[Wilmes, Rusty]

this may be silly but did you do a "sho debug" to see if any debugs were
running?  I had accidentally left a debug crypto ipsec running after trouble
shooting a vpn. that drastically slowed down everything.


-Original Message-
From: Mark
To: [EMAIL PROTECTED]
Sent: 9/3/2003 8:46 PM
Subject: Re: RE: Slow Browsing via 500 Pix firewall [7:74583]

Is the problem related to a slow initial connection to a Web Server? If
so
then it could be an IDENT protocol problem (TCP port 113 connection
coming
back to you from the server). Try putting "service resetoutside" on the
PIX
and see if the problem still persists.

Mark
CCIE R&S, Security
Lab Technician
GigaVelocity.com

- Original Message -
>From: "Jurkouich, Brett, CNTR, DCAA" 
>Reply-To: "Jurkouich, Brett, CNTR, DCAA" 
>To: [EMAIL PROTECTED]
>Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
>Date: Tue, 2 Sep 2003 18:20:06 GMT
>
>Try turning off the port 80 inspecting with the "no fixup protocol http
>80" command
>
>-Original Message-
>From: Faisal [mailto:[EMAIL PROTECTED]
>Sent: Monday, September 01, 2003 1:38 AM
>To: [EMAIL PROTECTED]
>Subject: Slow Browsing via 500 Pix firewall [7:74583]
>
>
>Hi All,
>I am having problem of slow or interminnent browsing through pix
>firewall. If I bypass the traffic speeds are fine. But if all that
>traffic is going via firewall then it becomes extremely slow. Please
>anybody can help me how to sort this out.
>
>Regards
>Faisal
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74784&t=74583
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: Re: Ip snooping in cisco routers [7:74708]

[ramesh_cisco]

thanks for all for your inputs


ramesh

"dre" wrote:



""Reimer, Fred"" wrote in message ...
> E gads! All hacks because even at this time Cisco can't manage to write
the
> little code necessary to create a buffer in memory where packets can be
> stored, and then transferred via TFTP. With today's routers that have
more
> than enough processing power and memory, there's just no excuse, IMO.

I, personally, prefer ERSPAN to most other methods. Being able to
have an encapsulated stream of capture data available from any available
IP routed path (could be the whole Internet), and able to export to your
personal workstation, e.g., running tcpdump or Ethereal, is definitely the
proper way to be sniffing.

OTOH, Junipers should be able to do what you are talking about in some
(but not all) cases. Depends on how much traffic you are talking about.

The RSPAN+VACL method described on CCO is just as valid as
anything else, but requires Cisco Catalyst switches with some type of
Layer-3 functionality (e.g. Cat3550, some Cat6k, some Cat4k, others).
In the case of a 6500 it requires a PFC card, of which all Sup2 and Sup720
modules include. Sup1/Sup1a needs PFC to do RSPAN.

-dre
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html

Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets on Air Sahara Flights at Prices Lower Than Before. Just
log on to http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74775&t=74708
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: Slow Browsing via 500 Pix firewall [7:74583]

[Mark]

Is the problem related to a slow initial connection to a Web Server? If so
then it could be an IDENT protocol problem (TCP port 113 connection coming
back to you from the server). Try putting "service resetoutside" on the PIX
and see if the problem still persists.

Mark
CCIE R&S, Security
Lab Technician
GigaVelocity.com

- Original Message -
>From: "Jurkouich, Brett, CNTR, DCAA" 
>Reply-To: "Jurkouich, Brett, CNTR, DCAA" 
>To: [EMAIL PROTECTED]
>Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
>Date: Tue, 2 Sep 2003 18:20:06 GMT
>
>Try turning off the port 80 inspecting with the "no fixup protocol http
>80" command
>
>-Original Message-
>From: Faisal [mailto:[EMAIL PROTECTED]
>Sent: Monday, September 01, 2003 1:38 AM
>To: [EMAIL PROTECTED]
>Subject: Slow Browsing via 500 Pix firewall [7:74583]
>
>
>Hi All,
>I am having problem of slow or interminnent browsing through pix
>firewall. If I bypass the traffic speeds are fine. But if all that
>traffic is going via firewall then it becomes extremely slow. Please
>anybody can help me how to sort this out.
>
>Regards
>Faisal
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74763&t=74583
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX Firewal Software Version [7:73894]

[Mark]

In 6.2(2) version of software you might think of turning off the ILS and SIP
fixups. These are known for reloading the PIX for no reason. There are bugs
listed on Cisco's website about it.

Mark
CCIE R&S, Security
Lab Technician
GigaVelocity.com

- Original Message -
>From: "Deepali S" 
>Reply-To: "Deepali S" 
>To: [EMAIL PROTECTED]
>Subject: RE: PIX Firewal Software Version [7:73894]
>Date: Tue, 2 Sep 2003 07:27:31 GMT
>
>Hi ,
>
>  I would suggest you to use PIX 6.2 software rather than 6.3.1 , since
>this
>has a lot of BUGs , you can download the latest PIX software version 6.3.2
>
>  Let me know if you have any queries.
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74744&t=73894
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX Firewal Software Version [7:73894]

[Brad Ellis]

Pix 6.3(3) was just released.  You might want to try that one.  I was told
that Cisco fixed a bunch of things in this new release. (It also looks like
6.2(3) was also released)

thanks,
-Brad Ellis
CCIE#5796 (R&S / Security)
Network Learning Inc
[EMAIL PROTECTED]
www.ccbootcamp.com (cisco training)
""Mark""  wrote in message
news:[EMAIL PROTECTED]
> In 6.2(2) version of software you might think of turning off the ILS and
SIP
> fixups. These are known for reloading the PIX for no reason. There are
bugs
> listed on Cisco's website about it.
>
> Mark
> CCIE R&S, Security
> Lab Technician
> GigaVelocity.com
>
> - Original Message -
> >From: "Deepali S"
> >Reply-To: "Deepali S"
> >To: [EMAIL PROTECTED]
> >Subject: RE: PIX Firewal Software Version [7:73894]
> >Date: Tue, 2 Sep 2003 07:27:31 GMT
> >
> >Hi ,
> >
> >  I would suggest you to use PIX 6.2 software rather than 6.3.1 , since
> >this
> >has a lot of BUGs , you can download the latest PIX software version
6.3.2
> >
> >  Let me know if you have any queries.
> >**Please support GroupStudy by purchasing from the GroupStudy Store:
> >http://shop.groupstudy.com
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> **Please support GroupStudy by purchasing from the GroupStudy Store:
> http://shop.groupstudy.com
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74721&t=73894
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX Firewal Software Version [7:73894]

[Mark]

In 6.2(2) version of software you might think of turning off the ILS and SIP
fixups. These are known for reloading the PIX for no reason. There are bugs
listed on Cisco's website about it.

Mark
CCIE R&S, Security
Lab Technician
GigaVelocity.com

- Original Message -
>From: "Deepali S" 
>Reply-To: "Deepali S" 
>To: [EMAIL PROTECTED]
>Subject: RE: PIX Firewal Software Version [7:73894]
>Date: Tue, 2 Sep 2003 07:27:31 GMT
>
>Hi ,
>
>  I would suggest you to use PIX 6.2 software rather than 6.3.1 , since
>this
>has a lot of BUGs , you can download the latest PIX software version 6.3.2
>
>  Let me know if you have any queries.
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74693&t=73894
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: Slow Browsing via 500 Pix firewall [7:74583]

[Mark]

Is the problem related to a slow initial connection to a Web Server? If so
then it could be an IDENT protocol problem (TCP port 113 connection coming
back to you from the server). Try putting "service resetoutside" on the PIX
and see if the problem still persists.

Mark
CCIE R&S, Security
Lab Technician
GigaVelocity.com

- Original Message -
>From: "Jurkouich, Brett, CNTR, DCAA" 
>Reply-To: "Jurkouich, Brett, CNTR, DCAA" 
>To: [EMAIL PROTECTED]
>Subject: RE: Slow Browsing via 500 Pix firewall [7:74583]
>Date: Tue, 2 Sep 2003 18:20:06 GMT
>
>Try turning off the port 80 inspecting with the "no fixup protocol http
>80" command
>
>-Original Message-
>From: Faisal [mailto:[EMAIL PROTECTED]
>Sent: Monday, September 01, 2003 1:38 AM
>To: [EMAIL PROTECTED]
>Subject: Slow Browsing via 500 Pix firewall [7:74583]
>
>
>Hi All,
>I am having problem of slow or interminnent browsing through pix
>firewall. If I bypass the traffic speeds are fine. But if all that
>traffic is going via firewall then it becomes extremely slow. Please
>anybody can help me how to sort this out.
>
>Regards
>Faisal
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74694&t=74583
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Re: Your application [7:74449]

[[EMAIL PROTECTED]]

Dear [EMAIL PROTECTED]

The email that you sent to [EMAIL PROTECTED]
 did not reach the intended receipient due to existance of virus. Kindly
have your computer check for virus.

Best Regards,

Mail Administrator
Datacraft Asia Ltd




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74449&t=74449
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Re: Thank you! [7:74488]

[[EMAIL PROTECTED]]

Dear [EMAIL PROTECTED]

The email that you sent to [EMAIL PROTECTED]
 did not reach the intended receipient due to existance of virus. Kindly
have your computer check for virus.

Best Regards,

Mail Administrator
Datacraft Asia Ltd




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74488&t=74488
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Re: Thank you! [7:74408]

[[EMAIL PROTECTED]]

Email Delivery Failure

Your message failed to pass Hitachi Data Systems anti-virus scanning
system.  If you believe this message was received in error please consult
your HItachi Data Systems contact or the intended email recipient for
further assistance.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74408&t=74408
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

RE: Re: Re: My details [7:74400]

[[EMAIL PROTECTED]]

Dear [EMAIL PROTECTED]

The email that you sent to [EMAIL PROTECTED]
 did not reach the intended receipient due to existance of virus. Kindly
have your computer check for virus.

Best Regards,

Mail Administrator
Datacraft Asia Ltd




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74400&t=74400
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

virus found in sent message "Re: Re: My details" [7:74196]

A virus was found in an Email message you sent. 
This Email scanner intercepted it and stopped the entire message
reaching its destination. 

The virus was reported to be: 

Worm.Sobig.F


Please update your virus scanner or contact your IT support 
personnel as soon as possible as you have a virus on your system.


Your message was sent with the following envelope:

MAIL FROM: [EMAIL PROTECTED]
RCPT TO:   [EMAIL PROTECTED] 

.. and with the following headers:

---
MAILFROM: [EMAIL PROTECTED]
Received: from unknown (HELO PSHERRY) (68.193.198.44)
  by 0 with SMTP; 19 Aug 2003 18:34:34 -
From: 
To: 
Subject: Re: Re: My details
Date: Tue, 19 Aug 2003 14:32:49 --0400
X-MailScanner: Found to be clean
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_NextPart_000_00099118"


---




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=74196&t=74196
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX translation problem [7:72567]

[Greg Owens]

4000 even though their 65000 ports available
> 
> From: "Lynne Padgett" 
> Date: 2003/08/08 Fri AM 11:11:01 EDT> To: [EMAIL PROTECTED]
> Subject: RE: PIX translation problem [7:72567]
> 
> 

Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name="replyAll"]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73743&t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: PIX translation problem [7:72567]

[Greg Owens]

changing the timeout value worked, so the problem is fixed

Thanks all
> 
> From: "Reimer, Fred" 
> Date: 2003/08/08 Fri AM 11:26:37 EDT
> To: [EMAIL PROTECTED]
> Subject: RE: PIX translation problem [7:72567]
> 
> 

Greg Owens
202-398-2552

[GroupStudy removed an attachment with a content-type header it could not
parse.]
[Content-Type: null; name="replyAll"]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73744&t=72567
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html

Re: RE: NOBODY emails [7:72997]

[Vajira Wijesinghe]

ios bug has hit the mailing lists too...


- Original Message -
From: "Antero Vasconcelos" 
Date: Friday, July 25, 2003 4:21 pm
Subject: RE: NOBODY emails [7:72997]

> I4m just beeing tired of that person.
> 
> antero
> 
> -Original Message-
> From: Taufik Kurniawan [mailto:[EMAIL PROTECTED]
> Sent: sexta-feira, 25 de Julho de 2003 07:15
> To: [EMAIL PROTECTED]
> Subject: Re: NOBODY emails [7:72997]
> 
> 
> I got .. about 10 emails
> 
> 
> At 03:56 25/07/2003 +, Puckette, Larry (TIFPC) wrote:
> >Is anybody else receiving multiple emails from 
> [EMAIL PROTECTED] that
> >are empty??
> >
> >Larry Puckette
> >Network Analyst
> >Temple Inland
> >[EMAIL PROTECTED]
> >512-434-1838
> >Where there is no idol but money and power, there is no hope for 
> integrity.>
> >  -Original Message-
> >From:   Maximus  [mailto:[EMAIL PROTECTED]
> >Sent:   Thursday, July 24, 2003 9:02 PM
> >To: [EMAIL PROTECTED]
> >Subject:RE: Vty access class [7:72990]
> >
> >I believe the standard ACL should be enough since your already 
> specifying>transport input ssh on line vty 0 4.
> >
> >Just my $0.02
> >
> >Jablonski, Michael wrote:
> > >
> > > I'm having a bit of trouble with extended access-lists for vty
> > > access.
> > > Basically I'd like to setup an extended access list that only
> > > allows ssh
> > > access from certain IPs, but after creating the list and
> > > applying it to the
> > > VTY I lose access.  But if I use a standard acl only allowing
> > > certain IPs it
> > > works fine...
> > >
> > > ip access-list extended local_shell
> > >   permit tcp host 192.168.1.2 host 192.168.1.1 eq 22
> > >
> > > vty 0 4
> > > access-class local_shell in
> > > transport input ssh
> > >
> > > Is the standard enough & is the above over-kill?
> > >
> > > Thanx,
> > > mkj
> 

***
> Este email assim como os ficheiros que possa ter em anexo sao 
> confidenciaise para uso exclusivo da pessoa ou organizacao para o 
> qual foi enviado. Se
> recebeu esta mensagem por engano por favor notifique a Compta 
> atraves do
> endereco [EMAIL PROTECTED]
> 
> Esta mensagem foi verificada pelo sistema MAILsweeper nao tendo sido
> encontrados virus. http://www.mimesweeper.com
> 
> MAILsweeper - Modulo da suite MIMEsweeper, solucao de filtragem de 
> conteudoscomercializada pela Compta SA.
> 
> A Compta SA detem o mais alto nivel de especializacao MIMEsweeper, 
> tendosido reconhecida pela Clearswift como Premier Partner.
> 

***
> This message is confidential and may contain privileged 
> information intended
> solely for the named addressee(s). It may not be used or disclosed 
> exceptfor the purpose for which it has been sent.
> 
> If you are not the intended recipient, you must not copy, 
> distribute or take
> any action in reliance on it. If you have received this message in 
> error,please notify Compta by emailing [EMAIL PROTECTED] 
> quoting the sender and
> delete the message and any attached documents.
> 
> This footnote confirms that this email message has been swept by 
> MIMEsweeperfor Content Security threats, including computer viruses
> 

***
> Nondisclosure violations to [EMAIL PROTECTED]
- (on sprinter)

The information contained in this email is confidential and is meant to be
read only by the person to whom it is addressed.Please visit
http://www.millenniumit.com/legal/email.htm to read the entire
confidentiality clause.

-




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=73021&t=72997
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Re[3]: OSPF max Router-LSA links [7:72024]

[Zsombor Papp]

At 02:23 PM 7/16/2003 +, Reimer, Fred wrote:
>This sounds like a simplistic question, but on a link between two routers
>why would you have a mis-matched MTU? I can see having a MTU in a multi-hop
>conversation (path MTU) being less than the MTU on the outgoing, or
>incoming, interface, but on a direct link between two routers shouldn't the
>MTU be the same?

Different vendors might default to different values on the same interface
type.

In a mixed-media bridging environment the two interfaces that are supposed 
to exchange OSPF information might be of different types.

>   I can think of many more issues that OSPF having problems
>if the MTU were mis-matched, like just general connectivity.  Pretty much
>every single file transfer would end up failing; you'd have intermittent
>connectivity for everyone.

Exactly.

>Or, does an OSPF talk to routers that are beyond its directly connected
>peers?

Only over virtual links.

Thanks,

Zsombor

>   I always though that when it was said that OSPF routers flood LSAs
>throughout the network that they just transmit those LSAs to their
>neighbors, who transmit to their neighbors, etc, until all routers in the
>area are updated.  This as opposed to one OSPF router sending updates to
>each and every OSPF router in the area, which necessarily may involve going
>over links in which neither source or destination router was connected, and
>may have an MTU less than either source or destination.  Which one is it?
>
>Fred Reimer - CCNA
>
>
>Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
>Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050
>
>
>NOTICE; This email contains confidential or proprietary information which
>may be legally privileged. It is intended only for the named recipient(s).
>If an addressing or transmission error has misdirected the email, please
>notify the author by replying to this message. If you are not the named
>recipient, you are not authorized to use, disclose, distribute, copy, print
>or rely on this email, and should immediately delete it from your computer.
>
>
>-Original Message-
>From: Karen E Young [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, July 16, 2003 7:34 AM
>To: [EMAIL PROTECTED]
>Subject: Re[3]: OSPF max Router-LSA links [7:72024]
>
>Sorry, accidentally sent the message before I finished my response and DNS
>problems to boot...
>
>
>If the Interface MTU field is larger than can be accepted without
>fragmentation, then the packet is rejected. No acknowledgement is sent and
>the behavior after that is dependent on the vendor. Usually it results in
>neighbors getting stuck in Exchange or ExStart. In any case, the adjacency
>will never form. Even if the MTU is smaller than the receiving interface the
>exchange will fail. There's always one side that's larger and one that's
>smaller, so one or the other of them will hang.
>
>This particular little hole is (unfortunately) due to a fault in OSPF itself
>since no acknowledgement and situational handling was specified.
>
>As a CCIE friend of mine said, "However, a vendor could choose to implement
>something that, after getting no response to DD packets, would decrease the
>packet size, even sending a really tiny DD packet to continue negotiations
>and receive DD from the other router, learning its MTU, then adjusting to
>that.  I *think* that would work."  - I personally am not aware of any
>vendors that implement anything like this but I could be wrong...
>
>Here's a good discussion of it:
>http://www.riverstonenet.com/support/ospf/stuckexstart.htm#_Toc515894155
>
>There's also a doc on Cisco about it:
>http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a0080
>093f0d.shtml
>
>
>Here's an interesting thought... what if the router with the larger MTU
>checked the MTU size of its neighbor, and dynamically adjusted?  No guessing
>involved, just match the smaller MTU and deal with the mismatch?  The MTUs
>could remain mismatched, which might cause frame fragmentation, but the OSPF
>multicast traffic would be sent with matching MTU sizes. Basically after
>being hung in ExStart for x seconds, it would send its first DD packet using
>the same size received by the adjacent router.
>
>Just a thought...
>
>
>HTH,
>Karen
>
>"A rose by any other name is Cisco specific terminology..."
>
>*** REPLY SEPARATOR  ***
>
>On 7/15/2003 at 7:29 AM Zsombor Papp wrote:
>
> >At 09:48 AM 7/15/2003 +, Karen E Young wrote:
> >>KY: According to the RFC (page 99) "If the Interface MTU field in the
> >>Database Description packet indicates an IP datagram size that is larger
> >>than the router can accept on the receiving interface without
> >fragmentation,
> >>the Database Description packet is rejected."
> >>
> >>With this in mind the only time fragmentation should occur is when a
> >virtual
> >>link is used since the MTU of a virtual link is set to "0".
> >
> >The "Interface MTU" field describes the MTU of the sending interface, not
> >the size

RE: Re[3]: OSPF max Router-LSA links [7:72024]

[Reimer, Fred]

This sounds like a simplistic question, but on a link between two routers
why would you have a mis-matched MTU?  I can see having a MTU in a multi-hop
conversation (path MTU) being less than the MTU on the outgoing, or
incoming, interface, but on a direct link between two routers shouldn't the
MTU be the same?  I can think of many more issues that OSPF having problems
if the MTU were mis-matched, like just general connectivity.  Pretty much
every single file transfer would end up failing; you'd have intermittent
connectivity for everyone.

Or, does an OSPF talk to routers that are beyond its directly connected
peers?  I always though that when it was said that OSPF routers flood LSAs
throughout the network that they just transmit those LSAs to their
neighbors, who transmit to their neighbors, etc, until all routers in the
area are updated.  This as opposed to one OSPF router sending updates to
each and every OSPF router in the area, which necessarily may involve going
over links in which neither source or destination router was connected, and
may have an MTU less than either source or destination.  Which one is it?

Fred Reimer - CCNA


Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338
Phone: 404-847-5177  Cell: 770-490-3071  Pager: 888-260-2050


NOTICE; This email contains confidential or proprietary information which
may be legally privileged. It is intended only for the named recipient(s).
If an addressing or transmission error has misdirected the email, please
notify the author by replying to this message. If you are not the named
recipient, you are not authorized to use, disclose, distribute, copy, print
or rely on this email, and should immediately delete it from your computer.


-Original Message-
From: Karen E Young [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 16, 2003 7:34 AM
To: [EMAIL PROTECTED]
Subject: Re[3]: OSPF max Router-LSA links [7:72024]

Sorry, accidentally sent the message before I finished my response and DNS
problems to boot...


If the Interface MTU field is larger than can be accepted without
fragmentation, then the packet is rejected. No acknowledgement is sent and
the behavior after that is dependent on the vendor. Usually it results in
neighbors getting stuck in Exchange or ExStart. In any case, the adjacency
will never form. Even if the MTU is smaller than the receiving interface the
exchange will fail. There's always one side that's larger and one that's
smaller, so one or the other of them will hang.

This particular little hole is (unfortunately) due to a fault in OSPF itself
since no acknowledgement and situational handling was specified.

As a CCIE friend of mine said, "However, a vendor could choose to implement
something that, after getting no response to DD packets, would decrease the
packet size, even sending a really tiny DD packet to continue negotiations
and receive DD from the other router, learning its MTU, then adjusting to
that.  I *think* that would work."  - I personally am not aware of any
vendors that implement anything like this but I could be wrong...

Here's a good discussion of it:
http://www.riverstonenet.com/support/ospf/stuckexstart.htm#_Toc515894155

There's also a doc on Cisco about it:
http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a0080
093f0d.shtml


Here's an interesting thought... what if the router with the larger MTU
checked the MTU size of its neighbor, and dynamically adjusted?  No guessing
involved, just match the smaller MTU and deal with the mismatch?  The MTUs
could remain mismatched, which might cause frame fragmentation, but the OSPF
multicast traffic would be sent with matching MTU sizes. Basically after
being hung in ExStart for x seconds, it would send its first DD packet using
the same size received by the adjacent router.

Just a thought...


HTH,
Karen

"A rose by any other name is Cisco specific terminology..."

*** REPLY SEPARATOR  ***

On 7/15/2003 at 7:29 AM Zsombor Papp wrote:

>At 09:48 AM 7/15/2003 +, Karen E Young wrote:
>>KY: According to the RFC (page 99) "If the Interface MTU field in the
>>Database Description packet indicates an IP datagram size that is larger
>>than the router can accept on the receiving interface without
>fragmentation,
>>the Database Description packet is rejected."
>>
>>With this in mind the only time fragmentation should occur is when a
>virtual
>>link is used since the MTU of a virtual link is set to "0".
>
>The "Interface MTU" field describes the MTU of the sending interface, not 
>the size of the DD packet. Just because the MTU of the sending router is 
>smaller than or equal to that of the receiving router, it doesn't follow 
>that fragmentation can't occur. Fragmentation occurs because the data (ie. 
>the DD packet) to be sent is larger than the MTU of the *sending* router.
>
>Thanks,
>
>Zsombor




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72391&t=72024

Re: Re[2]: CCNP ReCert Questions [7:72071]

[Simon Watson]

Sorry

I meant MLS.

Thanks Karen.
- Original Message -
From: "Karen E Young" 
To: "Simon Watson" 
Cc: 
Sent: Monday, July 14, 2003 4:45 PM
Subject: Re[2]: CCNP ReCert Questions [7:72071]


Simon,

Careful there! Don't mistake MLS for MPLS. Two different animals entirely.
MLS is Multi-Layer Switching and is strictly a LAN technology while MPLS
(Multi-Protocol Label Switching) is predominantly used in the WAN.

Here's some stuff on MPLS.
http://www.convergedigest.com/Bandwidth/archive/010910TUTORIAL-rgallaher1.ht
m
http://www.mplsrc.com/
http://www.cisco.com/warp/public/732/Tech/mpls/mpls_presentations.shtml
http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml

Cisco Networkers 2001 Power session on MPLS:
http://www.cisco.com/networkers/nw01/pres/pr/542/

Also, if you go to http://www.webtorials.com, you'll see a link for "MPLScon
2003 Conference Presentation Handouts". You'll need a Webtorials account but
they're free. The links for creating an account or signing in are up at the
top of the page. This is one of the best places to look since the
information goes into a bit more depth than that on most sites.

Hope this helps,

Karen


*** REPLY SEPARATOR  ***

On 7/12/2003 at 9:17 AM Simon Watson wrote:

>Hi PriscillaI'm in the same position as John (Cert expires on the 21st).
>But I'm going to give the re-cert a go I've printed out the the MPLS
>supplement you suggested to look on, will this be sufficent for the MPLS
>portion of the test.Also the Catalyst 5K was the principle switch in the
>switching portion 3 years ago.What switch is the switching portion of the
>test based on now ???. >From: "Priscilla Oppenheimer" >Reply-To:
>"Priscilla Oppenheimer" >To: [EMAIL PROTECTED] >Subject: RE: CCNP
>ReCert Questions [7:72071] >Date: Thu, 10 Jul 2003 19:22:00 GMT > >John
>Cianfarani wrote: > > > > Well I decided I wouldn't push it in such a
>short timeframe > > with the one > > exam. With work and whatever else
>probably won't have enough > > time to > > study fully for it. So I will
>write either all 4 again, or > > cit/bcran > > and then the new Composite
>once it's out. > > >You shouldn't lose your CCNP, albeit temporarily
>(hopefully). Think how hard >you worked to get it. How will you feel when
>you can no longer say you have >it? I think you should try the recert
>exam. > >I'm sorry if I scared you by saying it is hard. It is hard, but
>study the >IS-IS supplement from Cisco Press and some material on
>multilayer switching >and eat a lot of blueberries. At least give it a
>try. > >Here's a link on multilayer switching: >
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/sw
itch_c/xcprt5/xcdmsov.htm
>> >Do you know about the free PDF document that Cisco Press put out on
>IS-IS >for BSCI candidates? When Cisco added IS-IS, Cisco Press didn't
>have a book >out yet that covered it (from a BSCI viewpoint anyway), so
>they put out a >PDF. Here's a link: >
>>http://www.ciscopress.com/content/images/1578702283/downloads/BSCNSuppleme
nt.pdf?session_id={D6502E20-0A8E-4868-8FE7-5A1A54F64857}
>> >Good luck whichever way you go, but I definitely recommend not
>lettting your >CCNP disappear, even temporarily. > >Priscilla > > > > >
>Anyone know if the Composite will count towards things like > > CCIP? If
>it > > doesn't I'd just take the 4 exam route. > > > > Thanks > > John >
>> > > -Original Message- > > From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 09, 2003 7:22 PM
>> > To: [EMAIL PROTECTED] > > Subject: Re: CCNP ReCert Questions
>[7:72071] > > > > Amazing wrote: > > > > > > I just did the CCNP recet
>test two weeks ago and passed with > > > not too much > > > studying --
>used boson test to see my weak areas and just > > > brushed up on > > >
>those areas -- hint -- you can use the same study materials > > you > > >
>used three > > > years ago -- nothing has changed. > > > > I wouldn't
>recommend just using the same material as 3 years > > ago. There > > are
>> > some new topics, like IS-IS for Routing and multilayer > > switching
>for > > Switching. Support and Remote Access seemed to be pretty > >
>similar, but > > those > > other two were pretty different from 3 years
>ago, at least in > > my test. I > > found it to be a two-Tums-package
>test for sure, depsite a good > > score in > > the > > end. > > > > > > >
>> as to the answer to your questions, my experience has been > > that > >
>> you should > > > go directly to cisco with these questions so you have
>a > > > > I defintely agree there. Go to Cisco. Even if we give you an >
>> answer, the > > Authoritative Bit will not be set. :-) That won't stop
>me > > though from > > adding > > a few more comments below > > > > >
>documented answer > > > when they change their mind later on ;-) > > > >
>> > d > > > > > > > > > ""John Cianfarani"" wrote in message > > >
>news:[EMAIL PROTECTED] > > > > I have to
>recert my CCNP by the 21st of this month. (yeah I > > > kn

RE: Re[2]: Frame-relay & HSRP [7:72166]

[Salvatore De Luca]

Masaru, 

  The main importance of the physical "main" interface configuration in
frame-relay is to set your encapsulation and or/LMI-Type if you use ANSI or
Q.933a, the default of CISCO is already set for you, and you do not need to
manually configure it either unless you have disabled inverse-arp. The
scenario I gave you resolves your issue with HSRP and the UP UP situation
for standby tracking. You want to generate a UP Down situation so you have a
true failover, which your current configuration cannot provide.. at least I
am not aware of another way. The advantage to sub-interfaces which include
scalability, dlci prioritization, and your little HSRP problem are just a
few the the added values of doing it.. You will always need the Physical
Interface configuration for Layer 2 capabilities, but the layer 3 can be
done on a sub-interface level where you will also specify your local dlci
information. In your setup you would want to use point-to-point links since
your not in a Hub-and-Spoke or Full-Mesh design, where you need multipoint
connections.If you use a subinterface.. and your link to R1 goes down, you
will generate an UP DOWN on R3's subinterface where if you track that
subinterface in HSRP, it will fail over to R4. Here is a URL that may help
anything I missed.. the Cisco DOC CD is a valuable source of information on
this kind of stuff.. You may also want to thoroughly read through Chapter 4
of Caslow/Pavlichenko's:Bridges, routers, and Switches for CCIE's. They
explain the different uses of Frame-relay pretty well.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_c/wcdfrely.htm#31757

All the Best!
Sal


Masaru Umetsu wrote:
> 
> Thanks Salvatore.
> 
> As a resolution, is it only to change the configuration from
> main-interface to sub-interface p2p$B!)(B
> If it is only sub-interface p2p, when and how should I use
> main-interface frame-relay configuration ? Don't you usually
> use main-interface
> frame-relay configuration ?
> Is there any solution by using current(main-interface)
> configuration to
> resolve my problem ?
> If there's something good to see, please let me know the URL or
> book.
> 
> Thanks.
> 
> On Sat, 12 Jul 2003 02:58:51 GMT
> "Salvatore De Luca"  wrote:
> 
> nobody> When you have a FR connection, you have a dedicated
> circuit to your provider
> nobody> which then on taps into the frame cloud. So consider it
> alomost like a
> nobody> point-to-point link to your local Carrier and then from
> there you connect
> nobody> within the providers Frame Switch into their Frame
> Relay cloud. Now, when
> nobody> you shutdown R1's Wan interface your HSRP failed over
> fine. The reason that
> nobody> R3 was showing Up Up was that your circuit to your
> carrier from R3 did not
> nobody> go down and it stil exhanges LMI with R3's Physical
> interface, your PVC
> nobody> should have been showing INACTIVE at this point though.
> I would recommend
> nobody> using point-to-point subinterfaces on your FR WAN
> connections. When you do
> nobody> this and then shut down one end of the link the line
> protocol on the
> nobody> sub-interface of R3 would go "UP DOWN" and if you then
> track the
> nobody> SUB-Interface, you should have a successful failover
> for the "Standby Track"
> nobody> command on R3. Currently, you have outboud traffic
> going out R2 --->R4 and
> nobody> return traffic going to the Active HSRP router "R3"
> then dropping packets
> nobody> because your PVC is INACTIVE and you are in an UP UP
> state..
> nobody> 
> nobody> You have successfully achieved Asymetrical routing.. :(
> nobody> 
> nobody> Until your Interface Line protocol Drops in an "UP
> DOWN" state on R3's WAN
> nobody> interface.. then Standby Interface tracking wont do
> anything..
> nobody> 
> nobody> 
> nobody> Masaru Umetsu wrote:
> nobody> > 
> nobody> > Dear all
> nobody> > 
> nobody> > I have a question about frame-relay. Network Diagram
> is below.
> nobody> > 
> nobody> > R1* *  *R3
> nobody> > | * FR * |
> nobody> > R2* *  *R4
> nobody> > 
> nobody> > I configured a HSRP between R1 and R2, R3 and R4.
> nobody> > R1,R3 are Active router.(R2,R4 are Standby router)
> nobody> > And I configured standby track in a Wan side of R1,R3.
> nobody> > 
> nobody> > When I disabled(shutdown the interface) the serial0/0
> of R1 ,
> nobody> > then R2 became Active router. It's ok.
> nobody> > But R3 didn't detect a down of Wan side,so serial0/0
> of R3 is
> nobody> > up-up.
> nobody> > Therefore,I can't send a data between R2 and R4.
> nobody> > Regarding Frame-relay configuration, I configured
> frame-relay in
> nobody> > main-interface. Is it a mechanism of Frame-relay in
> nobody> > main-interface ?
> nobody> > I don't know in detail. Should I use sub-interface &
> nobody> > point-2-point
> nobody> > definition in frame-relay to use HSRP standby track ?
> Please
> nobody> > explain me
> nobody> > about this problem.
> nobody> > 
> nobody> > 
> nobody> 
> no

Re: RE: Multimedia/Voice over VSAT [7:71706]

[garrett allen]

interactive voice over satellite is problematic due to the inherent 
latency of the signal travelling 40,000km distance to the satellite 
and another 40,000km back.  this adds 125ms of latency in each 
direction (to/from the bird), give or take.  if you remeber using 
satellite for long distance calls it took some getting used to (a bit 
like talking on a 2 way radio) and the perceived signal quality was 
less than using an under the pond cable.  satellite for 1 way video is 
fine, carriers use it for backhaul on a regular basis, but interactive 
video suffers the same difficulties as interactive voice.

so with the amount of latency already involved i would try to reduce 
any further quality impairments caused by voip or digital video 
processing.  satellite offers a variety of quality impairments of its




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=71943&t=71706
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

Look, guys, the bottom line is this.  The fact is, it is more desirable to
have a lower-number ccie than it is to have a higher-number.  I believe that
this is so because the test was more rigorous in the past than it is today,
but even if you don't believe this to be the case, you have to acknowledge
that other people think so, and in particular, people who have hiring power
think so.  And since no man here is Bill Gates, we all have to work for a
living, which means that we all have to get jobs, which means that we all
have to impress those people who have hiring power.  At the end of the day,
those people have the jobs that we want, so we have to follow their rules
even if we don't agree with them.

I've heard a lot of objections in this thread to what I've been saying, and
hey guys, it may surprise you, but I don't like what I'm saying any more
than you guys do. I don't have a particularly low number.  I've lost out on
opportunities because my number was not "deemed" low enough by
recruiters/HR/headhunters.  And yes, just like a lot of people here, my
first reaction was similar to you guys - I got pissed off at those
recruiters/HR guys.

But that was my first reaction.  I then thought about it and I realized that
it's not the recruiters fault that they're acting this way -  they're doing
it because the HR departments of the companies who they are scouting for
told them to do it.  And it's not really HR's fault either - I highly doubt
that HR is spending all their time scheming to intentionally come up with
unfair hiring practices just to screw guys like me over, like some kind of
weird X-Files conspiracy (why would they want to waste their time trying to
deliberately screw me and some of the other higher-number ccie's over when
they've never even met us - what exactly does HR gain by doing this?).   So
why get ticked off at recruiters or at HR when they're only doing their
jobs?  I believe the real underlying root cause lies with Cisco itself for
not properly maintaining the quality of the program.

Again, I will pose a question I posed in my discussions with Mark Hayes in
this thread - why are bootcamps thriving businesses?  Because quite
obviously they are selling what is in essence an improved chance to pass the
test.  In a nutshell, that's what you're really buying when you attend a
bootcamp.  If this was not the case, then why would people spend money to
attend one? Now don't get me wrong - I'm not saying there's anything wrong
with bootcamps per se (they're out to make money just like any other
company) but it does mean that their existence makes the test easier and
this effect must be counteracted by Cisco by making the exam even harder if
you aim to maintain the same rigor of the program (another way to counteract
the effect of bootcamps is to use relative scoring, but I digress).   
Otherwise you end up with the situation you have today - where guys are to a
certain extent just buying their way to a cert.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70695&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: RE: RE: number of CCIE??? [7:70328]

[The Road Goes Ever On]

much as I hate to help keep this particular thread alive --- below

""n rf""  wrote in message
news:[EMAIL PROTECTED]
> Craig Columbus wrote:
>
>
> > passing from October 2002 to present.  The most recent number
> > I've seen is
> > 11757.  Which, averages about 170 people per month.
> > Extrapolating to
> > October, the number of people passing from Oct 2002 to Oct 2003
> > should turn
> > out to be around 2044.  My conclusion then, is that since the
> > labs stay
> > booked, and since the expected doubling of the people passing
> > has not
> > occurred, that the new lab is somewhat more difficult than the
> > old
> > lab.  Therefore, the "difficulty barrier" was increased to
> > partially, but
> > not fully, counter the effects of lowering the "quantity
> > barrier" (number
> > of lab seats).  Had the difficulty been raised enough to fully
> > counter the
> > quantity barrier, the number of those passing would have been
> > held constant.
>
> Actually, I believe your numerical analysis is somewhat incomplete.
>
> At the same time that Cisco made the change from 2 days to 1, Cisco also
> (quietly) eliminated weekend testing.  Also, Cisco has lately banked some
> test locations (i.e. Halifax).  Finally, anecdotally I've been hearing
that
> the number of empty seats in any particular location seems to be higher
than
> it was in the past.  For all these factors, I therefore don't think that
> there has been a true doubling of seats.


well, first of all, yes I saw a number of empty seats last two times
through, but don't forget - there are a hell of a lot more racks as well. I
believe San Jose doubled the number of available racks from 10 to 20 ( and
don't rag on me if I am wrong about the specifics, please. I have to go from
memory here. )

the only people who can provide true statistics are working for Cisco, and
believe me, they ain't talking.

then there is the bad economy factor. I haven't checked lately, but when I
was looking a few months ago, it was no problem to find open slots less than
30 days out.

if it is true that there are 150 people passing per month ( and I don't know
because I haven't been keep stats lately ) then the conclusion is that test
takers are just better prepared, for whatever reason. ( that reason could be
multiple repetitions, or lots more study, or lots more cheating.)

Come to think of it, this thread is long overdue for disappearance under
it's own weight.

goodnight, all




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70712&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

Craig Columbus wrote:


> passing from October 2002 to present.  The most recent number
> I've seen is
> 11757.  Which, averages about 170 people per month. 
> Extrapolating to
> October, the number of people passing from Oct 2002 to Oct 2003
> should turn
> out to be around 2044.  My conclusion then, is that since the
> labs stay
> booked, and since the expected doubling of the people passing
> has not
> occurred, that the new lab is somewhat more difficult than the
> old
> lab.  Therefore, the "difficulty barrier" was increased to
> partially, but
> not fully, counter the effects of lowering the "quantity
> barrier" (number
> of lab seats).  Had the difficulty been raised enough to fully
> counter the
> quantity barrier, the number of those passing would have been
> held constant.

Actually, I believe your numerical analysis is somewhat incomplete.

At the same time that Cisco made the change from 2 days to 1, Cisco also
(quietly) eliminated weekend testing.  Also, Cisco has lately banked some
test locations (i.e. Halifax).  Finally, anecdotally I've been hearing that
the number of empty seats in any particular location seems to be higher than
it was in the past.  For all these factors, I therefore don't think that
there has been a true doubling of seats.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70696&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

Mark W. Odette II wrote:
> 
> Robert, the way you described your hiring/screening process is
> the way I
> wished all Corporate America job providers did it.
> 
> It's nice to know that at least one business out there doesn't
> hide
> behind an HR group that isn't prepared to perform the screening
> process
> properly and/or fairly.

Ah, but let's not give him more credit than he's due.  Read my reply to
him.  Essentially, while Robert's practices are commendable, he left out a
very important piece of information - namely out of all the original
candidates who submitted resumes, how exactly did he figure out who was to
be granted an interview?  Obviously he used some sort of a screening process
- # years of experience, ccie status (or lack thereof), degree (or lack
therefore), etc.

But it's obvious that he used something because it is simply impossible to
grant an interview to absolutely everybody who submits a resume.  And
whatever screening process he used to whittle the numbers down to something
manageable is inherently imperfect.Perhaps Robert's screen is better
than ones used by HR departments around the world, but let's not kid
ourselves here - it wasn't perfect.   No matter what screen you do, you run
the risk of throwing what may turn out to be your best candidate.

And that's really the bottom line.  While we would all obviously prefer not
to be treated like some number, the fact is, no company is really prepared
to properly investigate every single candidate thorougly.  Every candidate
is going to make some sweeping generalizations that while they may not be
totally fair, are done in the name of economic efficiency.  Degree'd people
tend to be more productive than non-degree'd people.  That doesn't mean that
every single non-degree'd person is worse than every single degree'd person,
but the general rule holds enough times that companies can and will use it
as a screen.  Things like that.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70692&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: (no subject) [7:70562]

[ramesh_cisco]

bgp backdoor has got a specific use ..suppose you have a network that you
have learnt both from igp(ospf) & egp(ebgp),


then your router prepers egbp route as it is having less metric .If you want
to force your router to prefer igp router,you need to add router backdoor
entry in bgp config of your router


 


ramesh ccnp

"grant grant123nj" wrote:



Hi, Srivathsan

As I know, Cisco network backdoor command in BGP is to generate a local BGP
route, of which administrative distance is 200. The only difference between
the network and the network backdoor command is that the later route is not
advertised to EBGP peer.

Regards,
Grant
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70573&t=70562
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Dom]

Howard,

I hate to have to say ;>) -

Check the GroupStudy archives - about 12th - 13th Jan 2001.

Best regards,

Dom Stocqueler (another Monty Python fan)
Zoo Keeper (Small Reptiles) - SysDom Technologies


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Howard C. Berkowitz
Sent: 11 June 2003 23:09
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


At 4:41 PM + 6/11/03, Kaminski, Shawn G wrote:
>STOP IT! Both of you! :-)
>
>Shawn K.
>
>P.S. This thread has been highly entertaining!
>

What is the velocity of the sparrow, measured in CCIE units?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70553&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Jack Nalbandian]

LOL!  OK. I will only accuse you of blatant bias, if that feels better.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n
rf
Sent: Wednesday, June 11, 2003 12:50 PM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


Steve Wilson wrote:
>
> Thank you gents,
> I have come to the conclusion that Jack and NRF is one and the
> same person.
> Anyone who has seen, or read, "Fight Club" will recognise the
> symptoms. Any
> minute now NRF will shoot himself through the mouth and end it
> all.

I think I really am going to go postal if people continue to accuse me of
attempting to convey some hidden message using some underlying subterfuge,
Morse code, esperanto, smoke-signals, interpretive dance, subliminal
messages (buy CocaCola! Jennifer Lopez - come over to my place), invisible
ink, Thieves' Cant, or any other form of communication besides plain English
.   Oh, what nrf said is this, but what he's actually secretly trying to say
is something else entirely, and I know this because I have something that
nobody else has - my own nrf-secret-decoder-ring.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70551&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Howard C. Berkowitz]

At 4:41 PM + 6/11/03, Kaminski, Shawn G wrote:
>STOP IT! Both of you! :-)
>
>Shawn K.
>
>P.S. This thread has been highly entertaining!
>

What is the velocity of the sparrow, measured in CCIE units?




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70544&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Mark W. Odette II]

Robert, the way you described your hiring/screening process is the way I
wished all Corporate America job providers did it.

It's nice to know that at least one business out there doesn't hide
behind an HR group that isn't prepared to perform the screening process
properly and/or fairly.


-Mark

-Original Message-
From: Robertson, Douglas [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2003 1:58 PM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]

This has been an entertaining thread, but the way I see it is this.
Maybe
the high/low CCIE would work with the headhunters and that is a
different
story, but we have interviewed/employed a number of IT guys over the
past
couple of months, CCIE's included and to be honest I do not look to the
CCIE
number for a reference of technical ability (I do look that it is a
valid
CCIE number). The candidates that we interview complete a test, written
and
lab, tiered in difficulty. We make an evaluation based on experience,
team
orientation, and test/lab results. There is no pressure to answer or
complete the test/lab however that is how we determine the level/tier of
the
prospective candidate, not the CCIE number. That is just how we do it.

My two cents

Doug  

-Original Message-
From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 12:42 PM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


STOP IT! Both of you! :-)

Shawn K.

P.S. This thread has been highly entertaining!

-Original Message-
From: n rf [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2003 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]

>Jack Nalbandian wrote:

Boy, for a guy who says that he wants to close the thread, you really
have a
lot to say.

> 
> 1. Attacking his motives and attacking his character are
> mutually exclusive
> endeavors.  I attack his motive of defaming the certification
> process itself
> in a series of different topics.  I have not criticized any
> such commentary
> that balances all facts, but NRF's overall commentary does no
> such thing.

Uh, how's that?  At the end of the day you are refusing to deal with the
issues at hand.  Whether you choose to attack my motives or my character
-
whatever you want to call it - it's still out of bounds.  You are either
talking about the actual issues at hand, or you're not.  Simple as that.

Besides, character and motives are basically one and the same.  Wouldn't
somebody with bad character necessarily have bad motives?  Is there
really
such a thing as a guy with bad character having good motives?  Or vice
versa? I don't think so.  So really, when you say that you're
questioning my
motives but not my character, that's really a distinction without a
difference.

Look, the bottom line is this.  I don't question your motives or your
character.  Don't do it to me.



> 
> 2. There is the issue of devaluation of certifications due to
> the "forces
> majeur" that you mention, but the actual argument, it seems,
> you have missed
> as well.  The entire focus seems to be on "certification
> tracks" and how
> "worthless they are," not due to the actual market forces at
> play, but due
> to the very (alleged) "inherent weakness" of the certification
> process
> itself.  Therefore, your well-thought out and long-winded (not
> meant as a
> pejorative) is too far off the mark.

Why do you keep insisting on telling me what my own focus is?  Don't you
think I would know the focus of my own posts?   When have I said in this
particular thread that all certifications were worthless?

In fact, you could easily say quite the opposite - I have said several
times
that certain certifications, namely low-number CCIE's, are in fact quite
valuable.  So how does that jive with your accusation that I am somehow
painting all certifications as worthless, when in fact I have singled
out a
certification subset as worthy?


Oh, but I get it, you keep insisting that I am actually bashing all
certs as
a "stealth undercurrent thesis", despite the fact that I think everybody
in
this ng would agree that I don't exactly "do" stealth.  If I want to say
something, I'm going to say it.

Here's an idea, Jack.  Instead of debating me on what you believe the
undercurrents of my words are saying, why not debate me on what I'm
ACTUALLY
saying?  To do otherwise is really to engage in that character
assassination
and shooting-of-the-messenger that is simply uncouth.

> 2b. The second repetitively implied undertext is that of the
> (alleged)
> "superiority" of college education, the original method of
> degradation and
> defamation of the certificiation process itself.  I dismissed
> th

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

Steve Wilson wrote:
> 
> Thank you gents,
> I have come to the conclusion that Jack and NRF is one and the
> same person.
> Anyone who has seen, or read, "Fight Club" will recognise the
> symptoms. Any
> minute now NRF will shoot himself through the mouth and end it
> all.

I think I really am going to go postal if people continue to accuse me of
attempting to convey some hidden message using some underlying subterfuge,
Morse code, esperanto, smoke-signals, interpretive dance, subliminal
messages (buy CocaCola! Jennifer Lopez - come over to my place), invisible
ink, Thieves' Cant, or any other form of communication besides plain English
.   Oh, what nrf said is this, but what he's actually secretly trying to say
is something else entirely, and I know this because I have something that
nobody else has - my own nrf-secret-decoder-ring.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70534&t=70328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Robertson, Douglas]

This has been an entertaining thread, but the way I see it is this. Maybe
the high/low CCIE would work with the headhunters and that is a different
story, but we have interviewed/employed a number of IT guys over the past
couple of months, CCIE's included and to be honest I do not look to the CCIE
number for a reference of technical ability (I do look that it is a valid
CCIE number). The candidates that we interview complete a test, written and
lab, tiered in difficulty. We make an evaluation based on experience, team
orientation, and test/lab results. There is no pressure to answer or
complete the test/lab however that is how we determine the level/tier of the
prospective candidate, not the CCIE number. That is just how we do it.

My two cents

Doug  

-Original Message-
From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 11, 2003 12:42 PM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


STOP IT! Both of you! :-)

Shawn K.

P.S. This thread has been highly entertaining!

-Original Message-
From: n rf [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2003 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]

>Jack Nalbandian wrote:

Boy, for a guy who says that he wants to close the thread, you really have a
lot to say.

> 
> 1. Attacking his motives and attacking his character are
> mutually exclusive
> endeavors.  I attack his motive of defaming the certification
> process itself
> in a series of different topics.  I have not criticized any
> such commentary
> that balances all facts, but NRF's overall commentary does no
> such thing.

Uh, how's that?  At the end of the day you are refusing to deal with the
issues at hand.  Whether you choose to attack my motives or my character -
whatever you want to call it - it's still out of bounds.  You are either
talking about the actual issues at hand, or you're not.  Simple as that.

Besides, character and motives are basically one and the same.  Wouldn't
somebody with bad character necessarily have bad motives?  Is there really
such a thing as a guy with bad character having good motives?  Or vice
versa? I don't think so.  So really, when you say that you're questioning my
motives but not my character, that's really a distinction without a
difference.

Look, the bottom line is this.  I don't question your motives or your
character.  Don't do it to me.



> 
> 2. There is the issue of devaluation of certifications due to
> the "forces
> majeur" that you mention, but the actual argument, it seems,
> you have missed
> as well.  The entire focus seems to be on "certification
> tracks" and how
> "worthless they are," not due to the actual market forces at
> play, but due
> to the very (alleged) "inherent weakness" of the certification
> process
> itself.  Therefore, your well-thought out and long-winded (not
> meant as a
> pejorative) is too far off the mark.

Why do you keep insisting on telling me what my own focus is?  Don't you
think I would know the focus of my own posts?   When have I said in this
particular thread that all certifications were worthless?

In fact, you could easily say quite the opposite - I have said several times
that certain certifications, namely low-number CCIE's, are in fact quite
valuable.  So how does that jive with your accusation that I am somehow
painting all certifications as worthless, when in fact I have singled out a
certification subset as worthy?


Oh, but I get it, you keep insisting that I am actually bashing all certs as
a "stealth undercurrent thesis", despite the fact that I think everybody in
this ng would agree that I don't exactly "do" stealth.  If I want to say
something, I'm going to say it.

Here's an idea, Jack.  Instead of debating me on what you believe the
undercurrents of my words are saying, why not debate me on what I'm ACTUALLY
saying?  To do otherwise is really to engage in that character assassination
and shooting-of-the-messenger that is simply uncouth.

> 2b. The second repetitively implied undertext is that of the
> (alleged)
> "superiority" of college education, the original method of
> degradation and
> defamation of the certificiation process itself.  I dismissed
> this as a
> comparison between apples and oranges with the intent to
> devalue oranges by
> judging their value in apple terms.  If you have read my posts
> at all, you
> will know my position on this. I can repost the relevant
> content if you
> wish.
> 

There you go again with the implied undertext.  How the heck am I supposed
to prove a negative?  You can always accuse anybody of using subliminal
messages and codewords, and what the heck am I supposed to do about it? 
Nobo

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Kaminski, Shawn G]

STOP IT! Both of you! :-)

Shawn K.

P.S. This thread has been highly entertaining!

-Original Message-
From: n rf [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 11, 2003 10:28 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]

>Jack Nalbandian wrote:

Boy, for a guy who says that he wants to close the thread, you really have a
lot to say.

> 
> 1. Attacking his motives and attacking his character are
> mutually exclusive
> endeavors.  I attack his motive of defaming the certification
> process itself
> in a series of different topics.  I have not criticized any
> such commentary
> that balances all facts, but NRF's overall commentary does no
> such thing.

Uh, how's that?  At the end of the day you are refusing to deal with the
issues at hand.  Whether you choose to attack my motives or my character -
whatever you want to call it - it's still out of bounds.  You are either
talking about the actual issues at hand, or you're not.  Simple as that.

Besides, character and motives are basically one and the same.  Wouldn't
somebody with bad character necessarily have bad motives?  Is there really
such a thing as a guy with bad character having good motives?  Or vice
versa? I don't think so.  So really, when you say that you're questioning my
motives but not my character, that's really a distinction without a
difference.

Look, the bottom line is this.  I don't question your motives or your
character.  Don't do it to me.



> 
> 2. There is the issue of devaluation of certifications due to
> the "forces
> majeur" that you mention, but the actual argument, it seems,
> you have missed
> as well.  The entire focus seems to be on "certification
> tracks" and how
> "worthless they are," not due to the actual market forces at
> play, but due
> to the very (alleged) "inherent weakness" of the certification
> process
> itself.  Therefore, your well-thought out and long-winded (not
> meant as a
> pejorative) is too far off the mark.

Why do you keep insisting on telling me what my own focus is?  Don't you
think I would know the focus of my own posts?   When have I said in this
particular thread that all certifications were worthless?

In fact, you could easily say quite the opposite - I have said several times
that certain certifications, namely low-number CCIE's, are in fact quite
valuable.  So how does that jive with your accusation that I am somehow
painting all certifications as worthless, when in fact I have singled out a
certification subset as worthy?


Oh, but I get it, you keep insisting that I am actually bashing all certs as
a "stealth undercurrent thesis", despite the fact that I think everybody in
this ng would agree that I don't exactly "do" stealth.  If I want to say
something, I'm going to say it.

Here's an idea, Jack.  Instead of debating me on what you believe the
undercurrents of my words are saying, why not debate me on what I'm ACTUALLY
saying?  To do otherwise is really to engage in that character assassination
and shooting-of-the-messenger that is simply uncouth.

> 2b. The second repetitively implied undertext is that of the
> (alleged)
> "superiority" of college education, the original method of
> degradation and
> defamation of the certificiation process itself.  I dismissed
> this as a
> comparison between apples and oranges with the intent to
> devalue oranges by
> judging their value in apple terms.  If you have read my posts
> at all, you
> will know my position on this. I can repost the relevant
> content if you
> wish.
> 

There you go again with the implied undertext.  How the heck am I supposed
to prove a negative?  You can always accuse anybody of using subliminal
messages and codewords, and what the heck am I supposed to do about it? 
Nobody can prove a negative.

But once again, I ask you, why not debate me on my actual words, rather than
what you "insinuate" my words to mean?  To me, this particular thread only
has to do with the decline in value of the CCIE as related to the value of
lower vs. higher-number CCIE's - the value of college education has nothing
to do with it.  If you want to start your own thread about that, I'm happy
to oblige.  But for now, let's stick to the subject at hand.
 

> 2c. All (mostly alleged, some legitimately identifiable) flaws
> of
> certification were constantly addressed by NRF, but none of the
> flaws
> associated with the college degree programs were even cited. 
> Thus, a lack
> of balance that is consistent in his writings. In a nutshell, I
> have pointed
> that all the ills that the MCSE or CCNA/CCNP/CCIE tracks are
> plauged with
> also plague the university programs.  One example is

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Steve Wilson]

Thank you gents,
I have come to the conclusion that Jack and NRF is one and the same person.
Anyone who has seen, or read, "Fight Club" will recognise the symptoms. Any
minute now NRF will shoot himself through the mouth and end it all.
Seriously though over the years I have passed exams to get qualifications
relevant to the job I am trying to get. The only problem is that the
requirements in said job change and the qualifications become out of date.
It is a constant merry-go-round. As far as I am concerned it sucks both
ways. 
If you have an old qualification that you have updated, good for you. If you
have a nice shiny new one well done, you know the stuff to pass the new
exam. Could you pass the original one that the previous guy did, probably
not? 
I have met excellent engineers who had the latest qualifications and also
even better ones that didn't. The best that I can do is do my job as well as
I can and hope that if I am made redundant again I have the right
combination of qualifications and experience to get another job.
Can we please now all get off our high horses, get drunk and forget the
whole argument? 

Cheers,
Steve Wilson CCNP CCDA
Network Engineer

-Original Message-
From: n rf [mailto:[EMAIL PROTECTED] 
Sent: 11 June 2003 15:28
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]

>Jack Nalbandian wrote:

Boy, for a guy who says that he wants to close the thread, you really have a
lot to say.

> 
> 1. Attacking his motives and attacking his character are
> mutually exclusive
> endeavors.  I attack his motive of defaming the certification
> process itself
> in a series of different topics.  I have not criticized any
> such commentary
> that balances all facts, but NRF's overall commentary does no
> such thing.

Uh, how's that?  At the end of the day you are refusing to deal with the
issues at hand.  Whether you choose to attack my motives or my character -
whatever you want to call it - it's still out of bounds.  You are either
talking about the actual issues at hand, or you're not.  Simple as that.

Besides, character and motives are basically one and the same.  Wouldn't
somebody with bad character necessarily have bad motives?  Is there really
such a thing as a guy with bad character having good motives?  Or vice
versa? I don't think so.  So really, when you say that you're questioning my
motives but not my character, that's really a distinction without a
difference.

Look, the bottom line is this.  I don't question your motives or your
character.  Don't do it to me.



> 
> 2. There is the issue of devaluation of certifications due to
> the "forces
> majeur" that you mention, but the actual argument, it seems,
> you have missed
> as well.  The entire focus seems to be on "certification
> tracks" and how
> "worthless they are," not due to the actual market forces at
> play, but due
> to the very (alleged) "inherent weakness" of the certification
> process
> itself.  Therefore, your well-thought out and long-winded (not
> meant as a
> pejorative) is too far off the mark.

Why do you keep insisting on telling me what my own focus is?  Don't you
think I would know the focus of my own posts?   When have I said in this
particular thread that all certifications were worthless?

In fact, you could easily say quite the opposite - I have said several times
that certain certifications, namely low-number CCIE's, are in fact quite
valuable.  So how does that jive with your accusation that I am somehow
painting all certifications as worthless, when in fact I have singled out a
certification subset as worthy?


Oh, but I get it, you keep insisting that I am actually bashing all certs as
a "stealth undercurrent thesis", despite the fact that I think everybody in
this ng would agree that I don't exactly "do" stealth.  If I want to say
something, I'm going to say it.

Here's an idea, Jack.  Instead of debating me on what you believe the
undercurrents of my words are saying, why not debate me on what I'm ACTUALLY
saying?  To do otherwise is really to engage in that character assassination
and shooting-of-the-messenger that is simply uncouth.

> 2b. The second repetitively implied undertext is that of the
> (alleged)
> "superiority" of college education, the original method of
> degradation and
> defamation of the certificiation process itself.  I dismissed
> this as a
> comparison between apples and oranges with the intent to
> devalue oranges by
> judging their value in apple terms.  If you have read my posts
> at all, you
> will know my position on this. I can repost the relevant
> content if you
> wish.
> 

There you go again with the implied undertext.  How the heck am I supposed
to prove a nega

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

>Jack Nalbandian wrote:

Boy, for a guy who says that he wants to close the thread, you really have a
lot to say.

> 
> 1. Attacking his motives and attacking his character are
> mutually exclusive
> endeavors.  I attack his motive of defaming the certification
> process itself
> in a series of different topics.  I have not criticized any
> such commentary
> that balances all facts, but NRF's overall commentary does no
> such thing.

Uh, how's that?  At the end of the day you are refusing to deal with the
issues at hand.  Whether you choose to attack my motives or my character -
whatever you want to call it - it's still out of bounds.  You are either
talking about the actual issues at hand, or you're not.  Simple as that.

Besides, character and motives are basically one and the same.  Wouldn't
somebody with bad character necessarily have bad motives?  Is there really
such a thing as a guy with bad character having good motives?  Or vice
versa? I don't think so.  So really, when you say that you're questioning my
motives but not my character, that's really a distinction without a
difference.

Look, the bottom line is this.  I don't question your motives or your
character.  Don't do it to me.



> 
> 2. There is the issue of devaluation of certifications due to
> the "forces
> majeur" that you mention, but the actual argument, it seems,
> you have missed
> as well.  The entire focus seems to be on "certification
> tracks" and how
> "worthless they are," not due to the actual market forces at
> play, but due
> to the very (alleged) "inherent weakness" of the certification
> process
> itself.  Therefore, your well-thought out and long-winded (not
> meant as a
> pejorative) is too far off the mark.

Why do you keep insisting on telling me what my own focus is?  Don't you
think I would know the focus of my own posts?   When have I said in this
particular thread that all certifications were worthless?

In fact, you could easily say quite the opposite - I have said several times
that certain certifications, namely low-number CCIE's, are in fact quite
valuable.  So how does that jive with your accusation that I am somehow
painting all certifications as worthless, when in fact I have singled out a
certification subset as worthy?


Oh, but I get it, you keep insisting that I am actually bashing all certs as
a "stealth undercurrent thesis", despite the fact that I think everybody in
this ng would agree that I don't exactly "do" stealth.  If I want to say
something, I'm going to say it.

Here's an idea, Jack.  Instead of debating me on what you believe the
undercurrents of my words are saying, why not debate me on what I'm ACTUALLY
saying?  To do otherwise is really to engage in that character assassination
and shooting-of-the-messenger that is simply uncouth.

> 2b. The second repetitively implied undertext is that of the
> (alleged)
> "superiority" of college education, the original method of
> degradation and
> defamation of the certificiation process itself.  I dismissed
> this as a
> comparison between apples and oranges with the intent to
> devalue oranges by
> judging their value in apple terms.  If you have read my posts
> at all, you
> will know my position on this. I can repost the relevant
> content if you
> wish.
> 

There you go again with the implied undertext.  How the heck am I supposed
to prove a negative?  You can always accuse anybody of using subliminal
messages and codewords, and what the heck am I supposed to do about it? 
Nobody can prove a negative.

But once again, I ask you, why not debate me on my actual words, rather than
what you "insinuate" my words to mean?  To me, this particular thread only
has to do with the decline in value of the CCIE as related to the value of
lower vs. higher-number CCIE's - the value of college education has nothing
to do with it.  If you want to start your own thread about that, I'm happy
to oblige.  But for now, let's stick to the subject at hand.
 

> 2c. All (mostly alleged, some legitimately identifiable) flaws
> of
> certification were constantly addressed by NRF, but none of the
> flaws
> associated with the college degree programs were even cited. 
> Thus, a lack
> of balance that is consistent in his writings. In a nutshell, I
> have pointed
> that all the ills that the MCSE or CCNA/CCNP/CCIE tracks are
> plauged with
> also plague the university programs.  One example is that
> plagiarism off the
> web is a huge concern among college deans, so far forcing them
> to hire
> specialists who track down web-based term papers for sale.


Why have I not addressed then?  Surprise surprise, because I am not talking
about the value of college in this thread.  Only you are.  Why are you
stunned to discover that I have not discussed things thatare not related to
the subject at hand?  What exactly does the value of college have anything
to do with the decline in value of the CCIE, as demonstrated by the value of
lower and higher-number CCIE's?

> 
> 3. The new topic

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Jack Nalbandian]

1. Attacking his motives and attacking his character are mutually exclusive
endeavors.  I attack his motive of defaming the certification process itself
in a series of different topics.  I have not criticized any such commentary
that balances all facts, but NRF's overall commentary does no such thing.

2. There is the issue of devaluation of certifications due to the "forces
majeur" that you mention, but the actual argument, it seems, you have missed
as well.  The entire focus seems to be on "certification tracks" and how
"worthless they are," not due to the actual market forces at play, but due
to the very (alleged) "inherent weakness" of the certification process
itself.  Therefore, your well-thought out and long-winded (not meant as a
pejorative) is too far off the mark.

2b. The second repetitively implied undertext is that of the (alleged)
"superiority" of college education, the original method of degradation and
defamation of the certificiation process itself.  I dismissed this as a
comparison between apples and oranges with the intent to devalue oranges by
judging their value in apple terms.  If you have read my posts at all, you
will know my position on this. I can repost the relevant content if you
wish.

2c. All (mostly alleged, some legitimately identifiable) flaws of
certification were constantly addressed by NRF, but none of the flaws
associated with the college degree programs were even cited.  Thus, a lack
of balance that is consistent in his writings. In a nutshell, I have pointed
that all the ills that the MCSE or CCNA/CCNP/CCIE tracks are plauged with
also plague the university programs.  One example is that plagiarism off the
web is a huge concern among college deans, so far forcing them to hire
specialists who track down web-based term papers for sale.

3. The new topic of "number of CCIEs" appears to me to be a part of a series
of attempts to degrade the idea of vendor certification as a whole.  That is
his pattern as far as I have observed.  I would appreciate genuine concern
and balanced commentary on the matter, but mythology is all I read from his
angle.  That is my observation, and you have not convinced me otherwise.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Craig Columbus
Sent: Monday, June 09, 2003 3:19 PM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


I've been trying to hold my tongue on this one since this firestorm comes
up at least once a quarterBUT:

NRF is correct.  Attacking him and his motives fails to address the issue
at hand.  Rightly, or wrongly, there is a slight devaluation of the CCIE
certification and it's not NRF's fault.  Let me be clear:  I'm not
attacking any one who has earned, or is pursuing, the CCIE designation.  I
think any process that furthers an individual's knowledge, including the
CCIE certification process, is valuable.  But, let's go back to the
original post... the original poster believed that the rate of people
pursuing, and passing, the CCIE examination was increasing by quite a bit
and wondered aloud if this was devaluing the certification.  And, the
answer is: yes, to some degree.

Now before you pounce upon me, try to follow my logic.  If you can't be
bothered to read the logic, at least skip to my conclusion at the end
before bashing me.

DISCLAIMER: I realize that this is simplifying things...you economists in
the audience shouldn't send me emails pointing out the complexity I left
out.

Certain basic economic laws apply to all commerce transactions, including
the exchange of money for skilled IT labor.  The two laws that apply are:

1) The Law of Supply.  This law states:
 a) that at higher prices, producers are willing to offer more
products for sale than at lower prices.  In terms of this discussion, this
means that when companies are willing to pay higher salaries (PRICE), CCIEs
(PRODUCERS) are willing to provide more services (PRODUCTS) than when
salaries are low.
 b) states that the supply increases as prices increase and
decreases as prices decrease.  Means that more people will become CCIEs
(producers) to cash in on the higher prices (SALARIES) and people will stop
trying to work as CCIEs when the salaries drop.
 c) states that those already in business will try to increase
productions as a way of increasing profits.  This is very similar to, but
subtly different than, part a. Whereas in part a, the producers will offer
more services in terms of product offering, part c indicates that producers
will try to work more hours to optimize income.

2) The Law of Demand.  This law states:
 a) that people will buy more of a product at a lower price than at
a higher price, if nothing changes.  This means that companies will request
more services, up to the point where the company no longer can make use of
the services, 

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Mark E. Hayes]

Kudos to Craig for a well thought out and written response. This is what
I wanted to 
say but my temper got the better of me.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Craig Columbus
Sent: Monday, June 09, 2003 5:19 PM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


I've been trying to hold my tongue on this one since this firestorm
comes 
up at least once a quarterBUT:

NRF is correct.  Attacking him and his motives fails to address the
issue 
at hand.  Rightly, or wrongly, there is a slight devaluation of the CCIE

certification and it's not NRF's fault.  Let me be clear:  I'm not 
attacking any one who has earned, or is pursuing, the CCIE designation.
I 
think any process that furthers an individual's knowledge, including the

CCIE certification process, is valuable.  But, let's go back to the 
original post... the original poster believed that the rate of people 
pursuing, and passing, the CCIE examination was increasing by quite a
bit 
and wondered aloud if this was devaluing the certification.  And, the 
answer is: yes, to some degree.

Now before you pounce upon me, try to follow my logic.  If you can't be 
bothered to read the logic, at least skip to my conclusion at the end 
before bashing me.

DISCLAIMER: I realize that this is simplifying things...you economists
in 
the audience shouldn't send me emails pointing out the complexity I left
out.

Certain basic economic laws apply to all commerce transactions,
including 
the exchange of money for skilled IT labor.  The two laws that apply
are:

1) The Law of Supply.  This law states:
 a) that at higher prices, producers are willing to offer more 
products for sale than at lower prices.  In terms of this discussion,
this 
means that when companies are willing to pay higher salaries (PRICE),
CCIEs 
(PRODUCERS) are willing to provide more services (PRODUCTS) than when 
salaries are low.
 b) states that the supply increases as prices increase and 
decreases as prices decrease.  Means that more people will become CCIEs 
(producers) to cash in on the higher prices (SALARIES) and people will
stop 
trying to work as CCIEs when the salaries drop.
 c) states that those already in business will try to increase 
productions as a way of increasing profits.  This is very similar to,
but 
subtly different than, part a. Whereas in part a, the producers will
offer 
more services in terms of product offering, part c indicates that
producers 
will try to work more hours to optimize income.

2) The Law of Demand.  This law states:
 a) that people will buy more of a product at a lower price than
at 
a higher price, if nothing changes.  This means that companies will
request 
more services, up to the point where the company no longer can make use
of 
the services, at a lower price than at a higher price.
 b) that at a lower price, more people can afford to buy more
goods 
and more of an item more frequently, than they can at a higher 
price.  Again, this means that at a lower salary, companies can afford
to 
buy more IT services more frequently than they can when salaries are
high.
 c) that at lower prices, people tend to buy some goods as a 
substitute for others more expensive.  This means that when the services
of 
a CCNP are cheaper than those of a CCIE, and the services of the CCNP
are 
sufficient, then companies will tend to only purchase (hire) the
services 
of a CCNP.

The equilibrium point, where supply equals demand is known as the Market

Price.  The market price will remain unchanged as long as supply and
demand 
remains unchanged. If there is an increase in demand or a decrease in 
supply, the market price will increase. If the opposite occurs, that is,
if 
demand decreases and supply increases, the market price will decrease.

Now, when you apply these rules to the current CCIE certification / 
economic situation, several things become clear:
1)  CCIE salaries have always been fairly high.  This is due to the 
higher demand for CCIE services and the relatively low supply of CCIEs 
available.
2)  There are many people who wish to cash in on the high salaries 
typically paid to CCIEs.  However, there are barriers to entry (another 
economics term) for suppliers.  Namely, the cost of the certification
and 
the intelligence / experience required to pass the difficult 
examination.  These barriers will prevent everyone who wishes to become
a 
CCIE from actually attaining the certification.
3)  One of the barriers for entry (CCIE test requirements) has
recently 
been lowered.  Namely, the move from a two day test to a one day 
test.  Since twice the number of people can now take the exam as could 
previously take the exam in a given time period, the number of those 
passing in a given time period is going to increase.
4)  Without an additional barrier to entry being erected, 

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Craig Columbus]

I've been trying to hold my tongue on this one since this firestorm comes 
up at least once a quarterBUT:

NRF is correct.  Attacking him and his motives fails to address the issue 
at hand.  Rightly, or wrongly, there is a slight devaluation of the CCIE 
certification and it's not NRF's fault.  Let me be clear:  I'm not 
attacking any one who has earned, or is pursuing, the CCIE designation.  I 
think any process that furthers an individual's knowledge, including the 
CCIE certification process, is valuable.  But, let's go back to the 
original post... the original poster believed that the rate of people 
pursuing, and passing, the CCIE examination was increasing by quite a bit 
and wondered aloud if this was devaluing the certification.  And, the 
answer is: yes, to some degree.

Now before you pounce upon me, try to follow my logic.  If you can't be 
bothered to read the logic, at least skip to my conclusion at the end 
before bashing me.

DISCLAIMER: I realize that this is simplifying things...you economists in 
the audience shouldn't send me emails pointing out the complexity I left out.

Certain basic economic laws apply to all commerce transactions, including 
the exchange of money for skilled IT labor.  The two laws that apply are:

1) The Law of Supply.  This law states:
 a) that at higher prices, producers are willing to offer more 
products for sale than at lower prices.  In terms of this discussion, this 
means that when companies are willing to pay higher salaries (PRICE), CCIEs 
(PRODUCERS) are willing to provide more services (PRODUCTS) than when 
salaries are low.
 b) states that the supply increases as prices increase and 
decreases as prices decrease.  Means that more people will become CCIEs 
(producers) to cash in on the higher prices (SALARIES) and people will stop 
trying to work as CCIEs when the salaries drop.
 c) states that those already in business will try to increase 
productions as a way of increasing profits.  This is very similar to, but 
subtly different than, part a. Whereas in part a, the producers will offer 
more services in terms of product offering, part c indicates that producers 
will try to work more hours to optimize income.

2) The Law of Demand.  This law states:
 a) that people will buy more of a product at a lower price than at 
a higher price, if nothing changes.  This means that companies will request 
more services, up to the point where the company no longer can make use of 
the services, at a lower price than at a higher price.
 b) that at a lower price, more people can afford to buy more goods 
and more of an item more frequently, than they can at a higher 
price.  Again, this means that at a lower salary, companies can afford to 
buy more IT services more frequently than they can when salaries are high.
 c) that at lower prices, people tend to buy some goods as a 
substitute for others more expensive.  This means that when the services of 
a CCNP are cheaper than those of a CCIE, and the services of the CCNP are 
sufficient, then companies will tend to only purchase (hire) the services 
of a CCNP.

The equilibrium point, where supply equals demand is known as the Market 
Price.  The market price will remain unchanged as long as supply and demand 
remains unchanged. If there is an increase in demand or a decrease in 
supply, the market price will increase. If the opposite occurs, that is, if 
demand decreases and supply increases, the market price will decrease.

Now, when you apply these rules to the current CCIE certification / 
economic situation, several things become clear:
1)  CCIE salaries have always been fairly high.  This is due to the 
higher demand for CCIE services and the relatively low supply of CCIEs 
available.
2)  There are many people who wish to cash in on the high salaries 
typically paid to CCIEs.  However, there are barriers to entry (another 
economics term) for suppliers.  Namely, the cost of the certification and 
the intelligence / experience required to pass the difficult 
examination.  These barriers will prevent everyone who wishes to become a 
CCIE from actually attaining the certification.
3)  One of the barriers for entry (CCIE test requirements) has recently 
been lowered.  Namely, the move from a two day test to a one day 
test.  Since twice the number of people can now take the exam as could 
previously take the exam in a given time period, the number of those 
passing in a given time period is going to increase.
4)  Without an additional barrier to entry being erected, such as 
increased difficulty, one could reasonably expect that since twice the 
number of people are taking the exam per year, that twice the number of 
people will pass the exam per year.  Around July 1999, the numbers were in 
the low 4300s.  A year later, the number was less than 6100.  By July 2001, 
the number was in the low 7700s.  In other words, roughly 1600-1800 people 
were p

Re: RE: number of CCIE [7:70151]

[[EMAIL PROTECTED]]

I don't disagree with a single word  :)


   
   
  "John
Neiberger"
  
cc:
  Sent by:        Subject:  Re: RE: number
of CCIE [7:70151]
 
[EMAIL PROTECTED]
 
m
   
   
   
   
  06/09/2003 04:03
PM
  Please respond
to
  "John
Neiberger"
   
   
   
   




>>>> [EMAIL PROTECTED] 6/9/03
11:53:24 AM >>>
>Agreed on all points.
>
>Out of curiosity, did anyone ever admit to wanting to trade a higher
number
>ie with a lower number? I don't think I ever saw anyone come right out and
>say yes or no.
>
>I'm pretty much in lurk mode on this list, and so my opinions and such can
>be taken for what they are worth, and I think that while this list is a
>discussion area for certification prep I see a lot of material that looks
>suspiciously like "I ran across this at work, help me". Not that that's
>necessarily a bad thing, just pointing out that once the "what is the
>passing score for xyz", "what books are best" and "what do I need to
>study", not to mention the odd "I have all the answers, e-mail me" posts
>get set aside, there are considerably more items that qualify as "off"
>topic than on.

A couple of years ago we all decided (well, Paul decided) that the
professional list would no longer be a certification-only list, while the
associates list is supposed to remain certification-related.  It is
perfectly acceptable to discuss just about any networking topic on the
professional list.

>
>nrf provides numerous opportunities for interesting discussions that go
>beyond the how many bits in a byte conversations. He seems to agitate some
>people (some more than others) which in my book usually means he's hit on
>something. I realize that by daring to criticize the ccie program in any
>way offends some who have staked a good portion of blood, sweat and tears
>on obtaining, or working on obtaining, their certification, but that
>doesn't make some of his points any less valid.

nrf is a source of agitation for some for a couple of different reasons.
First, he chooses to remain fairly anonymous and pretty vague about his own
certification history.  I wish I had a dollar for every time someone tried
to get him to admit whether he was a CCIE or not.  He makes an excellent
point regarding this.  If we dispute what he is saying, we should argue the
point, not the person.

Second, he is brutally honest and oftentimes people take this the wrong
way.
 I don't want to speak for him but he seems to call things like he sees
them
and he is obviously experienced enough in the industry to give his opinion
quite a bit of weight.  I've never seen him be anything but fair and
honest,
but this may seem brash to some.

Regards,
John

>
>Anyway, that's my $.02, as always if you're not interested in what I have
>to say, ignore me or delete this message, please don't send me a 10 page
>response telling me how I'm responsible for keeping the thread alive :)
>
>
>
>
>


>  "Peter van
>Oene"
>
>cc:
>  Sent by: Subject:  Re: RE: number of
>CCIE [7:70151]
>
>[EMAIL PROTECTED]
>
>.com
>


>


>  06/09/2003
>09:22
>
>AM
>  Please respond
>to
>  "Peter van
>Oene"
>


>
>
>
>
>At 09:34 PM 6/8/2003 +, garrett allen wrote:
>>the intent of this list is to discuss preparation cisco exams, not
>>opportunities in the various job markets.  if your comments don't
>>relate to the study blueprint in some meaninful way, please keep them
>>to yourself.
>
>nice thread :-)  for those whining about it, you can skip the messages you
>know.
>
>ccie is a good challenge.  got after it if you want.  maybe it will help
>you get a job, maybe it won't.  jncie is pretty neat too :)
>
>my ie will expire in a cou

Re: RE: number of CCIE [7:70151]

[John Neiberger]

>>>> [EMAIL PROTECTED] 6/9/03
11:53:24 AM >>>
>Agreed on all points.
>
>Out of curiosity, did anyone ever admit to wanting to trade a higher
number
>ie with a lower number? I don't think I ever saw anyone come right out and
>say yes or no.
>
>I'm pretty much in lurk mode on this list, and so my opinions and such can
>be taken for what they are worth, and I think that while this list is a
>discussion area for certification prep I see a lot of material that looks
>suspiciously like "I ran across this at work, help me". Not that that's
>necessarily a bad thing, just pointing out that once the "what is the
>passing score for xyz", "what books are best" and "what do I need to
>study", not to mention the odd "I have all the answers, e-mail me" posts
>get set aside, there are considerably more items that qualify as "off"
>topic than on.

A couple of years ago we all decided (well, Paul decided) that the
professional list would no longer be a certification-only list, while the
associates list is supposed to remain certification-related.  It is
perfectly acceptable to discuss just about any networking topic on the
professional list.

>
>nrf provides numerous opportunities for interesting discussions that go
>beyond the how many bits in a byte conversations. He seems to agitate some
>people (some more than others) which in my book usually means he's hit on
>something. I realize that by daring to criticize the ccie program in any
>way offends some who have staked a good portion of blood, sweat and tears
>on obtaining, or working on obtaining, their certification, but that
>doesn't make some of his points any less valid.

nrf is a source of agitation for some for a couple of different reasons. 
First, he chooses to remain fairly anonymous and pretty vague about his own
certification history.  I wish I had a dollar for every time someone tried
to get him to admit whether he was a CCIE or not.  He makes an excellent
point regarding this.  If we dispute what he is saying, we should argue the
point, not the person.

Second, he is brutally honest and oftentimes people take this the wrong way.
 I don't want to speak for him but he seems to call things like he sees them
and he is obviously experienced enough in the industry to give his opinion
quite a bit of weight.  I've never seen him be anything but fair and honest,
but this may seem brash to some.

Regards,
John

>
>Anyway, that's my $.02, as always if you're not interested in what I have
>to say, ignore me or delete this message, please don't send me a 10 page
>response telling me how I'm responsible for keeping the thread alive :)
>
>
>
>
>           
   
>  "Peter van
>Oene"
> 
>cc:
>  Sent by: Subject:  Re: RE: number of
>CCIE [7:70151]
> 
>[EMAIL PROTECTED]
> 
>.com
>   
   
>   
   
>  06/09/2003
>09:22
> 
>AM
>  Please respond
>to
>  "Peter van
>Oene"
>   
   
>
>
>
>
>At 09:34 PM 6/8/2003 +, garrett allen wrote:
>>the intent of this list is to discuss preparation cisco exams, not
>>opportunities in the various job markets.  if your comments don't
>>relate to the study blueprint in some meaninful way, please keep them
>>to yourself.
>
>nice thread :-)  for those whining about it, you can skip the messages you
>know.
>
>ccie is a good challenge.  got after it if you want.  maybe it will help
>you get a job, maybe it won't.  jncie is pretty neat too :)
>
>my ie will expire in a couple months and I could really care less.
>
>but please, feel free to continue debate subjective topics as you see fit.
>
>for what its worth, in my opinion, nrf has well earned the right to debate
>whatever he wants on this list.
>
>pete




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70420&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Jack Nalbandian]

NRF,

I am not here to convince you ether way.  My aim was to demonstrate that
myths that stem from biases based on purely subjective "data" are only
damaging.  Part and parcel of the discreditation exercise is the lesson that
myths are easily concocted.

I will no longer respond to this thread, as there have been requests for
this to stop.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n
rf
Sent: Monday, June 09, 2003 2:03 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


Jack Nalbandian wrote:
>
> My friend NRF (what is your name anyhow?),
>
> Others have expressed concern, true, and most of them are
> legitimate.  You
> mentioned that the MCSE was thought of as a means to get "easy
> money" from a
> relatively naive market faced with the new "IT" dimension.
>
> Expressing legitimate concern by citing facts has its value,
> but I see that
> you are indeed "peddling myths," but, so far (forgive me for
> generalizing
> due to limited exposure to your thoughts) you have been very
> one-sided ad
> biased in your "concerns."  The "CCIE number" thread is based
> on some
> objective opinion of ONE person, you.  You have also not
> provided data to
> back your "opinion," and doubt very much that you can provide
> definitive
> data on the matter.

It is not one-sided at all.  Again, answer the question - all other things
being equal, would you prefer a lower or a higher number for yourself or
not?  Of course you prefer a lower number.  I know I do.  Pretty much
everybody does.  So actually, I would say that the majority is on my side.
The only difference is that some people like me are willing to admit it, and
others aren't. But in our hearts, we all know what the truth is.  Again, if
you don't believe me, go look in the mirror and ask yourself honestly would
you take a lower number if Cisco offered it to you?  Be honest with
yourself.  I think you know exactly what I'm talking about and that's about
as definitive as you're ever going to get.

>
> Who are those "some people," those who (allegedly) "required
> lower number
> CCIE's" and what percentage of the global population of "HR
> managers" do
> they constitute?  Do they, furthermore, qualify to judge either
> way?  How
> "expertly" knowledgable are they of the CCIE certification
> process?  How
> familiar are you?

Once again with the ad-hominem attacks.  Why do people insist on attacking
my character and my motives rather than my actual points?

First of all, I obviously don't think it's stupid that people who do hiring
prefer the lower number.  I think it's actually  entirely logical.

But fine, let's have it your way.  Even if it was illogical, what does that
prove?  You ask how what makes these HR people qualified to judge?  Simple.
The mere fact that HR managers have jobs to give makes that person qualified
to judge.  Why?  Simple - the golden rule.  He who has the gold makes the
rules.  If you want a job, and they have the jobs to give, then they are the
ones with the power.  They are the ones who tell you what they are looking
for, and if you refuse to play by their rules, then they won't give you the
job,  simple as that.   Unfair?  Maybe.  But get over it.  That's life.  If
you have your own company, then you can decide what criteria you will use to
hire.  But if you don't, then you have to dance to the tune of the piper.

Let me put it to you another way.  Surely we all know that many companies
prefer that certain positions be filled by college graduates, despite the
fact that those positions don't really require anything that you would learn
in college.  So you might then say that it's stupid that they do things this
way.  Yeah, but at the end of the day, so what?  Since they are the ones who
have the jobs, they get to decide what they want.  Ranting and raving about
how you think the requirement is stupid isn't going to change their minds.
Do you seriously believe that you'll be able to go to these companies and
use your power of persuasion to convince them that their own requirement is
stupid?   Of course not.  You either have want they want, or you'll be
passed by.  The key, therefore, is if you want that job, you should get that
thing that they want, even if you don't agree that it's necessary.  Telling
companies that you don't agree with their hiring practices doesn't help you
in paying the rent.  Sometimes you gotta put up with things you don't agree
with in order to get something you want (like a job).  That's life.

You gotta be pragmatic here.  I hate stopping at red lights at 3 AM when
there's nobody around to crash into.  But hey, if I

Re: RE: number of CCIE [7:70151]

[[EMAIL PROTECTED]]

Agreed on all points.

Out of curiosity, did anyone ever admit to wanting to trade a higher number
ie with a lower number? I don't think I ever saw anyone come right out and
say yes or no.

I'm pretty much in lurk mode on this list, and so my opinions and such can
be taken for what they are worth, and I think that while this list is a
discussion area for certification prep I see a lot of material that looks
suspiciously like "I ran across this at work, help me". Not that that's
necessarily a bad thing, just pointing out that once the "what is the
passing score for xyz", "what books are best" and "what do I need to
study", not to mention the odd "I have all the answers, e-mail me" posts
get set aside, there are considerably more items that qualify as "off"
topic than on.

nrf provides numerous opportunities for interesting discussions that go
beyond the how many bits in a byte conversations. He seems to agitate some
people (some more than others) which in my book usually means he's hit on
something. I realize that by daring to criticize the ccie program in any
way offends some who have staked a good portion of blood, sweat and tears
on obtaining, or working on obtaining, their certification, but that
doesn't make some of his points any less valid.

Anyway, that's my $.02, as always if you're not interested in what I have
to say, ignore me or delete this message, please don't send me a 10 page
response telling me how I'm responsible for keeping the thread alive :)




   

  "Peter van
Oene"
 
cc:
  Sent by: Subject:  Re: RE: number of
CCIE [7:70151]
 
[EMAIL PROTECTED]
 
.com
   

   

  06/09/2003
09:22
 
AM
  Please respond
to
  "Peter van
Oene"
   





At 09:34 PM 6/8/2003 +, garrett allen wrote:
>the intent of this list is to discuss preparation cisco exams, not
>opportunities in the various job markets.  if your comments don't
>relate to the study blueprint in some meaninful way, please keep them
>to yourself.

nice thread :-)  for those whining about it, you can skip the messages you
know.

ccie is a good challenge.  got after it if you want.  maybe it will help
you get a job, maybe it won't.  jncie is pretty neat too :)

my ie will expire in a couple months and I could really care less.

but please, feel free to continue debate subjective topics as you see fit.

for what its worth, in my opinion, nrf has well earned the right to debate
whatever he wants on this list.

pete

>thanks.
>
>- Original Message -
>From: n rf
>Date: Sunday, June 8, 2003 4:14 pm
>Subject: Re: RE: number of CCIE [7:70151]
>
> > garrett allen wrote:
> > >
> > > yawn.
> >
> > Bored?
> >
> > I don't want to be overly confrontational, but if you really
> > thought this
> > thread was so boring that you're yawning, then why did you bother
> > to make a
> > rebuttal to me in the first place?  The fact that you did
> > obviously means
> > that you don't think it's THAT boring.
> > Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70411&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: number of CCIE [7:70151]

[Peter van Oene]

At 09:34 PM 6/8/2003 +, garrett allen wrote:
>the intent of this list is to discuss preparation cisco exams, not
>opportunities in the various job markets.  if your comments don't
>relate to the study blueprint in some meaninful way, please keep them
>to yourself.

nice thread :-)  for those whining about it, you can skip the messages you 
know.

ccie is a good challenge.  got after it if you want.  maybe it will help 
you get a job, maybe it won't.  jncie is pretty neat too :)

my ie will expire in a couple months and I could really care less.

but please, feel free to continue debate subjective topics as you see fit.

for what its worth, in my opinion, nrf has well earned the right to debate 
whatever he wants on this list.

pete

>thanks.
>
>- Original Message -
>From: n rf
>Date: Sunday, June 8, 2003 4:14 pm
>Subject: Re: RE: number of CCIE [7:70151]
>
> > garrett allen wrote:
> > >
> > > yawn.
> >
> > Bored?
> >
> > I don't want to be overly confrontational, but if you really
> > thought this
> > thread was so boring that you're yawning, then why did you bother
> > to make a
> > rebuttal to me in the first place?  The fact that you did
> > obviously means
> > that you don't think it's THAT boring.
> > Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70401&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: RE: RE: number of CCIE??? [7:70328]

[Devrim Yener KUCUK]

Everybody has his or her own idea.
I will appreaiciate if you can stop this from now on.
I think this discussion is becoming too long and it seems it will never
end..
If you would like to keep on discussing please unicast to those people that
u like.

Regards

Devvv
- Original Message -
From: "n rf" 
To: 
Sent: Monday, June 09, 2003 11:03 AM
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


> Jack Nalbandian wrote:
> >
> > My friend NRF (what is your name anyhow?),
> >
> > Others have expressed concern, true, and most of them are
> > legitimate.  You
> > mentioned that the MCSE was thought of as a means to get "easy
> > money" from a
> > relatively naive market faced with the new "IT" dimension.
> >
> > Expressing legitimate concern by citing facts has its value,
> > but I see that
> > you are indeed "peddling myths," but, so far (forgive me for
> > generalizing
> > due to limited exposure to your thoughts) you have been very
> > one-sided ad
> > biased in your "concerns."  The "CCIE number" thread is based
> > on some
> > objective opinion of ONE person, you.  You have also not
> > provided data to
> > back your "opinion," and doubt very much that you can provide
> > definitive
> > data on the matter.
>
> It is not one-sided at all.  Again, answer the question - all other things
> being equal, would you prefer a lower or a higher number for yourself or
> not?  Of course you prefer a lower number.  I know I do.  Pretty much
> everybody does.  So actually, I would say that the majority is on my side.
> The only difference is that some people like me are willing to admit it,
and
> others aren't. But in our hearts, we all know what the truth is.  Again,
if
> you don't believe me, go look in the mirror and ask yourself honestly
would
> you take a lower number if Cisco offered it to you?  Be honest with
> yourself.  I think you know exactly what I'm talking about and that's
about
> as definitive as you're ever going to get.
>
> >
> > Who are those "some people," those who (allegedly) "required
> > lower number
> > CCIE's" and what percentage of the global population of "HR
> > managers" do
> > they constitute?  Do they, furthermore, qualify to judge either
> > way?  How
> > "expertly" knowledgable are they of the CCIE certification
> > process?  How
> > familiar are you?
>
> Once again with the ad-hominem attacks.  Why do people insist on attacking
> my character and my motives rather than my actual points?
>
> First of all, I obviously don't think it's stupid that people who do
hiring
> prefer the lower number.  I think it's actually  entirely logical.
>
> But fine, let's have it your way.  Even if it was illogical, what does
that
> prove?  You ask how what makes these HR people qualified to judge?
Simple.
> The mere fact that HR managers have jobs to give makes that person
qualified
> to judge.  Why?  Simple - the golden rule.  He who has the gold makes the
> rules.  If you want a job, and they have the jobs to give, then they are
the
> ones with the power.  They are the ones who tell you what they are looking
> for, and if you refuse to play by their rules, then they won't give you
the
> job,  simple as that.   Unfair?  Maybe.  But get over it.  That's life.
If
> you have your own company, then you can decide what criteria you will use
to
> hire.  But if you don't, then you have to dance to the tune of the piper.
>
> Let me put it to you another way.  Surely we all know that many companies
> prefer that certain positions be filled by college graduates, despite the
> fact that those positions don't really require anything that you would
learn
> in college.  So you might then say that it's stupid that they do things
this
> way.  Yeah, but at the end of the day, so what?  Since they are the ones
who
> have the jobs, they get to decide what they want.  Ranting and raving
about
> how you think the requirement is stupid isn't going to change their minds.
> Do you seriously believe that you'll be able to go to these companies and
> use your power of persuasion to convince them that their own requirement
is
> stupid?   Of course not.  You either have want they want, or you'll be
> passed by.  The key, therefore, is if you want that job, you should get
that
> thing that they want, even if you don't agree that it's necessary.
Telling
> companies that you don't agree with their hiring practices doesn't help
you
> in paying the rent.  Sometimes you gotta put up with thi

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

Jack Nalbandian wrote:
> 
> My friend NRF (what is your name anyhow?),
> 
> Others have expressed concern, true, and most of them are
> legitimate.  You
> mentioned that the MCSE was thought of as a means to get "easy
> money" from a
> relatively naive market faced with the new "IT" dimension.
> 
> Expressing legitimate concern by citing facts has its value,
> but I see that
> you are indeed "peddling myths," but, so far (forgive me for
> generalizing
> due to limited exposure to your thoughts) you have been very
> one-sided ad
> biased in your "concerns."  The "CCIE number" thread is based
> on some
> objective opinion of ONE person, you.  You have also not
> provided data to
> back your "opinion," and doubt very much that you can provide
> definitive
> data on the matter.

It is not one-sided at all.  Again, answer the question - all other things
being equal, would you prefer a lower or a higher number for yourself or
not?  Of course you prefer a lower number.  I know I do.  Pretty much
everybody does.  So actually, I would say that the majority is on my side. 
The only difference is that some people like me are willing to admit it, and
others aren't. But in our hearts, we all know what the truth is.  Again, if
you don't believe me, go look in the mirror and ask yourself honestly would
you take a lower number if Cisco offered it to you?  Be honest with
yourself.  I think you know exactly what I'm talking about and that's about
as definitive as you're ever going to get.

> 
> Who are those "some people," those who (allegedly) "required
> lower number
> CCIE's" and what percentage of the global population of "HR
> managers" do
> they constitute?  Do they, furthermore, qualify to judge either
> way?  How
> "expertly" knowledgable are they of the CCIE certification
> process?  How
> familiar are you?

Once again with the ad-hominem attacks.  Why do people insist on attacking
my character and my motives rather than my actual points?

First of all, I obviously don't think it's stupid that people who do hiring
prefer the lower number.  I think it's actually  entirely logical.

But fine, let's have it your way.  Even if it was illogical, what does that
prove?  You ask how what makes these HR people qualified to judge?  Simple. 
The mere fact that HR managers have jobs to give makes that person qualified
to judge.  Why?  Simple - the golden rule.  He who has the gold makes the
rules.  If you want a job, and they have the jobs to give, then they are the
ones with the power.  They are the ones who tell you what they are looking
for, and if you refuse to play by their rules, then they won't give you the
job,  simple as that.   Unfair?  Maybe.  But get over it.  That's life.  If
you have your own company, then you can decide what criteria you will use to
hire.  But if you don't, then you have to dance to the tune of the piper.

Let me put it to you another way.  Surely we all know that many companies
prefer that certain positions be filled by college graduates, despite the
fact that those positions don't really require anything that you would learn
in college.  So you might then say that it's stupid that they do things this
way.  Yeah, but at the end of the day, so what?  Since they are the ones who
have the jobs, they get to decide what they want.  Ranting and raving about
how you think the requirement is stupid isn't going to change their minds. 
Do you seriously believe that you'll be able to go to these companies and
use your power of persuasion to convince them that their own requirement is
stupid?   Of course not.  You either have want they want, or you'll be
passed by.  The key, therefore, is if you want that job, you should get that
thing that they want, even if you don't agree that it's necessary.  Telling
companies that you don't agree with their hiring practices doesn't help you
in paying the rent.  Sometimes you gotta put up with things you don't agree
with in order to get something you want (like a job).  That's life.

You gotta be pragmatic here.  I hate stopping at red lights at 3 AM when
there's nobody around to crash into.  But hey, if I run one and get pulled
over, am I really going to win an argument with the cop over how I shouldn't
need to obey the light because there's nobody around?  Of course not.  He's
gonna hand me a ticket and I'm going to be out $300, end of story.  I stop
at red lights at 3AM simply because I don't want to get a ticket.  I think
it's stupid that I would get one because there's nobody around to crash
into, but that's neither here nor there.  In the final analysis, I don't
want a ticket, so I don't run those lights.  In the final analysis, people
go to college because they want to get those jobs for which a company says
that a degree is necessary.  In the final analysis, people desire a lower
number because some HR guys/recruiters say that they prefer them.  Whether
you personally agree that things should be this way is not the issue.  If
you want the thing that people are 

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Jack Nalbandian]

My friend NRF (what is your name anyhow?),

Others have expressed concern, true, and most of them are legitimate.  You
mentioned that the MCSE was thought of as a means to get "easy money" from a
relatively naive market faced with the new "IT" dimension.

Expressing legitimate concern by citing facts has its value, but I see that
you are indeed "peddling myths," but, so far (forgive me for generalizing
due to limited exposure to your thoughts) you have been very one-sided ad
biased in your "concerns."  The "CCIE number" thread is based on some
objective opinion of ONE person, you.  You have also not provided data to
back your "opinion," and doubt very much that you can provide definitive
data on the matter.

Who are those "some people," those who (allegedly) "required lower number
CCIE's" and what percentage of the global population of "HR managers" do
they constitute?  Do they, furthermore, qualify to judge either way?  How
"expertly" knowledgable are they of the CCIE certification process?  How
familiar are you?


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n
rf
Sent: Sunday, June 08, 2003 11:26 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: RE: RE: number of CCIE??? [7:70328]


Jack Nalbandian wrote:
>
> This constant blare of prejudicial bias in favor of "college
> ed" and to the
> definite disfavor of "certification" seems to come most
> intensely from your
> address.  The undertext is always the same: "Go to college."

Woah, now there's something that completely came out of left field.  When in
any of my posts on this particular thread did I ever tell anybody to favor
college over certification?  I agre that in the past I have often advocated
the benefits of college over certification, but not in this particular
topic.

And believe me, I think everybody on this board knows that I don't hold
back, so if I wanted to talk about college, believe me, I would have talked
about it, and done so explicitly.  I've been described by many adjectives,
some positive and some negative, but I don't think I've ever been described
as 'subtle'.  I don't believe in undertexts, I don't believe in subterfuge,
and I don't believe in stealth.  If something is on my mind, believe me, I'm
going to say it.


>
> Is there a career-oriented quasi-political interest element at
> play here
> somewhere?  Do you have a vested interest in recruiting people
> into college
> programs?

Since you opened the door, I could very easily turn around and ask you
whether you have a vested interest in cert programs?

>
> I am just asking speculative and rhetorical questions with the
> hope of
> shedding some light on this mysterious phenomenon of one-sided
> expression of
> "concern for the (alleged) degradation of" in this case
> certification
> programs.
>
> The CCIE itself, once dubbed the "doctorate of networking" is
> now under
> attack, and there have been numerous posts, only by NRF,
> dedicated to this
> topic.  It is as though there is a one man crusade in progress
> here.

Only by me?  Really?  So nobody else has ever expressed any concerns about
certs?  Is that right?  If I look back, I see that this whole thread was
started by somebody else.  I also see some rather back-handed statements
about certs by people like Chuck (the road goes ever on).  Howard Berkowitz
is clearly no fan of certs either.


>
> 1. If CCIE or any other sort of education is suffering from
> "degradation and
> devaluation" due to the "oversaturation of test-related
> information" on the
> Internet, then the same argument can be made to the detriment
> of the
> University.  Why else would you have entire "net
> anti-plagiarist policing"
> firms offering their services to universities to guard against
> "copy and
> paste" term papers?

Oh you're right.  But colleges have one very powerful thing going for them -
the use of relative scoring, which serves as the ultimate leveling tool.
Basically, there is no 'set' score that you need to get admitted to a
college - you win admission by basically beating out the other
candidates.So if all candidates happen to all improve due to
PrincetonReview SAT prep courses or whatever, it doesn't really threaten the
integrity of the program because colleges are still going to take the top
candidates, whatever the term "top" happens to mean at that time.  The use
of relative scoring provides inherent stability to the integrity of the
program.  I believe that the CCIE should use something similar.  But I
digress...

>
> 2. Any such argument that attempts to "emphasize the value of
&g

Re: RE: number of CCIE [7:70151]

[n rf]

garrett allen wrote:
> 
> the intent of this list is to discuss preparation cisco exams,
> not
> opportunities in the various job markets.  if your comments
> don't
> relate to the study blueprint in some meaninful way, please
> keep them
> to yourself.

First of all, keep in mind that I didn't start this thread, Lamy Alexandre
did.  But I don't see you getting on his case, why not?  You don't like the
thread, take it up with the person who actually started it.

Second of all, I've never seen you say anything about all the other threads
that also have nothing to do with preparation with cisco exams.  For
example, right now I see some guy talking about 'religious wars', and I see
another guy asking whether people are getting "naughty" emails from the
group.  It's not obvious to me that these posts have anything to do with
Cisco certification, yet I don't see you telling those guys to keep their
posts to themselves, why not?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70366&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: number of CCIE [7:70151]

[garrett allen]

the intent of this list is to discuss preparation cisco exams, not 
opportunities in the various job markets.  if your comments don't 
relate to the study blueprint in some meaninful way, please keep them 
to yourself.

thanks.

- Original Message -
From: n rf 
Date: Sunday, June 8, 2003 4:14 pm
Subject: Re: RE: number of CCIE [7:70151]

> garrett allen wrote:
> > 
> > yawn.
> 
> Bored?
> 
> I don't want to be overly confrontational, but if you really 
> thought this
> thread was so boring that you're yawning, then why did you bother 
> to make a
> rebuttal to me in the first place?  The fact that you did 
> obviously means
> that you don't think it's THAT boring.
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70360&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: number of CCIE [7:70151]

[n rf]

garrett allen wrote:
> 
> yawn.

Bored?

I don't want to be overly confrontational, but if you really thought this
thread was so boring that you're yawning, then why did you bother to make a
rebuttal to me in the first place?  The fact that you did obviously means
that you don't think it's THAT boring.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70356&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[n rf]

Jack Nalbandian wrote:
> 
> This constant blare of prejudicial bias in favor of "college
> ed" and to the
> definite disfavor of "certification" seems to come most
> intensely from your
> address.  The undertext is always the same: "Go to college."

Woah, now there's something that completely came out of left field.  When in
any of my posts on this particular thread did I ever tell anybody to favor
college over certification?  I agre that in the past I have often advocated
the benefits of college over certification, but not in this particular topic.

And believe me, I think everybody on this board knows that I don't hold
back, so if I wanted to talk about college, believe me, I would have talked
about it, and done so explicitly.  I've been described by many adjectives,
some positive and some negative, but I don't think I've ever been described
as 'subtle'.  I don't believe in undertexts, I don't believe in subterfuge,
and I don't believe in stealth.  If something is on my mind, believe me, I'm
going to say it.


> 
> Is there a career-oriented quasi-political interest element at
> play here
> somewhere?  Do you have a vested interest in recruiting people
> into college
> programs?

Since you opened the door, I could very easily turn around and ask you
whether you have a vested interest in cert programs?

> 
> I am just asking speculative and rhetorical questions with the
> hope of
> shedding some light on this mysterious phenomenon of one-sided
> expression of
> "concern for the (alleged) degradation of" in this case
> certification
> programs.
> 
> The CCIE itself, once dubbed the "doctorate of networking" is
> now under
> attack, and there have been numerous posts, only by NRF,
> dedicated to this
> topic.  It is as though there is a one man crusade in progress
> here.

Only by me?  Really?  So nobody else has ever expressed any concerns about
certs?  Is that right?  If I look back, I see that this whole thread was
started by somebody else.  I also see some rather back-handed statements
about certs by people like Chuck (the road goes ever on).  Howard Berkowitz
is clearly no fan of certs either.


> 
> 1. If CCIE or any other sort of education is suffering from
> "degradation and
> devaluation" due to the "oversaturation of test-related
> information" on the
> Internet, then the same argument can be made to the detriment
> of the
> University.  Why else would you have entire "net
> anti-plagiarist policing"
> firms offering their services to universities to guard against
> "copy and
> paste" term papers?

Oh you're right.  But colleges have one very powerful thing going for them -
the use of relative scoring, which serves as the ultimate leveling tool. 
Basically, there is no 'set' score that you need to get admitted to a
college - you win admission by basically beating out the other
candidates.So if all candidates happen to all improve due to
PrincetonReview SAT prep courses or whatever, it doesn't really threaten the
integrity of the program because colleges are still going to take the top
candidates, whatever the term "top" happens to mean at that time.  The use
of relative scoring provides inherent stability to the integrity of the
program.  I believe that the CCIE should use something similar.  But I
digress...

> 
> 2. Any such argument that attempts to "emphasize the value of
> college
> education" at the expense of the certification tracks offered
> by MS, Cisco,
> or anyone else is doomed to be subjected to equally potent
> counter-arguments.  The sad fact is that the Internet itself,
> ironically,
> has opened the door to billions of pages of information (thus,
> the "info
> highway"), a good portion of which will have its various
> corrupting effects.
> Any insistence on the superiority of one program over the other
> due to some
> "integrity" benchmark will only yield endless cycles of
> worhtless arguments.

And again, relative scoring could fix all of that.  

Think about this.  The 'E' in CCIE stands for expert.  But what does it
really mean to be an expert? Think about how you use the term 'expert' in
your daily life.   It means to be above average in that particular field, as
defined by whatever 'average' is at that particular time.  Therefore the
term 'expert' is inherently relative to the standards of the time.

Therefore, if all of a sudden, people got substantially more educated about
IP networking, then that doesn't mean that everybody suddenly becomes an
expert.  To be an expert in this world would mean that you would REALLY have
to know a lot about IP networking.

Therefore it doesn't really matter if everybody has more access to
information.  At the end of the day, some people will always know more than
others, and it is those people who are properly defined as experts under the
relative definition of the term.

> 
> I for one am still going through the pains of recertification,
> and I will do
> so joyfully (nope, without cheat sheets or "practice tests"). 
> But, the good
>

Re: RE: 40% Ping Success [7:70327]

[garrett allen]

what kind of circuit is it and is the success rate the same regardless 
of the destination address pinged?




- Original Message -
From: Nathan 
Date: Sunday, June 8, 2003 7:09 am
Subject: RE: 40% Ping Success [7:70327]

> Well, the only route my router sees is the directly connected 
router's
> IP.  This is due to the fact that we haven't gotten BGP up yet.  
Also,
> from what I know, the serial link is the only link sending out 
> packets.
> -Original Message-
> From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of
> Devrim Yener KUCUK
> Sent: Sunday, June 08, 2003 2:15 AM
> To: [EMAIL PROTECTED]
> Subject: Re: 40% Ping Success [7:70327]
> 
> 
> please verify where the packets are lost...(which layer...?)
> 
> Like any routing issue..2 packets may be sent from one link and 3 
> may be
> from other.. or physical layer issue (like packet loss... ) cle 
> countersand check sh int ser ..., sh controller.. which outputs 
> are increasing
> 
> regards
> 
> de
> 
> 
> - Original Message -
> From: "Nathan" 
> To: 
> Sent: Sunday, June 08, 2003 10:01 AM
> Subject: 40% Ping Success [7:70327]
> 
> 
> > Ok guys here's an interesting issue.  Once we got the internet 
> circuit
> > up, the ping was only 40% successful.  Why would that be?
> >
> > Here's the setup:
> >
> > 3700 -> CSU/DSU -> DMARK -> SBC -> Service Provider.
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70344&t=70327
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: RE: RE: number of CCIE??? [7:70328]

[Jack Nalbandian]

This constant blare of prejudicial bias in favor of "college ed" and to the
definite disfavor of "certification" seems to come most intensely from your
address.  The undertext is always the same: "Go to college."

Is there a career-oriented quasi-political interest element at play here
somewhere?  Do you have a vested interest in recruiting people into college
programs?

I am just asking speculative and rhetorical questions with the hope of
shedding some light on this mysterious phenomenon of one-sided expression of
"concern for the (alleged) degradation of" in this case certification
programs.

The CCIE itself, once dubbed the "doctorate of networking" is now under
attack, and there have been numerous posts, only by NRF, dedicated to this
topic.  It is as though there is a one man crusade in progress here.

1. If CCIE or any other sort of education is suffering from "degradation and
devaluation" due to the "oversaturation of test-related information" on the
Internet, then the same argument can be made to the detriment of the
University.  Why else would you have entire "net anti-plagiarist policing"
firms offering their services to universities to guard against "copy and
paste" term papers?

2. Any such argument that attempts to "emphasize the value of college
education" at the expense of the certification tracks offered by MS, Cisco,
or anyone else is doomed to be subjected to equally potent
counter-arguments.  The sad fact is that the Internet itself, ironically,
has opened the door to billions of pages of information (thus, the "info
highway"), a good portion of which will have its various corrupting effects.
Any insistence on the superiority of one program over the other due to some
"integrity" benchmark will only yield endless cycles of worhtless arguments.

I for one am still going through the pains of recertification, and I will do
so joyfully (nope, without cheat sheets or "practice tests").  But, the good
news is that I am also enrolling for CS degree (actually IT managment) next
fall!---:)

p.s. The CCIEs that I have had the privilege of working with in the field
have proven themselves to be experts time and time again.   They are still
very valuable in the marketplace.  Myths are the only thing that can taint
that.  As far as I have seen, judging by the failure rate among quite
competent colleagues of mine, the lab is still the lab.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n
rf
Sent: Saturday, June 07, 2003 9:10 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: number of CCIE [7:70151]


garrett allen wrote:
>
> you make an a priori argument that lower is better.  is a lower
> number
> cpa better than a higher numbered one?

You got me wrong.  I didn't say that lower is better at all times.  Read my
entire post again.

I said that more rigorous equates to prestige.  This is why I included my
example of what would happen if Cisco decided to change the CCIE exam to
become extremely rigorous - then eventually people would prize "high-number"
CCIE's who passed the more rigorous version.  The fact is, prestige follows
rigor.  If something is more rigorous, then it becomes rigorous and vice
versa.  This is why graduating from MIT is more prestigious than graduating
from Podunk Community College.  But the fact is, the CCIE on the whole has
probably gotten more rigorous (i.e. chopping the test from 2 days to 1,
eliminating the dedicated troubleshooting section, more
bootcamps/braindumps, more cheating, etc. etc.) which is why it has become
less prestigious.


>actually, probably the
> inverse
> is true as the more recent the certification the more recent
> the
> material covered.  this is balanced against with age comes
> opportunities and experiences.

Unfortunately, the free market disagrees with you.  The fact is, a growing
number of recruiters, headhunters, and HR people are starting to give
preference to lower-number CCIE's.  Go check out the groupstudy.jobs forum.
Yet I have never heard of any recruiter giving preference to higher-number
CCIE.  It's always one-way, and that's my point.


>
> threads like this are like discussing the maximum number of
> angels
> dancing on the head of a pin.  i vote we kill the thread before
> it
> spawn.
>
> later.
>
>
>
>
>
> - Original Message -
> From: n rf
> Date: Thursday, June 5, 2003 5:16 pm
> Subject: RE: number of CCIE [7:70151]
>
> > Well, there are still less than 10,000 CCIE's.  So the
> population
> > hasn'taccelerated THAT dramatically.
> >
> > Having said that, I will say that the CCIE has most likely
> gotten
> less
> > rigorous and therefore less valuable over time.  I know this
> is
> > going to
&

Re: RE: number of CCIE [7:70151]

[garrett allen]

yawn.




- Original Message -
From: n rf 
Date: Saturday, June 7, 2003 12:09 pm
Subject: Re: RE: number of CCIE [7:70151]

> garrett allen wrote:
> > 
> > you make an a priori argument that lower is better.  is a lower
> > number
> > cpa better than a higher numbered one?  
> 
> You got me wrong.  I didn't say that lower is better at all times. 
> Read my
> entire post again.
> 
> I said that more rigorous equates to prestige.  This is why I 
> included my
> example of what would happen if Cisco decided to change the CCIE 
> exam to
> become extremely rigorous - then eventually people would prize 
> "high-number"
> CCIE's who passed the more rigorous version.  The fact is, 
> prestige follows
> rigor.  If something is more rigorous, then it becomes rigorous 
> and vice
> versa.  This is why graduating from MIT is more prestigious than 
> graduatingfrom Podunk Community College.  But the fact is, the 
> CCIE on the whole has
> probably gotten more rigorous (i.e. chopping the test from 2 days 
> to 1,
> eliminating the dedicated troubleshooting section, more
> bootcamps/braindumps, more cheating, etc. etc.) which is why it 
> has become
> less prestigious.
> 
> 
> >actually, probably the
> > inverse
> > is true as the more recent the certification the more recent
> > the
> > material covered.  this is balanced against with age comes 
> > opportunities and experiences.
> 
> Unfortunately, the free market disagrees with you.  The fact is, a 
> growingnumber of recruiters, headhunters, and HR people are 
> starting to give
> preference to lower-number CCIE's.  Go check out the 
> groupstudy.jobs forum. 
> Yet I have never heard of any recruiter giving preference to 
> higher-number
> CCIE.  It's always one-way, and that's my point.
> 
> 
> > 
> > threads like this are like discussing the maximum number of
> > angels
> > dancing on the head of a pin.  i vote we kill the thread before
> > it
> > spawn.
> > 
> > later.
> > 
> > 
> > 
> > 
> > 
> > - Original Message -
> > From: n rf 
> > Date: Thursday, June 5, 2003 5:16 pm
> > Subject: RE: number of CCIE [7:70151]
> > 
> > > Well, there are still less than 10,000 CCIE's.  So the
> > population
> > > hasn'taccelerated THAT dramatically.
> > > 
> > > Having said that, I will say that the CCIE has most likely
> > gotten
> > less
> > > rigorous and therefore less valuable over time.  I know this
> > is
> > > going to
> > > greatly annoy some people when I say this, but the truth is,
> > the
> > > averagequality of the later (read: high-number) CCIE's is
> > probably
> > > lower than the
> > > average quality of the higher (read: lower-number) CCIE's.
> > > 
> > > Before any of you high-number CCIE's decides to flame me, ask 
> > > yourself if
> > > you were given the opportunity to trade your number for a
> > lower
> > > number,would you do it?  For example, if you are CCIE #11,000
> > and
> > > you could trade
> > > that number for CCIE #1100, would you take it?  Be honest
> > with
> > > yourself. 
> > > I'm sure you would concede that you would.  By the same token
> > we
> > > also know
> > > that no low-number CCIE would willingly trade his number for
> > a
> > > higher one. 
> > > The movement is therefore all "one-way".  If all CCIE's were 
> > > really "created
> > > equal" then nobody would really care one way or another which 
> > > number they
> > > had. Therefore the CCIE community realizes that all CCIE's
> > are not
> > > createdequal and that intuitively that the lower number is
> > more
> > > desirable and the
> > > higher number is less desirable (otherwise, why does
> > everybody
> > > want a lower
> > > number?).  Simply put, the test is not as rigorous as it was
> > in
> > > the past,
> > > which is why lower numbers are preferred.
> > > 
> > > Or, I'll put it to you another way.  Let's say that starting
> > at
> > > #12,000Cisco makes the test ridiculously hard, putting in all 
> > > kinds of funky
> > > technologies, and making the pass rate less than 1% or some
> > other
> > > god-awful
> > > number.  What would happen?  Simple.  Word would get around
> > that
> &g

Re: RE: number of CCIE [7:70151]

[n rf]

garrett allen wrote:
> 
> you make an a priori argument that lower is better.  is a lower
> number
> cpa better than a higher numbered one?  

You got me wrong.  I didn't say that lower is better at all times.  Read my
entire post again.

I said that more rigorous equates to prestige.  This is why I included my
example of what would happen if Cisco decided to change the CCIE exam to
become extremely rigorous - then eventually people would prize "high-number"
CCIE's who passed the more rigorous version.  The fact is, prestige follows
rigor.  If something is more rigorous, then it becomes rigorous and vice
versa.  This is why graduating from MIT is more prestigious than graduating
from Podunk Community College.  But the fact is, the CCIE on the whole has
probably gotten more rigorous (i.e. chopping the test from 2 days to 1,
eliminating the dedicated troubleshooting section, more
bootcamps/braindumps, more cheating, etc. etc.) which is why it has become
less prestigious.


>actually, probably the
> inverse
> is true as the more recent the certification the more recent
> the
> material covered.  this is balanced against with age comes 
> opportunities and experiences.

Unfortunately, the free market disagrees with you.  The fact is, a growing
number of recruiters, headhunters, and HR people are starting to give
preference to lower-number CCIE's.  Go check out the groupstudy.jobs forum. 
Yet I have never heard of any recruiter giving preference to higher-number
CCIE.  It's always one-way, and that's my point.


> 
> threads like this are like discussing the maximum number of
> angels
> dancing on the head of a pin.  i vote we kill the thread before
> it
> spawn.
> 
> later.
> 
> 
> 
> 
> 
> - Original Message -
> From: n rf 
> Date: Thursday, June 5, 2003 5:16 pm
> Subject: RE: number of CCIE [7:70151]
> 
> > Well, there are still less than 10,000 CCIE's.  So the
> population
> > hasn'taccelerated THAT dramatically.
> > 
> > Having said that, I will say that the CCIE has most likely
> gotten
> less
> > rigorous and therefore less valuable over time.  I know this
> is
> > going to
> > greatly annoy some people when I say this, but the truth is,
> the
> > averagequality of the later (read: high-number) CCIE's is
> probably
> > lower than the
> > average quality of the higher (read: lower-number) CCIE's.
> > 
> > Before any of you high-number CCIE's decides to flame me, ask 
> > yourself if
> > you were given the opportunity to trade your number for a
> lower
> > number,would you do it?  For example, if you are CCIE #11,000
> and
> > you could trade
> > that number for CCIE #1100, would you take it?  Be honest
> with
> > yourself. 
> > I'm sure you would concede that you would.  By the same token
> we
> > also know
> > that no low-number CCIE would willingly trade his number for
> a
> > higher one. 
> > The movement is therefore all "one-way".  If all CCIE's were 
> > really "created
> > equal" then nobody would really care one way or another which 
> > number they
> > had. Therefore the CCIE community realizes that all CCIE's
> are not
> > createdequal and that intuitively that the lower number is
> more
> > desirable and the
> > higher number is less desirable (otherwise, why does
> everybody
> > want a lower
> > number?).  Simply put, the test is not as rigorous as it was
> in
> > the past,
> > which is why lower numbers are preferred.
> > 
> > Or, I'll put it to you another way.  Let's say that starting
> at
> > #12,000Cisco makes the test ridiculously hard, putting in all 
> > kinds of funky
> > technologies, and making the pass rate less than 1% or some
> other
> > god-awful
> > number.  What would happen?  Simple.  Word would get around
> that
> > the "new"
> > CCIE was super-rigorous and therefore very prestigious to
> pass.
> > Eventually,numbers greater than #12000 would be coveted, and 
> > everybody would want to
> > trade in their number for one greater than #12000. 
> Recruiters and
> > HR people
> > would start giving preference to CCIE's with numbers greater
> than
> > #12000. 
> > The point is that when rigor increases, prestige and
> desirability
> > tends to
> > follow.  When rigor declines, so does prestige and
> desirability.
> > 
> > 
> > And what is the cause of this decline in rigor?  Well, you
> alluded to
> > several factors.  While it is still rather controversial
> exactly
> > how the
> > switch from 2 days to 1 day impacted the program, it is
> widely
> > conceded that
> > it probably didn't help.  Nor does having all these
> braindumps all
> > over the
> > Internet, and not just for the written, but the lab as well. 
> The
> > CCIE has
> > certain arcane logistical rules that people have figured out
> how
> > to 'game' -
> > for example, for example, some people who live near test
> sites
> > just attempt
> > the lab every month over and over again.  Finally, there is
> the
> > consensusthat the CCIE program has simply not kept up with
> the
> > growing amount of
> > study ma

Re: RE: number of CCIE [7:70151]

[garrett allen]

you make an a priori argument that lower is better.  is a lower number 
cpa better than a higher numbered one?  actually, probably the inverse 
is true as the more recent the certification the more recent the 
material covered.  this is balanced against with age comes 
opportunities and experiences.

threads like this are like discussing the maximum number of angels 
dancing on the head of a pin.  i vote we kill the thread before it 
spawn.

later.





- Original Message -
From: n rf 
Date: Thursday, June 5, 2003 5:16 pm
Subject: RE: number of CCIE [7:70151]

> Well, there are still less than 10,000 CCIE's.  So the population 
> hasn'taccelerated THAT dramatically.
> 
> Having said that, I will say that the CCIE has most likely gotten 
less
> rigorous and therefore less valuable over time.  I know this is 
> going to
> greatly annoy some people when I say this, but the truth is, the 
> averagequality of the later (read: high-number) CCIE's is probably 
> lower than the
> average quality of the higher (read: lower-number) CCIE's.
> 
> Before any of you high-number CCIE's decides to flame me, ask 
> yourself if
> you were given the opportunity to trade your number for a lower 
> number,would you do it?  For example, if you are CCIE #11,000 and 
> you could trade
> that number for CCIE #1100, would you take it?  Be honest with 
> yourself. 
> I'm sure you would concede that you would.  By the same token we 
> also know
> that no low-number CCIE would willingly trade his number for a 
> higher one. 
> The movement is therefore all "one-way".  If all CCIE's were 
> really "created
> equal" then nobody would really care one way or another which 
> number they
> had. Therefore the CCIE community realizes that all CCIE's are not 
> createdequal and that intuitively that the lower number is more 
> desirable and the
> higher number is less desirable (otherwise, why does everybody 
> want a lower
> number?).  Simply put, the test is not as rigorous as it was in 
> the past,
> which is why lower numbers are preferred.
> 
> Or, I'll put it to you another way.  Let's say that starting at 
> #12,000Cisco makes the test ridiculously hard, putting in all 
> kinds of funky
> technologies, and making the pass rate less than 1% or some other 
> god-awful
> number.  What would happen?  Simple.  Word would get around that 
> the "new"
> CCIE was super-rigorous and therefore very prestigious to pass.  
> Eventually,numbers greater than #12000 would be coveted, and 
> everybody would want to
> trade in their number for one greater than #12000.  Recruiters and 
> HR people
> would start giving preference to CCIE's with numbers greater than 
> #12000. 
> The point is that when rigor increases, prestige and desirability 
> tends to
> follow.  When rigor declines, so does prestige and desirability.
> 
> 
> And what is the cause of this decline in rigor?  Well, you alluded to
> several factors.  While it is still rather controversial exactly 
> how the
> switch from 2 days to 1 day impacted the program, it is widely 
> conceded that
> it probably didn't help.  Nor does having all these braindumps all 
> over the
> Internet, and not just for the written, but the lab as well.  The 
> CCIE has
> certain arcane logistical rules that people have figured out how 
> to 'game' -
> for example, for example, some people who live near test sites 
> just attempt
> the lab every month over and over again.  Finally, there is the 
> consensusthat the CCIE program has simply not kept up with the 
> growing amount of
> study material, bootcamps, lab-guides, and so forth.  We all know 
> there's an
> entire cottage industry devoted just to helping people to pass the 
> lab, and
> while there's nothing wrong with that per se, it does mean that 
> Cisco needs
> to keep pace to maintain test rigor.  To offer a parallel 
> situation, when
> the MCSE bootcamps started to proliferate, the value of the MCSE 
> plummetedbecause Microsoft did not properly maintain the rigor of 
> the cert.
> Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70228&t=70151
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: NOOOO!!!! [7:70103]

[Thomas Larus]

This reminds me of the sort of swapping that is a solution to the problem of
upgrading IOS on a 2500-series router without the newer bootroms.  You
upgrade the IOS in a 2500 with the good bootroms, and then swap the flash
sticks with the router that lacks the proper bootroms.

The sort of common sense that permitted you to think of a solution like this
on your own is often more valuable than genius.

Tom Larus, CCIE #10,014




 wrote in message
news:[EMAIL PROTECTED]
> You ARE a genius. I'm really glad you didn't have to commit suicide.
> >
> > From: "Lamy Alexandre"
> > Date: 2003/06/03 Tue PM 10:25:50 EDT
> > To: [EMAIL PROTECTED]
> > Subject: RE: N [7:70103]
> >
> > I am a genius,
> >
> > I copied the rsp-boot on the simm flash on my 2611
> >
> > I put the simm flash 2600 on my 7505
> >
> > I put the simm flash 7505 on my 2600
> >
> > I downloaded a IOS on rommon on my 2600
> >
> >
> > pppfff, is not documented solutionCisco says to ship in RMA
> >
> >
> > I dont going suicide... ;-p




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70132&t=70103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: NOOOO!!!! [7:70103]

[[EMAIL PROTECTED]]

You ARE a genius. I'm really glad you didn't have to commit suicide.
> 
> From: "Lamy Alexandre" 
> Date: 2003/06/03 Tue PM 10:25:50 EDT
> To: [EMAIL PROTECTED]
> Subject: RE: N [7:70103]
> 
> I am a genius,
> 
> I copied the rsp-boot on the simm flash on my 2611
> 
> I put the simm flash 2600 on my 7505
> 
> I put the simm flash 7505 on my 2600
> 
> I downloaded a IOS on rommon on my 2600
> 
> 
> pppfff, is not documented solutionCisco says to ship in RMA
> 
> 
> I dont going suicide... ;-p




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70122&t=70103
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: question on operational efficiency of vpn's [7:69739]

[garrett allen]

thanks for the feedback.  to add a little more insight, bandwidth is 
more expensive in de than in the u.s., so we are using adsl.  our de 
facilities  use adsl with t-1 speeds for downloads but only 160kbps for 
uploads.  the de site in question is hosting an ftp server that u.s. 
users access to get data files and copy them back to the states.  they 
are several hundred megs in size and can take 4-8 hours to complete, 
depending on what else is going on.  it appears to be the single 
largest consumer of wan uplink bandwidth.  there are complaints of the 
amount of time required to complete an ftp but the folks do understand 
the math ... i suggested international overnite delivery as an option 
as there is a point where a tape is actually faster.

the question was somewhat rhetorical.  no right or wrong answer but i 
was interested in hearing different operational perspectives.

cheers!



- Original Message -
From: Priscilla Oppenheimer 
Date: Thursday, May 29, 2003 12:57 pm
Subject: RE: question on operational efficiency of vpn's [7:69739]

> Good questions. I wish some others would pipe in so you would get 
> a bigger
> sample space, but I'll pipe in since nobody else did yet!
> 
> What do the rest of you think? The exec summary is that we're 
> wondering how
> common it is to adjust host MTU to avoid fragmentation with VPN 
> and IPSec.
> 
> See below.
> 
> garrett allen wrote:
> > 
> > just finished an 8 city (3 u.s./5 e.u.) vpn deployment.  we
> > were in a
> > bit of a rush and now that we have finished the initial
> > deployment we
> > have the luxury of time to think things through a little more 
> > clearly.  one oversight that we made in our haste to deploy we
> > just
> > confirmed - the overhead associated with ipsec is causing
> > packet
> > fragmentation for packets exiting one location and destined for 
> > another over the vpn tunnels.  i don't have the traces in front
> > of me
> > but we did run a trace on an ftp session and confirmed it.  on
> > an ftp
> > session between vpn locations you see the following pattern of
> > packets
> > received on the destination network:
> > packet 1 - 1460 bytes
> > packet 2 - 120 bytes
> > packet 3 - 1460 bytes
> > packet 4 - 120 bytes
> > &c.
> > 
> > they probably started life as 1500 bytes, the ipsec overhead
> > forced a
> > fragment, which appears as the second, smaller packet.  the
> > solution
> > is to make all host mtu's slightly smaller, say 1460.  this
> > avoids
> > fragmentation and results in an actual wan bandwidth savings of 
> > something like 3-5%, although it appears counter intuitive. 
> > the
> > question i have is this - is it worth it to adjust each hosts
> > mtu and
> > take on that task?  
> 
> What would your goal be if you were to adjust each host's MTU? 
> Would it
> matter much if utilization on the WAN links was reduced by 3-5%? 
> Are you
> approaching a high utilization on the WAN links already?
> 
> How much does throughput get affected by the fragmentation? Do you 
> have some
> measurements before and after? I think the throughput would be 
> less due to
> the fragmentation, but maybe not enough less to matter. How about the
> response time? Although response time doesn't matter too much with a
> non-interactive application, it could matter it if went way up 
> (which it
> probably didn't though).
> 
> Here's the most important question: Have the users noticed? Are they
> complaining? If no, don't wory about it. And if yes, then are the 
> complaintsreally because of the fragmentation or more because of 
> the overhead inherent
> in IPSec?
> 
> You say you tested with FTP. Is that the application the users use 
> the most?
> You should definitely test with their own applications. You may 
> find that
> their favorite applications don't have the problem anyway. For 
> example, a
> lot of HTTP implementations don't fill a 1500-byte packet anyway. 
> They use
> shorter packets because the user's perceived performance is better if
> smaller chunks of data appear on the screen quickly, rather than 
> waiting for
> 1500 bytes at a time.
> 
> > what are considered operational best
> > practices -
> > optimize wan or lan packet sizes and throughput.  take on more
> > server
> > administration or ... given the recent thread on the death of
> > design
> > maybe the issue is moot?
> 
> Maybe if you ghost the images and there's an easy way to make the 
> change on
> every host it might be worth it, but you have to consider whether the
> benefits are worth the cost. Design is all about making tradeoffs 
> and it's
> not dead.
> 
> Perhaps you will decide not to make any optimization, but the fact 
> that you
> are considering it and the tradeoffs with manageability, and making
> before-and-after measurements, etc. means that you are doing 
> design work.
> 
> Also, think back on the project. Didn't you do some design work before
> implementing an 8 city (3 u.s./5 e.u.) VPN solution? It sounds 
> like you were
> in a 

Re: Re: BGP Load Balance [7:69611]

[ramesh_cisco]

BGP load balancing can be done using BGP peering on loopback address .And
you have to add static routes in


your routing table for loopback ip address and mention next-hop as serial
links ip addresses/serial interface


example:


nei loopbackip remote-as asnumber


nei loopbackip ebgp-multihop number 


and then


 


ip route loopback ip 255.255.255.255 serialx


ip route loopback ip 255.255.255.255 serialy


 


hope this will help you


Ramesh

"Brian W." wrote:



The way I've seen 2 paths used is by peering with a loopback interface and
using
neighbor peerip ebgp-multihop in the config.

Brian

- Original Message - 
From: "Azhar Teza" 
To: 
Sent: Tuesday, May 27, 2003 3:16 PM
Subject: BGP Load Balance [7:69611]


> If BGP route has two equal paths to the same destination, can it do load
> balance by installing the command? maximum-paths 2
>
> ___
> Join Excite! - http://www.excite.com
> The most personalized portal on the Web!
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69671&t=69611
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: PAT AFTER NAT...IS IT POSSIBLE??? [7:66672]

[Adam]

This is what I have run into in the past and I was almost certain that it
was not possible.  I set it up in the lab here with various configs and had
the same result.
As far as I was told in the last routing update I attended at our local
cisco office, the SE's there confirmed that the PIX can be defined with a
NAT Pool of addresses and then have the same pool statement entered only
this time specifying the same address (ie. PAT) as an overload.  They
confirmed that the IOS router code does not function like this and that you
would have to statically NAT those addresses that you wanted 1:1 on and then
have a blanket PAT (overload) statement in to cover the rest.
In the case of the original question with wanting to NAT 128 clients 1:1 and
then have PAT for the rest, this would require a lot of configuration and to
guarantee that 1:1 would occur (or to at least keep track of it) you would
require static IPs on the clients wishing to 1:1 NAT.
Hope I'm not flying way offline here but I believe this is the only way
possible with an IOS router.

Cheers

> I've found that you cannot do this, at least not when you do nat to a pool
> of addresses.  You have to do static nat, then overload the rest.  I tried
> adding overload to the end of my existing nat statment with the pool, it
> started PATing the addresses from the beginning.  Instead of using the 1:1
> from the pool, then pating anything beyond that.
> 
> ""Lee Carter""  wrote in message
> news:[EMAIL PROTECTED]
> > Yes you can just take your nat statement (ip nat inside source list 1...)
> > and add the word overload on the end of the command.
> >
> > You will use a 1:1 NAT for the first set of users. Once your IP's are
used
> > up you will use PAT. It is important to note that some issues arise with
> PAT
> > versus NAT like IPSEC or DLSW.
> >
> > just an fyi.
-- 
Composed with Newz Crawler 1.3 http://www.newzcrawler.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66712&t=66672
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: PAT AFTER NAT...IS IT POSSIBLE??? [7:66672]

[Adam]

I knew this was possible on the pix, but have never configured it on an IOS
router.  It would be really appreciated if someone wouldn't mind posting a
sample config as I cannot locate one on cisco's site or the netpro forum
specific to IOS routers with both NAT and PAT configured like outlined in
this post.
Thanks.


> Yes you can just take your nat statement (ip nat inside source list 1...)
> and add the word overload on the end of the command.
> 
> You will use a 1:1 NAT for the first set of users. Once your IP's are used
> up you will use PAT. It is important to note that some issues arise with
PAT
> versus NAT like IPSEC or DLSW.
> 
> just an fyi.
-- 
Composed with Newz Crawler 1.3 http://www.newzcrawler.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66694&t=66672
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: it started out as a really good idea ... [7:64638]

[garrett allen]

mirable dictu!

secret is in the standby track command.  lost 9 pings and then picked 
up just like nothing happened.  can pull any of the 4 links now an it 
works just like in the movies.

thanks all.



- Original Message -
From: garrett allen 
Date: Friday, March 7, 2003 6:57 am
Subject: Re: RE: it started out as a really good idea ... [7:64638]

> must ... find... coffee  
> 
> just catching back up as dc awakens.  the default gateways used by 
> the 
> pc's are the virtual router addresses, a different one for each 
> (i.e. 
> pc1 uses virtual router 1 and pc2 uses virtual router 2).  the pc 
> arp 
> caches correctly reflect the virtual mac address (cisco generated 
> 0c...)which are different than the router interfaces bia's.  
> the 
> virtual macs do move and the different interfaces do seem to stop 
> and 
> start their role as the active interface.
> 
> looking over the traces last nite didn't yield much more.  i have 
> a 
> couple things to try and i did find a tac article that holds some 
> hope 
> using standby use-bia.  we'll see.
> 
> thanks for all your thoughts and help.  i'll get this to work or 
> i'll 
> revert to plan b, 2 tin cans and ...
> 
> - Original Message -
> From: Priscilla Oppenheimer 
> Date: Thursday, March 6, 2003 5:14 pm
> Subject: RE: it started out as a really good idea ... [7:64638]
> 
> > What did you use a default gateway on the PCs??
> > 
> > Priscilla
> > 
> > garrett allen wrote:
> > > 
> > > i have a need for a high availability solution for a default
> > > gateway
> > > configuration.  just finished the ccdp and thought it might be 
> > > interesting to try hsrp on a pair of 2514's.  put some of that
> > > theory
> > > to work.  instead of highly resiliant i've managed to configure
> > > it for
> > > mass failure.  arg.., not exactly what i had in mind.  now, any
> > > time i
> > > take down 1 of the 4 links, the connect between 2 remote hosts
> > > dies.
> > > this is in a lab (production is not a lab, production is not a
> > > lab...)
> > > so it is a mystery i would like to solve, but it is not
> > > critical.
> > > 
> > > here is the basic config (hope it makes it):
> > > 
> > > pc host 1  -+- e0 router 1, e1 +-  pc host 2
> > > |  |
> > > |- e0 router 2, e1 |
> > > 
> > > the routers act as a default gateway between the internal
> > > network
> > > (represented by pc host 1) and the external world (represented
> > > by pc
> > > host 2).  i have used 10.3 and 10.4 /16 as the addresses for
> > > each side
> > > of the divide.  i want to run hsrp on both sets of router
> > > interfaces so
> > > that in the event a router or an interface fails, the traffic
> > > impact is
> > > minimized.  in the real world pc host 2 will be a firewall and
> > > there
> > > will be other hosts off that segment as well
> > > 
> > > looks easy.  sounds plausible.  read the cisco docs.  looks
> > > like it
> > > should work.  minimal incantations before tickling the
> > > keyboard.  key
> > > in the configs and it fires up nicely. do the show standby
> > > thingee and
> > > all looks cool.  can ping the 2 stations end to end.  most
> > > excellent.
> > > put a router in debug mode.  when i pull one of the 4 router
> > > cables the
> > > router goes through a state change but no bits make it to the
> > > far end.
> > > not even the shiney ones.  bitstream courtesy of ping.
> > > 
> > > maybe i misunderstood what hsrp was suppose to do.  the configs
> > > are
> > > below, along with the show standby results.  both are 2514's (2
> > > aui's)
> > > and both are running 12.2(1d).  probably forgot to put the
> > > interface in
> > > mumble mode or something equally easy.  no laughter, please.
> > > 
> > > thanks in advance.
> > > 
> > > router 1
> > > interface Ethernet0
> > >  ip address 10.3.255.2 255.255.0.0
> > >  no ip route-cache
> > >  no ip mroute-cache
> > >  standby 1 priority 200 preempt
> > >  standby 1 ip 10.3.0.2
> > > !
> > > interface Ethernet1
> > >  ip address 10.4.254.2 255.255.0.0
> > >  no ip route-cache
> > >  no ip mroute-cache
> > &g

Re: RE: it started out as a really good idea ... [7:64638]

[garrett allen]

must ... find... coffee  

just catching back up as dc awakens.  the default gateways used by the 
pc's are the virtual router addresses, a different one for each (i.e. 
pc1 uses virtual router 1 and pc2 uses virtual router 2).  the pc arp 
caches correctly reflect the virtual mac address (cisco generated 
0c...)which are different than the router interfaces bia's.  the 
virtual macs do move and the different interfaces do seem to stop and 
start their role as the active interface.

looking over the traces last nite didn't yield much more.  i have a 
couple things to try and i did find a tac article that holds some hope 
using standby use-bia.  we'll see.

thanks for all your thoughts and help.  i'll get this to work or i'll 
revert to plan b, 2 tin cans and ...

- Original Message -
From: Priscilla Oppenheimer 
Date: Thursday, March 6, 2003 5:14 pm
Subject: RE: it started out as a really good idea ... [7:64638]

> What did you use a default gateway on the PCs??
> 
> Priscilla
> 
> garrett allen wrote:
> > 
> > i have a need for a high availability solution for a default
> > gateway
> > configuration.  just finished the ccdp and thought it might be 
> > interesting to try hsrp on a pair of 2514's.  put some of that
> > theory
> > to work.  instead of highly resiliant i've managed to configure
> > it for
> > mass failure.  arg.., not exactly what i had in mind.  now, any
> > time i
> > take down 1 of the 4 links, the connect between 2 remote hosts
> > dies.
> > this is in a lab (production is not a lab, production is not a
> > lab...)
> > so it is a mystery i would like to solve, but it is not
> > critical.
> > 
> > here is the basic config (hope it makes it):
> > 
> > pc host 1  -+- e0 router 1, e1 +-  pc host 2
> > |  |
> > |- e0 router 2, e1 |
> > 
> > the routers act as a default gateway between the internal
> > network
> > (represented by pc host 1) and the external world (represented
> > by pc
> > host 2).  i have used 10.3 and 10.4 /16 as the addresses for
> > each side
> > of the divide.  i want to run hsrp on both sets of router
> > interfaces so
> > that in the event a router or an interface fails, the traffic
> > impact is
> > minimized.  in the real world pc host 2 will be a firewall and
> > there
> > will be other hosts off that segment as well
> > 
> > looks easy.  sounds plausible.  read the cisco docs.  looks
> > like it
> > should work.  minimal incantations before tickling the
> > keyboard.  key
> > in the configs and it fires up nicely. do the show standby
> > thingee and
> > all looks cool.  can ping the 2 stations end to end.  most
> > excellent.
> > put a router in debug mode.  when i pull one of the 4 router
> > cables the
> > router goes through a state change but no bits make it to the
> > far end.
> > not even the shiney ones.  bitstream courtesy of ping.
> > 
> > maybe i misunderstood what hsrp was suppose to do.  the configs
> > are
> > below, along with the show standby results.  both are 2514's (2
> > aui's)
> > and both are running 12.2(1d).  probably forgot to put the
> > interface in
> > mumble mode or something equally easy.  no laughter, please.
> > 
> > thanks in advance.
> > 
> > router 1
> > interface Ethernet0
> >  ip address 10.3.255.2 255.255.0.0
> >  no ip route-cache
> >  no ip mroute-cache
> >  standby 1 priority 200 preempt
> >  standby 1 ip 10.3.0.2
> > !
> > interface Ethernet1
> >  ip address 10.4.254.2 255.255.0.0
> >  no ip route-cache
> >  no ip mroute-cache
> >  standby 2 priority 200 preempt
> >  standby 2 ip 10.4.254.10
> > 
> > 
> > router 2
> > interface Ethernet0
> >  ip address 10.3.255.1 255.255.0.0
> >  no ip route-cache
> >  no ip mroute-cache
> >  standby 1 priority 225 preempt
> >  standby 1 ip 10.3.0.2
> > !
> > interface Ethernet1
> >  ip address 10.4.254.1 255.255.0.0
> >  no ip route-cache
> >  no ip mroute-cache
> >  standby 2 priority 150 preempt
> >  standby 2 ip 10.4.254.10
> > 
> > results of show standby
> > Router1#show standby
> > Ethernet0 - Group 1
> >   Local state is Standby, priority 200, may preempt
> >   Hellotime 3 holdtime 10
> >   Next hello sent in 00:00:00.940
> >   Hot standby IP address is 10.3.0.2 configured
> >   Active router is 10.3.255.1 expires in 00:00:09, priority 225
> >   Standby router is local
> >   20 state changes, last state change 00:22:34
> > Ethernet1 - Group 2
> >   Local state is Active, priority 200, may preempt
> >   Hellotime 3 holdtime 10
> >   Next hello sent in 00:00:01.676
> >   Hot standby IP address is 10.4.254.10 configured
> >   Active router is local
> >   Standby router is 10.4.254.1 expires in 00:00:08
> >   Standby virtual mac address is .0c07.ac02
> >   17 state changes, last state change 00:23:26
> > Router1#
> > 
> > Router2#show standby
> > Ethernet0 - Group 1
> >   Local state is Active, priority 225, may preempt
> >   Hellotime 3 holdtime 10
> >   Next hello sent in 00:00:01.01

Re: RE: it started out as a really good idea [7:64636]

[garrett allen]

never any offense in the search for truth, just truth.

the pc's are configured with the virtual router as the default 
gateway.  i checked the arp cache on the pc's (w2k) with arp -a before 
i unplugged, during the unplug time, and afterwards.  the mac address 
remained the same, which is to say the 0c... virtual mac address 
that cisco uses.  it is different than the bia on the interfaces and 
when doing a show interfaces you can see which interface has the 
virtual mac address since its hardware address is different than its 
bia.

i read through a tac article last nite that may hold a clue.  it 
suggests using the bia as the virtual mac address via the "standby use-
bia".  it stipulated that even though the pc uses the virtual mac 
address return packets will bear the bia of the router as the source 
mac.  it is a function of the lower end cisco gear and how many mac 
addresses they can have.  these are 2514's.  i haven't fully thought 
through the ramifications of this but have found in practice that 
asymmetry usually leads to bad juju, so changing the mac may help by 
making things consistent.  it did caution that some end stations may 
not play well when the mac changes, but a gratuitous arp was sent.  so 
we'll see today.

i hesitated to post the traces as they were rather large.  i will do 
so later today with fresh traces unless someone objects about the 
noise volume.  if so i can send offline to whomsoever is interested.

i've never worked with hsrp so i am interested in getting it resolved 
and understanding the why's of unsuccessful and successful operation.  
like i said in the beginning, it seemed like a really good idea...

cheers for now (off to the salt mines ...)
garrett



- Original Message -
From: Troy Leliard 
Date: Friday, March 7, 2003 4:46 am
Subject: RE: it started out as a really good idea [7:64636]

> Looks like you have it configured correctly, and that they are 
forming
> "adjacencies".  At the risk of offending, but always best to start 
> right  at
> the beginning, the gateway on your hosts are set to the HSRP 
> address correct?
> 
> When you unplug any of the 4 cables, you can no longer ping the 
> either side
> of the host.  Perhaps give us a debug standby during one of these 
> events ?
> 
> 
> garrett allen wrote:
> > 
> > i have a need for a high availability solution for a default
> > gateway
> > configuration.  just finished the ccdp and thought it might be 
> > interesting to try hsrp on a pair of 2514's.  put some of that
> > theory
> > to work.  instead of highly resiliant i've managed to configure
> > it for
> > mass failure.  arg.., not exactly what i had in mind.  now, any
> > time i
> > take down 1 of the 4 links, the connect between 2 remote hosts
> > dies.
> > this is in a lab (production is not a lab, production is not a
> > lab...)
> > so it is a mystery i would like to solve, but it is not
> > critical.
> > 
> > here is the basic config (hope it makes it):
> > 
> > pc host 1  -+- e0 router 1, e1 +-  pc host 2
> > |  |
> > |- e0 router 2, e1 |
> > 
> > the routers act as a default gateway between the internal
> > network
> > (represented by pc host 1) and the external world (represented
> > by pc
> > host 2).  i have used 10.3 and 10.4 /16 as the addresses for
> > each side
> > of the divide.  i want to run hsrp on both sets of router
> > interfaces so
> > that in the event a router or an interface fails, the traffic
> > impact is
> > minimized.  in the real world pc host 2 will be a firewall and
> > there
> > will be other hosts off that segment as well
> > 
> > looks easy.  sounds plausible.  read the cisco docs.  looks
> > like it
> > should work.  minimal incantations before tickling the
> > keyboard.  key
> > in the configs and it fires up nicely. do the show standby
> > thingee and
> > all looks cool.  can ping the 2 stations end to end.  most
> > excellent.
> > put a router in debug mode.  when i pull one of the 4 router
> > cables the
> > router goes through a state change but no bits make it to the
> > far end.
> > not even the shiney ones.  bitstream courtesy of ping.
> > 
> > maybe i misunderstood what hsrp was suppose to do.  the configs
> > are
> > below, along with the show standby results.  both are 2514's (2
> > aui's)
> > and both are running 12.2(1d).  probably forgot to put the
> > interface in
> > mumble mode or something equally easy.  no laughter, please.
> > 
> > thanks in advance.
> > 
> > router 1
> > interface Ethernet0
> >  ip address 10.3.255.2 255.255.0.0
> >  no ip route-cache
> >  no ip mroute-cache
> >  standby 1 priority 200 preempt
> >  standby 1 ip 10.3.0.2
> > !
> > interface Ethernet1
> >  ip address 10.4.254.2 255.255.0.0
> >  no ip route-cache
> >  no ip mroute-cache
> >  standby 2 priority 200 preempt
> >  standby 2 ip 10.4.254.10
> > 
> > 
> > router 2
> > interface Ethernet0
> >  ip address 10.3.255.1 255.255.0.0
> > 

Re: RE: VPN Client behind PIX [7:64358]

[Greg Owens]

I found this info under the 3.6 client
Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls
When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the
NAT/Firewall device may be closed due to the VPN Client's keepalive
implementation, called DPD (Dead Peer Detection). When a Client is idle, it
does not send a keepalive until it sends data and gets no response.

To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the
following parameter and setting to the [Main] section of any *.pcf (profile
configuration file) for the affected connection profile.

ForceKeepAlives=1

This parameter enables IKE and ESP keepalives for the connection at
approximately 20 second intervals.

For more information, see "Connection Profile Configuration Parameters" in
the VPN Client Administrator

> 
> From: "Kevin O'Gilvie" 
> Date: 2003/03/05 Wed PM 11:16:52 EST
> To: [EMAIL PROTECTED]
> Subject: RE: VPN Client behind PIX [7:64358]
> 
> I couldnt have said it better myself!!
> 
> >From: "brett spunt" 
> >To: "'Kevin O'Gilvie'" , 
> >Subject: RE: VPN Client behind PIX [7:64358]
> >Date: Wed, 5 Mar 2003 19:17:26 -0800
> >
> >It's not possible, and here's why. The pix Vpn only supports IPSEC over
> >UDP. Ipsec over UDP is NOT supported when sitting behind a stateful
> >firewall (such as the pix). You need to use Ipsec over TCP if using the
> >vpn client sitting behind a pix, or like stated before, you could create
> >a "site to site" VPN, setting up to peer with the pix at your work. The
> >reason a concentrator will work, is it's supports ipsec over tcp
> >connections, in addition to standard ipsec, and ipsec over UDP..
> >
> >HTH,
> >
> >Brett Michael Spunt
> >CCNP,CIPT,MCSE
> >Computer Network Innovations
> >[EMAIL PROTECTED]
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> >Kevin O'Gilvie
> >Sent: Tuesday, March 04, 2003 7:23 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: VPN Client behind PIX [7:64358]
> >
> >I am assuming he is behind a cable modem or dsl.
> >If so, even cisco says this is not possible.
> >If someone has this working pleas advise..
> >
> >
> > >From: "Greg Owens"
> > >Reply-To: "Greg Owens"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: VPN Client behind PIX [7:64358]
> > >Date: Tue, 4 Mar 2003 19:09:16 GMT
> > >
> > >You just need to open the ports you are using, ie 500, 47 1
> > > >
> > > > From: "Steve Smith"
> > > > Date: 2003/03/04 Tue AM 11:15:21 EST
> > > > To: [EMAIL PROTECTED]
> > > > Subject: VPN Client behind PIX [7:64358]
> > > >
> > > > OK gang here is the scenario. We have a PIX at work running VPN. I
> >have
> > > > a 515 at home. Before I put the 515 at home in I could use the VPN
> > > > client to connect to work. Now I can not. I remember a year or so
> >back
> > > > reading a Cisco article about this and that you had to use a certain
> >IP
> > > > range on the remote (my house) network. Does anyone know anything
> >about
> > > > this? Any suggestions?
> > > >
> > > > Thanks!
> > > >
> > > > Steve Smith
> > > > Enterprise Engineer
> > > > 901-758-8179 ext. 108
> > > > TEKSELL
> > > > [EMAIL PROTECTED]
> > >Greg Owens
> > >202-398-2552
> >_
> >Protect your PC - get McAfee.com VirusScan Online
> >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> _
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64604&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: VPN Client behind PIX [7:64358]

[Greg Owens]

I found this info under 3.6 client


Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls
When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the
NAT/Firewall device may be closed due to the VPN Client's keepalive
implementation, called DPD (Dead Peer Detection). When a Client is idle, it
does not send a keepalive until it sends data and gets no response.

To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the
following parameter and setting to the [Main] section of any *.pcf (profile
configuration file) for the affected connection profile.

ForceKeepAlives=1

This parameter enables IKE and ESP keepalives for the connection at
approximately 20 second intervals.

For more information, see "Connection Profile Configuration Parameters" in
the VPN Client Administrator


> 
> From: "Kevin O'Gilvie" 
> Date: 2003/03/05 Wed PM 11:16:52 EST
> To: [EMAIL PROTECTED]
> Subject: RE: VPN Client behind PIX [7:64358]
> 
> I couldnt have said it better myself!!
> 
> >From: "brett spunt" 
> >To: "'Kevin O'Gilvie'" , 
> >Subject: RE: VPN Client behind PIX [7:64358]
> >Date: Wed, 5 Mar 2003 19:17:26 -0800
> >
> >It's not possible, and here's why. The pix Vpn only supports IPSEC over
> >UDP. Ipsec over UDP is NOT supported when sitting behind a stateful
> >firewall (such as the pix). You need to use Ipsec over TCP if using the
> >vpn client sitting behind a pix, or like stated before, you could create
> >a "site to site" VPN, setting up to peer with the pix at your work. The
> >reason a concentrator will work, is it's supports ipsec over tcp
> >connections, in addition to standard ipsec, and ipsec over UDP..
> >
> >HTH,
> >
> >Brett Michael Spunt
> >CCNP,CIPT,MCSE
> >Computer Network Innovations
> >[EMAIL PROTECTED]
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> >Kevin O'Gilvie
> >Sent: Tuesday, March 04, 2003 7:23 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: VPN Client behind PIX [7:64358]
> >
> >I am assuming he is behind a cable modem or dsl.
> >If so, even cisco says this is not possible.
> >If someone has this working pleas advise..
> >
> >
> > >From: "Greg Owens"
> > >Reply-To: "Greg Owens"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: VPN Client behind PIX [7:64358]
> > >Date: Tue, 4 Mar 2003 19:09:16 GMT
> > >
> > >You just need to open the ports you are using, ie 500, 47 1
> > > >
> > > > From: "Steve Smith"
> > > > Date: 2003/03/04 Tue AM 11:15:21 EST
> > > > To: [EMAIL PROTECTED]
> > > > Subject: VPN Client behind PIX [7:64358]
> > > >
> > > > OK gang here is the scenario. We have a PIX at work running VPN. I
> >have
> > > > a 515 at home. Before I put the 515 at home in I could use the VPN
> > > > client to connect to work. Now I can not. I remember a year or so
> >back
> > > > reading a Cisco article about this and that you had to use a certain
> >IP
> > > > range on the remote (my house) network. Does anyone know anything
> >about
> > > > this? Any suggestions?
> > > >
> > > > Thanks!
> > > >
> > > > Steve Smith
> > > > Enterprise Engineer
> > > > 901-758-8179 ext. 108
> > > > TEKSELL
> > > > [EMAIL PROTECTED]
> > >Greg Owens
> > >202-398-2552
> >_
> >Protect your PC - get McAfee.com VirusScan Online
> >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> _
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64602&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: VPN Client behind PIX [7:64358]

[Greg Owens]

I found this info under the 3.6 client
Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls
When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the
NAT/Firewall device may be closed due to the VPN Client's keepalive
implementation, called DPD (Dead Peer Detection). When a Client is idle, it
does not send a keepalive until it sends data and gets no response.

To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the
following parameter and setting to the [Main] section of any *.pcf (profile
configuration file) for the affected connection profile.

ForceKeepAlives=1

This parameter enables IKE and ESP keepalives for the connection at
approximately 20 second intervals.

For more information, see "Connection Profile Configuration Parameters" in
the VPN Client Administrator

> 
> From: "Kevin O'Gilvie" 
> Date: 2003/03/05 Wed PM 11:16:52 EST
> To: [EMAIL PROTECTED]
> Subject: RE: VPN Client behind PIX [7:64358]
> 
> I couldnt have said it better myself!!
> 
> >From: "brett spunt" 
> >To: "'Kevin O'Gilvie'" , 
> >Subject: RE: VPN Client behind PIX [7:64358]
> >Date: Wed, 5 Mar 2003 19:17:26 -0800
> >
> >It's not possible, and here's why. The pix Vpn only supports IPSEC over
> >UDP. Ipsec over UDP is NOT supported when sitting behind a stateful
> >firewall (such as the pix). You need to use Ipsec over TCP if using the
> >vpn client sitting behind a pix, or like stated before, you could create
> >a "site to site" VPN, setting up to peer with the pix at your work. The
> >reason a concentrator will work, is it's supports ipsec over tcp
> >connections, in addition to standard ipsec, and ipsec over UDP..
> >
> >HTH,
> >
> >Brett Michael Spunt
> >CCNP,CIPT,MCSE
> >Computer Network Innovations
> >[EMAIL PROTECTED]
> >
> >-Original Message-
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> >Kevin O'Gilvie
> >Sent: Tuesday, March 04, 2003 7:23 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: VPN Client behind PIX [7:64358]
> >
> >I am assuming he is behind a cable modem or dsl.
> >If so, even cisco says this is not possible.
> >If someone has this working pleas advise..
> >
> >
> > >From: "Greg Owens"
> > >Reply-To: "Greg Owens"
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: VPN Client behind PIX [7:64358]
> > >Date: Tue, 4 Mar 2003 19:09:16 GMT
> > >
> > >You just need to open the ports you are using, ie 500, 47 1
> > > >
> > > > From: "Steve Smith"
> > > > Date: 2003/03/04 Tue AM 11:15:21 EST
> > > > To: [EMAIL PROTECTED]
> > > > Subject: VPN Client behind PIX [7:64358]
> > > >
> > > > OK gang here is the scenario. We have a PIX at work running VPN. I
> >have
> > > > a 515 at home. Before I put the 515 at home in I could use the VPN
> > > > client to connect to work. Now I can not. I remember a year or so
> >back
> > > > reading a Cisco article about this and that you had to use a certain
> >IP
> > > > range on the remote (my house) network. Does anyone know anything
> >about
> > > > this? Any suggestions?
> > > >
> > > > Thanks!
> > > >
> > > > Steve Smith
> > > > Enterprise Engineer
> > > > 901-758-8179 ext. 108
> > > > TEKSELL
> > > > [EMAIL PROTECTED]
> > >Greg Owens
> > >202-398-2552
> >_
> >Protect your PC - get McAfee.com VirusScan Online
> >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> _
> Tired of spam? Get advanced junk mail protection with MSN 8. 
> http://join.msn.com/?page=features/junkmail
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=64603&t=64358
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Traffic thru PIX [7:63347]

[[EMAIL PROTECTED]]

access-group "name" in interface "if_name"

I garantee this will do it for you.
> 
> From: "Albert Lu" 
> Date: 2003/02/20 Thu AM 10:10:09 EST
> To: [EMAIL PROTECTED]
> Subject: RE: Traffic thru PIX [7:63347]
> 
> Hi,
> 
> You say you can't ping through pix. I imagine you mean from a PC on the
> inside network to the internet address on the outside network. Did you
check
> your xlate table if it's doing the translation? (ie. show xlate). I also
> notice that you have a VPN, make sure that the address you ping isn't in
the
> subnet that you define for the VPN nat0 and for interesting traffic.
> 
> Looking at your ping results, it looks like you can ping hosts in the
inside
> and outside interfaces. So you just have to figure out why your pix is
> stopping your traffic.
> 
> Albert
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Tunji Suleiman
> Sent: Thursday, February 20, 2003 4:27 PM
> To: [EMAIL PROTECTED]
> Subject: Traffic thru PIX [7:63347]
> 
> 
> Hello All,
> 
> Can someone pls tell me how I can allow pings and other traffic thru the
> PIX? I've added both access-list and conduits for testing. Can ping from
pix
> to a test PC on LAN, to Internet router and to UUNet DNS but not from test
> PC thru PIX as per below:
> 
> PIX# wr t
> Building configuration...
> : Saved
> :
> PIX Version 6.1(2)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password J470/UhJVN.5DRKT encrypted
> passwd J470/UhJVN.5DRKT encrypted
> hostname PIX
> domain-name pixdomain.com
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> fixup protocol skinny 2000
> names
> name 10.250.77.3 testpc
> name 66.120.182.121 gateway
> access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.0.0
> access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.249.0.0 255.255.0.0
> access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.250.4.0
> 255.255.255
> .0
> access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.249.48.0
> 255.255.24
> 0.0
> access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.250.3.0
> 255.255.255
> .0
> access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.249.32.0
> 255.255.24
> 0.0
> access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.250.0.0
> 255.255.255.0
> access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.249.64.0
> 255.255.240.0
> 
> access-list arlington permit ip 10.250.77.0 255.255.255.0 10.250.2.0
> 255.255.255
> .0
> access-list arlington permit ip 10.250.77.0 255.255.255.0 10.249.16.0
> 255.255.24
> 0.0
> access-list richmond permit ip 10.250.77.0 255.255.255.0 10.250.75.0
> 255.255.255
> .0
> access-list aclout permit icmp any any
> pager lines 24
> logging console debugging
> interface ethernet0 auto
> interface ethernet1 auto
> mtu outside 1500
> mtu inside 1500
> ip address outside 66.120.182.122 255.255.255.248
> ip address inside 10.250.77.1 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm history enable
> arp timeout 14400
> global (outside) 1 66.120.182.123 netmask 255.255.255.248
> nat (inside) 0 access-list nat0
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> access-group aclout in interface outside
> conduit permit icmp any any
> conduit permit tcp any any
> route outside 0.0.0.0 0.0.0.0 gateway 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323
> 0:05:00 si
> p 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> http server enable
> http 10.250.78.3 255.255.255.255 inside
> http 10.250.77.2 255.255.255.255 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> sysopt connection permit-ipsec
> no sysopt route dnat
> crypto ipsec transform-set strong3 esp-3des esp-sha-hmac
> crypto map cmap 1 ipsec-isakmp
> crypto map cmap 1 match address oxfordhub
> crypto map cmap 1 set peer 217.33.153.3
> crypto map cmap 1 set transform-set strong3
> crypto map cmap 2 ipsec-isakmp
> crypto map cmap 2 match address ipalcohub
> crypto map cmap 2 set peer 216.37.39.66
> crypto map cmap 2 set transform-set strong3
> crypto map cmap 3 ipsec-isakmp
> crypto map cmap 3 match address arlhub
> crypto map cmap 3 set peer 206.154.225.2
> crypto map cmap 3 set transform-set strong3
> crypto map cmap 4 ipsec-isakmp
> crypto map cmap 4 match address arlington
> crypto map cmap 4 set peer 65.204.31.2
> crypto map cmap 4 set transform-set strong3
> crypto map cmap 5 ipsec-isakmp
> crypto map cmap 5 match address richmond
> crypto map cmap 5 set peer 195.172.96.66
> crypto map cmap 5 set transform-set strong3
> crypto map cmap interface outside
> isakmp enable outside
> isakmp key  address 217.33.1

Re: Re: Snort versus Cisco IDS [7:62939]

[Charles Riley]

There are also some very nice prebuilt Snort sensors with a GUI from the
following vendors.

www.sourcefire.com
www.silicondefense.com
www.packetalarm.com


I have had the opportunity to evaluate and configure products from all
three, and they have done an excellent job of bringing Snort to the masses.
Basically, the sensors have a hardened OS (Linux or Solaris) with a creamy
GUI wrapped around itand of course, Snort in all its glory.  And, no, I
don't get a commission from any of the above...


HTH,

Charles


""Craig Columbus""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Having installed and worked with both products, I think that Cisco's
> offering is more comprehensive, but Snort is highly reliable and much
> cheaper.
> It doesn't have some of the features of the Cisco product (dynamic
> shunning), but for most small to medium sized businesses (like the kind I
> work with daily), Snort is more than sufficient given the cost.
> On average, I can install a Snort sensor on dedicated hardware and FreeBSD
> for approximately $1000.  A single Cisco 4210 sensor install costs me
about
> $5600.  If I need to scale to Gbit capability, I can install a Snort
sensor
> for approx. $5000, compared to $18K for a Cisco 4250.
>
> In summary, they're both decent products.  If you need a comprehensive
> system for large enterprise, then Cisco certainly has the edge over
> Snort...at least until you start talking about hardware-based, customized
> snort like that from Silicon Defense.  If you just need a solid IDS for
> small business and don't want to spend a ton of cash, then Snort is a
great
> alternative and is usually my first recommendation.
>
>
> At 05:06 AM 2/13/2003 +, you wrote:
> >Someone told me in an authoritative voice today that Cisco doesn't
recommend
> >their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a
> >big part of SAFE?
> >
> >Of course, the person who said this doesn't understand that Cisco is a
huge,
> >chaotic organism, and that saying Cisco does something based on what one
> >person does, doesn't make sense.
> >
> >But I'm just curious, what do you all recommend for intrusion detection?
How
> >do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
> >complicated, requiring appliances or IDS cards in a switch and a console:
> >
> >Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that
> >runs on UNIX (Solaris and HP-UX)
> >
> >Cisco Secure Policy Manager (v2.2+)Windows NT-based package
> >
> >Thanks.
> >
> >Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62971&t=62939
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: question(routing) [7:62490]

[Keyur Lavingia]

I know what WCCP is for. I just want to find out why it is there in the
config. It may have some relation to the problem.

"Andrew Larkins" wrote:



WCCP is for web caching - it is used in conjunction with a Cisco content
engine to pass all HTTP requests (an others) to a cache engine without the
users physically having a proxy configured

-Original Message-
From: Keyur Lavingia [mailto:[EMAIL PROTECTED]]
Sent: 05 February 2003 16:15
To: [EMAIL PROTECTED]
Subject: Re: question(routing) [7:62490]


Hi,





I notice some wccp commands in your config. Can you please tell me where u
are using it and for what ?





Thanks,





Keyur.







"kaushalender" wrote:



Hello group,

Kindly resolve my confussion.I have cisco 2610 router.We r running 
static routing with our service provider .Now what is happening that 
suddely my http request stoped going out means there was no browsing on 
lan and customer I was able to telnet every website on port 80 that 
means i able to reach website till apllication layer from my pc .Now how 
can i find out what is killing my http request in my network . and my 
service provider is saying that from my side huge amount of routing 
loops is coming but i have put whole announced network on ethernet. This 
is the conf .PLz help me

sh run
>Building configuration...
>
>Current configuration : 4962 bytes
>!
>version 12.2
>service timestamps debug datetime msec localtime show-timezone
>service timestamps log datetime msec localtime show-timezone
>service password-encryption
>!
>hostname Rainbow
>!
>logging buffered 1 debugging
>no logging console
>aaa new-model
>aaa authentication login default local group radius
>aaa authorization exec default local group radius
>enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1
>enable password 7 000D0016457B525F56
>!
>username rainbow password 7 095E4F0017071805
>
>clock timezone GMT 5
>clock summer-time GMT recurring
>ip subnet-zero
>no ip source-route
>ip wccp version 1
>ip flow-cache timeout inactive 300
>ip flow-cache timeout active 1
>ip cef
>!
>!
>ip name-server 202.78.168.6
>ip name-server 202.78.168.14
>
>p name-server 202.54.15.1
>!
>!
>class-map match-any http-hacks
> match protocol http url "*.ida*"
> match protocol http url "*cmd.exe*"
> match protocol http url "*root.exe*"
> match protocol http url "*readme.eml*"
>!
>!
>policy-map mark-inbound-http-hacks
> class http-hacks
> set ip dscp 1
>!
>
>!
>interface Ethernet0/0
> ip address 202.78.164.3 255.255.252.0 secondary
> ip address 202.54.194.65 255.255.255.224 secondary
> ip address 202.78.168.26 255.255.248.0
> ip access-group 115 in
> ip access-group 115 out
> no ip proxy-arp
> rate-limit input access-group 121 48000 52000 52000 conform-action
>transmit exceed-action drop
> rate-limit input access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 110 64000 64000 64000 conform-action
>transmit exceed-action drop
> rate-limit output access-group 121 296000 30 30 conform-action
>transmit exceed-action drop
> rate-limit output access-group 122 32000 32000 32000 conform-action
>transmit exceed-action drop
> no ip mroute-cache
> full-duplex
> service-policy input mark-inbound-http-hacks
>service-policy output mark-inbound-http-hacks
> no cdp enable
>interface Serial0/0
> bandwidth 512
> no ip address
> no ip mroute-cache
> shutdown
> no fair-queue
>!
>interface Serial0/1
> bandwidth 512
> no ip address
> no ip route-cache
> no ip mroute-cache
> shutdown
>!
>interface Serial0/2
> no ip address
> shutdown
>!
>interface Serial0/3
> description "OASIS LINK"
>ip address 216.252.243.5 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 64000 128000 128000 conform-action transmit
>exceed-action drop
> rate-limit output 64000 128000 128000 conform-action transmit
>exceed-action drop
> encapsulation ppp
>!
>interface Serial1/0
> description Shapura Link
> ip address 216.252.243.1 255.255.255.252
> ip access-group 107 in
> ip access-group 107 out
> rate-limit input 32000 32768 32768 conform-action transmit
>exceed-action drop
>
>interface Serial1/1
> description DOIT LINK
> bandwidth 128
> ip address 216.252.243.17 255.255.255.252
>rate-limit input 32000 65536 65536 conform-action transmit exceed-action
>drop
> rate-limit output 32000 65536 65536 conform-action transmit
>exceed-action drop
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!
>nterface Serial1/2
> no ip address
> shutdown
>!
>interface Serial1/3
> description vsnl link
> ip address 202.54.192.66 255.255.255.252
> ip access-group 115 in
> ip access-group 115 out
> encapsulation ppp
> service-policy input mark-inbound-http-hacks
> service-policy output mark-inbound-http-hacks
>!p flow-export source Ethernet0/0
>ip flow-export version 5 peer-as
>ip flow-export destination 202.78.168.2 2055
>ip classless
>ip route 0.0.0.0 0.0.0.0 202.54.192.65
>ip route 202.78.160.0 

RE: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60888]

[jhodge]

Thank you for all that responded to this. Found out that I had to
influence the route using the bandwidth and delay properties to change
the primary route to MPLS instead of the frame relay link.

Cheers,

Jamie

-Original Message-
From: Amar KHELIFI [mailto:[EMAIL PROTECTED]] 
Sent: January 11, 2003 3:15 PM
To: [EMAIL PROTECTED]
Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link
[7:60840]




> Sorry, but i lacked to enphasis some important points that affect the
((bandwith)) command, it is true that the bandwith command affectes
> only igrp and eigrp route selection, and that it has nothing to do
with
the
> actual clock, that is left to the ((clock rate)) command.
> it is, how ever a good practice in large environments to coordone the
> bandwith used for specific interfaces throughout the hall network that
way
> the interface type can be predictable in any hope your viewing the
routing
> table @, but you don't have to bother yourself with if you just have a
hub
> and spoke topologie that is not very large, and even though in which
case
> you would implement stubing as it is the most scalable solution in
that
> scenario.
>
> excuse the lack of info in the previous message
>
> Best Regards,
> Amar
> CCNA, CCNP
>
> - Original Message -
> From: "Amar KHELIFI" 
> To: 
> Sent: Saturday, January 11, 2003 9:30 PM
> Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial
link
> [7:60840]
>
>
> >
> > the BW of the tunnel should not be over that of the T1, assuming all
> traffic
> > will use the tuunel interface to get to the other site
> > the best way if you are only paasing traffic for a particular
network,
is
> to
> > messure the bw used to reach the net by using ip accounting or
netflow
if
> > you the necessaey ios and hw, and calculate it based on the
monitored
time
> > to have an average which you will use to split the bandwith between
the
> > Physical and logical interfaces.
> > Hope this helps
> > Best Regards
> > Amar
> > CCNA CCNP
> > PS i don't know why i can't send messages to the group
> > - Original Message -
> > From: 
> > Newsgroups: groupstudy.cisco
> > Sent: Friday, January 10, 2003 8:53 PM
> > Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial
link
> > [7:60840]
> >
> >
> > > Thank you for the response.  Another peice of the puzzle is that I
> believe
> > > there are two way to influence the EIGRP Table.  I could increase
the
> > > 10.x.x.x tunnel bandwidth or I could advertise the 64.200.x.x
network
in
> to
> > > the EIGRP metric. Presently the 64.200.x.x network is not
advertised
in
> > the
> > > eigrp table, only the 10.x.x.x is.  I believe this is a situation
of
two
> > way
> > > to 'skin' the cat.  Just wondering what way is preferred over the
other.
> > >
> > > To further convolude the situation I have another engineer here
that
> > believe
> > > the delay should be manipulated instead of the bandwidth.
> > >
> > > Any suggestions are appreciated.
> > >
> > > Cheers,
> > >
> > > Jamie
> > >
> > > - Original Message -
> > > From: "Georgescu, Aurelian"
> > > Date: Friday, January 10, 2003 11:21 am
> > > Subject: RE: : Influencing EIGRP to use GRE tunnels over Serial
link
> > > [7:60834]
> > >
> > > > You have to put a "bandwidth" statement under the tunnel
> > > > interfaces as well,
> > > > with a higher value than FR.
> > > >
> > > > Aurelian Georgescu
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > > > Sent: Friday, January 10, 2003 2:00 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: : Influencing EIGRP to use GRE tunnels over Serial link
> > > > [7:60834]
> > > > Hello all,
> > > >
> > > > I have a question.  I have gre tunnels going through MPLS
running
> > > > 1.544mbps,running EIGRP.  The secondary links are Frame Relay
> > > > links running at 256kbps
> > > > per link.  Presently EIGRP has calculated the best link to be
the
> > > > SprintLink as there are bandwidth statements in the frame relay
> > > > subinterface on
> > > > the remote site:
> > > >
> > > > Remote Site In Tampa:
> > > > interface Serial0/0.2 point-to-point
> > > > description &qu

Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60840]

[[EMAIL PROTECTED]]

Thank you for the response.  Another peice of the puzzle is that I believe
there are two way to influence the EIGRP Table.  I could increase the
10.x.x.x tunnel bandwidth or I could advertise the 64.200.x.x network into
the EIGRP metric. Presently the 64.200.x.x network is not advertised in the
eigrp table, only the 10.x.x.x is.  I believe this is a situation of two way
to 'skin' the cat.  Just wondering what way is preferred over the other.

To further convolude the situation I have another engineer here that believe
the delay should be manipulated instead of the bandwidth.

Any suggestions are appreciated.

Cheers,

Jamie

- Original Message -
From: "Georgescu, Aurelian" 
Date: Friday, January 10, 2003 11:21 am
Subject: RE: : Influencing EIGRP to use GRE tunnels over Serial link
[7:60834]

> You have to put a "bandwidth" statement under the tunnel 
> interfaces as well,
> with a higher value than FR.
> 
> Aurelian Georgescu
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
> Sent: Friday, January 10, 2003 2:00 PM
> To: [EMAIL PROTECTED]
> Subject: : Influencing EIGRP to use GRE tunnels over Serial link 
> [7:60834]
> Hello all,
> 
> I have a question.  I have gre tunnels going through MPLS running 
> 1.544mbps,running EIGRP.  The secondary links are Frame Relay 
> links running at 256kbps
> per link.  Presently EIGRP has calculated the best link to be the 
> SprintLink as there are bandwidth statements in the frame relay 
> subinterface on
> the remote site:
> 
> Remote Site In Tampa:
> interface Serial0/0.2 point-to-point
> description "Connect to Seattle"
> bandwidth 256
> ip address 192.168.228.253 255.255.255.0
> no ip mroute-cache
> no cdp enable
> frame-relay interface-dlci 41   
> 
> interface Tunnel1
> description "Tampa Tunnel to Seattle"
> ip address 10.0.48.6 255.255.255.252
> tunnel source Serial0/1
> tunnel destination 64.200.134.18
> !   
> The Tamp Site connects with Seattle Hub with these configs:
> 
> interface Tunnel1
> description "Seattle Tunnel to Tampa"
> ip address 10.0.48.5 255.255.255.252
> tunnel source Serial2/0
> tunnel destination 64.200.118.162
> end   
> 
> interface Serial0/0.8 point-to-point
> description  "Seattle to Tampa"
> bandwidth 256
> ip address 192.168.228.254 255.255.255.0
> no ip route-cache
> no ip mroute-cache
> no cdp enable
> frame-relay interface-dlci 39  
> 
> I believe the best way to influence EIGRP would be to add a bandwidth
> statement to the tunnel or the interface to which the tunnel is 
> applied to.
> 
> One other question.  T1 1.544mbps would be 193000 in the bandwidth
> statement?.. believe so ..but having a brain fart right now.
> 
> Thank you for your help.
> 
> Cheers,
> 
> Jamie




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60840&t=60840
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Bridging Question?can it be hub too [7:60546]

[Priscilla Oppenheimer]

Simmi Singla wrote:
> 
> Hi all,
> Can I make the router as hub too ,suppose my requirement is
> like that what ever data comes on one port should come on
> other,Can we configure span on router as we do on switch.

No, you can't turn your router into a hub, although there are some
multi-port modules you can add to a router that are hub modules. Those ports
aren't routed. They are in a hub that is built-into a router. I suppose if
you shut down all the other interfaces (the "real" routed interfaces) you
would have turned your router into a hub. :-)

Doing SPAN on a router wouldn't turn it into a hub. A hub doesn't understand
frames, packets, data. It just forwards bits. A hub is a multi-port
repeater. SPAN is smarter than that. It understands frames. It's also a
switch technology. I don't think you can use it on a router, unless Cisco
has added that recently. SPAN exists because switches replaced hubs, making
it hard for protocol analysts to see what was happening.

Priscilla

> Regards
> mlehr wrote:
> > 
> > I have studied for and successfully tested CCNA & CCNP and now
> > I am studying
> > for the CCIE written exam. At this point in my studies, I am
> > reading up on
> > the subject of Bridging.  I fully understand the concept of
> > bridging when it
> > comes to switches, but I am perplexed as to why a router would
> > need to
> > perform a bridging function.  Obviously bridging capabilities
> > are built into
> > the routers IOS but what need would prompted anyone to use
> this
> > feature.  In
> > the other studies Bridging was not a covered subject so this
> is
> > new
> > territory for me.
> > 
> > 
> > 
> > Help!
> > 
> > Mike L.
> > 
> > 
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60650&t=60546
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: campus LAN Design w/DHCP Server [7:59724]

[Priscilla Oppenheimer]

Thanks Scott! It does bode well, despite the weird Dest Unreachable (Port
Unreachable) from the server.

Thanks again.

Priscilla

s vermill wrote:
> 
> Priscilla,
> 
> Well, it’s been an interesting project.  Unfortunately, the
> DHCP server app that I wound up trying (Vicomsoft) was so buggy
> that I couldn’t keep it from crashing.  Even when it was
> running, it was highly, highly unstable.  Granted, it was a
> demo, but I would think a demo would have basic functionality.
> 
> Furthermore, I couldn’t get into the console port of the
> 2900XL.  Tried everything.  The darned port is fried.
> 
> So…here is what I came up with:
> 
> 
>2621
> |
> |   |
>  Foundry Networks switch
>   |  |
>   |  |
|  |
>   DHCP Serv  DHCP Client
> 
> 
> The 2621, with 64M of memory and 8M of flash, is running
> 12.1-18 IP Plus.  I don’t know much about the Foundry switch. 
> It was straight out of the box just yesterday.  I configured it
> with a dot1q trunk to the router, an access port in vlan 100
> (192.168.1.0/24), and an access port in vlan 200
> (192.168.2.0/24).  The server (192.168.1.100) was attached to
> VLAN 100 and the client (192.168.2.?) to vlan 200.  The router
> subinterfaces were the .1 address.  Subinterface F0/0.2 had an
> IP helper address of 192.168.1.100.
> 
> On a couple of occasions I moved the client to vlan 100.  The
> server did actually work two or three times with a local
> client.  It never once worked with a non-local client.  The
> good news is that the DHCP Discovery crossed the vlans via the
> 2621 and looked to be in pretty good shape:
> 
>  Frame 44 (343 bytes on wire, 343 bytes captured)
> Arrival Time: Dec 21, 2002 18:01:21.694951000
> Time delta from previous packet: 0.721309000 seconds
> Time relative to first packet: 40.720429000 seconds
> Frame Number: 44
> Packet Length: 343 bytes
> Capture Length: 343 bytes
> Ethernet II, Src: 00:02:fd:1d:c0:20, Dst: 00:08:74:03:77:b5
> Destination: 00:08:74:03:77:b5 (Dell_Com_03:77:b5)
> Source: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20)
> Type: IP (0x0800)
> Internet Protocol, Src Addr: 192.168.2.1 (192.168.2.1), Dst
> Addr: 192.168.1.100 (192.168.1.100)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x00 (DSCP 0x00: Default;
> ECN: 0x00)
>  00.. = Differentiated Services Codepoint: Default
> (0x00)
>  ..0. = ECN-Capable Transport (ECT): 0
>  ...0 = ECN-CE: 0
> Total Length: 329
> Identification: 0x0061
> Flags: 0x00
> .0.. = Don't fragment: Not set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 255
> Protocol: UDP (0x11)
> Header checksum: 0x358d (correct)
> Source: 192.168.2.1 (192.168.2.1)
> Destination: 192.168.1.100 (192.168.1.100)
> User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps
> (67)
> Source port: bootps (67)
> Destination port: bootps (67)
> Length: 309
> Checksum: 0xde84 (correct)
> Bootstrap Protocol
> Message type: Boot Request (1)
> Hardware type: Ethernet
> Hardware address length: 6
> Hops: 1
> Transaction ID: 0xcb4d080c
> Seconds elapsed: 17250
> Bootp flags: 0x8000 (Broadcast)
> 1...    = Broadcast flag: Broadcast
> .000    = Reserved flags: 0x
> Client IP address: 0.0.0.0 (0.0.0.0)
> Your (client) IP address: 0.0.0.0 (0.0.0.0)
> Next server IP address: 0.0.0.0 (0.0.0.0)
> Relay agent IP address: 192.168.2.1 (192.168.2.1)
> Client hardware address: 00:06:5b:e4:d3:97
> Server host name not given
> Boot file name not given
> Magic cookie: (OK)
> Option 53: DHCP Message Type = DHCP Discover
> Unknown Option Code: 251 (1 bytes)
> Option 61: Client identifier
> Hardware type: Ethernet
> Client hardware address: 00:06:5b:e4:d3:97
> Option 50: Requested IP Address = 192.168.1.2
> Option 12: Host Name = "laprmccarverGFE"
> Option 60: Vendor class identifier = "MSFT 5.0"
> Option 55: Parameter Request List
> 1 = Subnet Mask
> 15 = Domain Name
> 3 = Router
> 
> Notice the relay agent address of 192.168.2.1.  That bodes
> well.  However, for some reason, this was the response:
> 
> Frame 45 (70 bytes on wire, 70 bytes captured)
> Arrival Time: Dec 21, 2002 18:01:21.69501
> Time delta from previous packet: 0.59000 seconds
> Time relative to first packet: 40.720488000 seconds
> Frame Number: 45
> Packet Length: 70 bytes
> Capture Length: 70 bytes
> Ethernet II, Src: 00:08:74:03:77:b5, Dst: 00:02:fd:1d:c0:20
> Destination: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20)
> Source: 00:08:74:03:77:b5 (

Re: RE: CCIE Vs. BS or MS dergree [7:59481]

[Sam Sneed]

This forum is not a purely techincal forum and thats where you're wrong.
The group is groupstusy.cisco if you hadn't notice and its primary focus its
studying for Cisco certification. CCIE is a certification. So I believe a
discussion on peoples' opinions whether a going for a CCIE or MS, MBA would
be a better for their situation and is a great question for the group. I
think it provides the group with more useful and helpful information than a
question like

"My customer needs a VPN setup. I have no experience in this so please send
me the configs so I can set it up and collect my consulting fee."

or

"I need to recover a password on my cisco 2500 series router. I'm to lazy to
go to Cisco's site and type password recovery 2500, so could some one in the
group go to Cisco's site find it for me and send me the link."

If you want only a technical discussion try comp.dcom.sys.cisco  .

""Mr piyush shah""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear friends
> It has been quite long that I have been hearing
> whether CCIE is superior or MS. I thing it is high
> time we should wrap the topic.I dont understand
> ,whether why this forum for ? It should b a purely
> technical. For a typically type of questioning like
> this, there are resposes which lasts for weeks but
> there are some questions for whom nobody seems to be
> bothered ?
> There was a queation which was thrown on this on
> TACACS ACS  whether What could the issue that I am
> able to authenticate and not authorisation ,not a
> single person on this site bothered to answered ,not
> even Priscilla .
> Which sounds to be very starnge. There are so many
> people who r new to networking tech ,hence comes with
> some querry which might b stupid to some of our
> colleages but pls ensure that u were also like them
> during your initial  phase ,hence try to  rectify the
> querry rather than spending your precious time on
> stupid questions like " ccie is superior or MS , what
> is the salary of CCIE ? "
> I hope the message is clear to everybody
> Regards
>
> PIYUSH
>
>
>
>
> Note: forwarded message attached.
>
> 
> Missed your favourite TV serial last night? Try the new, Yahoo! TV.
>visit http://in.tv.yahoo.com
> X-Apparently-To: [EMAIL PROTECTED] via web8002.mail.in.yahoo.com;
>   20 Dec 2002 07:36:38 +0500 (IST)
> Return-Path:
> X-Track: 1: 100
> Return-Path:
> Received: from groupstudy.com (66.220.63.9) by mta102.in.mail.yahoo.com
>   with SMTP; 20 Dec 2002 07:34:44 +0500 (IST)
> Received: from localhost (mail@localhost) by groupstudy.com
>   (8.9.3/8.9.3) with SMTP id CAA32069; Fri, 20 Dec 2002 02:04:32 GMT
> Received: by groupstudy.com (bulk_mailer v1.13); Fri, 20 Dec 2002
>   01:26:50 +
> Received: (from listserver@localhost) by groupstudy.com (8.9.3/8.9.3) id
>   BAA23691 GroupStudy Mailer; Fri, 20 Dec 2002 01:26:48 GMT
> Received: (from nobody@localhost) by groupstudy.com (8.9.3/8.9.3) id
>   BAA23686 GroupStudy Mailer; Fri, 20 Dec 2002 01:26:48 GMT
> Date: Fri, 20 Dec 2002 01:26:48 GMT
> From: "Charlie Wehner"
> X-GroupStudy-Version: 3.1.1a
> X-GroupStudy: Network Technical
> To: [EMAIL PROTECTED]
> Subject: RE: CCIE Vs. BS or MS dergree [7:59481]
> Sender: [EMAIL PROTECTED]
> Reply-To: "Charlie Wehner"
> Precedence: bulk
> Content-Length: 925
>
> What's more difficult?
>
> a) Memorizing configuration scenerios and commands on a Cisco router
>
> b) Understanding Calculus, Differential Equations, Numerical Analysis,
> Chemistry, Physics and Electrical Engineering well enough to create a
> "meaningful" experiment.
>
> One of my friends is working on his masters in Physics right now.  What
he's
> working on makes the CCIE look like a walk through the park.
>
> Seriously, what if the recommended reading list for the CCIE exam looked
> like this:
>
> Physics I and II
> Calculus I,II,III
> Differential Equations
> Mechanics
> Circuit Analysis I and II
> Linear Systems
> Thermodynamics
> Quantum Mechanics
> Optics




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59613&t=59481
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Good book(s)... [7:59534]

[Mossburg, Geoff (MAN-Corporate)]

I hear ya'! One other word to mention: Gnutella. Not very safe, but much to
pick and choose from, if you're careful.

-Original Message-
From: B.J. Wilson [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 11:48 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: Good book(s)... [7:59534]


> I think I'm keeping Amazon in business!

Funny, I'm taking the opposite tack: I've pretty much stopped buying Cisco
Press books, and have just started printing out PDFs from CCO.  Anytime I
want to learn something new, I start by doing a search for whatever it is,
followed by "configuration guide pdf" in the search box.  Usually something
useful comes up.  Then I just print it out on the company printer (duplex,
of course), punch holes in it, and stick it in a three-ring binder - voila,
instant study books.

BJ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59540&t=59534
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Good book(s)... [7:59534]

[B.J. Wilson]

> I think I'm keeping Amazon in business!

Funny, I'm taking the opposite tack: I've pretty much stopped buying Cisco
Press books, and have just started printing out PDFs from CCO.  Anytime I
want to learn something new, I start by doing a search for whatever it is,
followed by "configuration guide pdf" in the search box.  Usually something
useful comes up.  Then I just print it out on the company printer (duplex,
of course), punch holes in it, and stick it in a three-ring binder - voila,
instant study books.

BJ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=59534&t=59534
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Hello (long response) [7:58824]

[vikramjskeer]

Hi all,


I fully agree with Mark. No doubt being a CCIE is a bench mark, and not a
small one, and you can not expect anyone to know everything. Multi-skill
sets are required yes, but then speaking about or treating people in that
fashion is totally un-acceptable.


Just my 2 C.


Regards,


Vikram 

"Mark W. Odette II" wrote:



Man, talk about being just past adult-hood, but way short of being
classified as an adult- much less a professional.

Just a touch of advice: Never EVER Gloat about terminating people, much
less talk about it in a public forum... for all you know, those CCIE's
you allegedly fired could be on this list too... and I'm sure their
building the warm fuzzy about exacting some sort of revenge on your
smart-elecky little @$$..

You were just about to crawl into a hole "poor me" two weeks ago about
possibly being unemployed, but yet now you revel in the unemployment of
others because you're on a power trip! Puleeez. You and your manager
both need to get a Clue! 

Oh yeah, and what was the name of that consulting firm you said you now
work for again?? I just would like to know so that I can steer clear of
your company... 

Just so you know, you most probably have a "Kick me HARD" sticker stuck
on your back... watch those corners... and get your scooter fixed- it
has an obnoxiously squeaky wheel.


-Original Message-
From: adrian jones [mailto:[EMAIL PROTECTED]] 
Sent: Monday, December 09, 2002 3:17 PM
To: [EMAIL PROTECTED]
Subject: Re: Hello (long response) [7:58824]

Elping, 
Please do NOT make any statements regarding CheckPoint Firewall without 
knowing all the facts. I've been working with both Checkpoint and Pix
firewalls. I
even build a few "franken" pix firewalls so that I can learn as much as
I
can about
Cisco Pix firewalls. The "franken" pix firewall actually help me landed
my
current job
that pays 100k/year. Both CheckPoint and Pix firewalls have its
strength
and
weaknesses. I agree that Cisco TAC is much superior than CheckPoint
support.
The "no text configuration" that you refer to in CheckPoint, you must be
refered to
running CheckPoint on Winblows platforms. NEVER RUN FIREWALL ON A 
GENERAL PURPOSE OPERATING SYSTEM. If you worry about cost, check out 
CheckPoint SecurePlatform. If you are "unix" literate, does the term
"tcpdump"
mean anything to you? That's how you troubleshoot my friend. 
Now if you are talking about cost, Cisco Pix will beat CheckPoint by a
long
shot in
term of performance for your $. However, for a small/medium business,
Checkpoint
does come with a lot of features such as URL filtering (native), http
load
balancing,
etc which Pix doesn't have (without 3rd party products). For enterprise
environment,
CheckPoint does come with ClusterXL (aka, load-sharing or Active/Active
Firewall),
which again, Pix doesn't support. Last but not least, CheckPoint does
have 
a very nice Management piece called "provider-1" that Cisco Pix doesn't
have.
I do have to say that the price for CP products is totally "outrageous";
however, CP
is a good product. 
In terms of hardware product, you can run CheckPoint on Nokia Platforms
which is
very stable and proven product. New version of Nokia firewalls do come
with 
Flash instead of hard-drive so that the reliability is very high. Nokia
is
a big partner
with CP. You can get CP support if you purchase Nokia firewalls from
Nokia. Nokia
TAC is just as good as Cisco TAC. 
I've completed my first week at my new job as a Security Engineer and I
am
amazed
at the # of Cisco Certified folks at my company that are completely
incompetent and
downright clueless at what they can do. We are a consulting company and
being in
the consulting business, you are forced to know pretty much about
everything.
I have a couple of CCIEs in the office came to me and ask me how to
restart 
sendmail and postfix (we are a linux shop) in linux. Another CCIE asked
me
how to
use "nmap" in unix. The last one is down right funny, one CCIE asked
how to
start
Apache in Solaris. It just seems to me like R&S are all they know and
nothing else.
We also do R&S here but at these times, demands for those have not been
that 
great. Therefore, we have to branch into other things such as Security
(PIX,
CheckPoint, Wireless, IDS, etc...) 
I brought these issues to my boss attention last wednesday and on
thursay he 

ordered me to 'clean' house. The first thing I did was to send "pink"
slips
to all

4 CCIEs in the group and told them that they are fired because they
don't
know

anything other than R&S. They were making $130k/year and sucking almost
all
of

our budget. 

My advice to everyone out there is to keeping learning other things in
addition to

the R&S. The market for CCIEs is not as good as it used to be. You
better
know

other things especially Unix and Firewalls than just merely R&S. There
will
be lot

of good peopel competing for the same jobs and the only way you can show
the 

potential employers that you are better than the other guy is by showing
them that

Re: Re: VLSM Question [7:58569]

[The Long and Winding Road]

""B.J. Wilson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You sure about that, Chuck? ;-)


CL: well. yeah I understand the subnet zero argument. It's been too long
since I studied anything from a CCNA level.

CL: to be truthful, I have never bothered with the 2n-2 issue in real world
or in my CCIE studies. ip subnet-zero renders that irrelevant.

CL: If I don't pass my lab next time, I am facing a CCNP/DP recert, so I
guess I should keep that in mind ;->


>
> 2^n-2 = 8  ! a total of 8 subnets needed !
> 2^n = 10   ! add 2 to both sides !
> n = 4  ! 2^4-2 = 14 !
>
> 128 64 32 16 8 4 2 1
>  1   1  1  1 0 0 0 0
>
> = 240, or answer A in the original post.
>
> BJ
>
>
>
> ---Original Message---
> From: The Long and Winding Road
> Sent: 12/05/02 09:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: VLSM Question [7:58569]
>
> > you sure about that, Tom?
>
>
> 172.100..0
> 255.255.1110.0
> subnet bits = 1.0
> 172.100.0.0 through 172.100.31.0 for /24's
>
> these would be SUMMARIZED using the 224 mask in the third octet.
>
> if you only want eight /24's, then the answer is
>
> 172.100..0
> 255.255.1000.0
> subnet bits = 111 eight subnets of /24
> summarized as 172.100.0.0/21 ( 248 )
>
>
>
> --
> TANSTAAFL
> "there ain't no such thing as a free lunch"
>
>
>
>
> ""Tom Lisa""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > If the test prep you are using is for the CCNA exam then "C" is the
> > correct
> > "Cisco" answer (the use of Class B/Class C terminology makes me think
> > this is the case). This is because Cisco still insists, at the CCNA
> > level, on
> > computing subnets using the formula 2^n-2.  This assumes that subnet
> > zero and the all ones subnet are unusable.  Therefore you have to create
> > 16 subnets, resulting in 14 "usable" to get the required 8 subnets.
> >
> > In the "real" world, 255.255.224.0 is correct.
> > BTW, what is the VLSM question here?
> >
> > HTH,
> > Prof. Tom Lisa, CCAI
> > Community College of Southern Nevada
> > Cisco ATC/Regional Networking Academy
> > "Cunctando restituit rem"
> >
> > Richard Burdette wrote:
> >
> >   A prep test I am using has a question for which I disagree with the
> >   answer.
> >   Here is the question
> >
> >   If I had a Class B address, what subnet mask would I use if I wanted
> >   to
> >   split it into 8 class C addresses?
> >
> >   a.255.255.240.0
> >   b.255.255.255.0
> >   c.255.255.248.0
> >   d.255.255.254.0
> >
> >   The answer from the test is c.
> >
> >   I think the answer is not even listed; 255.255.224.0 because to add
> >   eight
> >   additional subnets we need 2^3=8 bits of subnet which equates to 224
> >   of
> >   mask.  Am I right or wrong?
> >
> >   Rich
> >
> >
> >
> >
> >   [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58626&t=58569
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: VLSM Question [7:58569]

[B.J. Wilson]

You sure about that, Chuck? ;-)

2^n-2 = 8  ! a total of 8 subnets needed !
2^n = 10   ! add 2 to both sides !
n = 4  ! 2^4-2 = 14 !

128 64 32 16 8 4 2 1
 1   1  1  1 0 0 0 0

= 240, or answer A in the original post.

BJ



---Original Message---
From: The Long and Winding Road 
Sent: 12/05/02 09:48 AM
To: [EMAIL PROTECTED]
Subject: Re: VLSM Question [7:58569]

> you sure about that, Tom?


172.100..0
255.255.1110.0
subnet bits = 1.0
172.100.0.0 through 172.100.31.0 for /24's

these would be SUMMARIZED using the 224 mask in the third octet.

if you only want eight /24's, then the answer is

172.100..0
255.255.1000.0
subnet bits = 111 eight subnets of /24
summarized as 172.100.0.0/21 ( 248 )



--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Tom Lisa""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If the test prep you are using is for the CCNA exam then "C" is the
> correct
> "Cisco" answer (the use of Class B/Class C terminology makes me think
> this is the case). This is because Cisco still insists, at the CCNA
> level, on
> computing subnets using the formula 2^n-2.  This assumes that subnet
> zero and the all ones subnet are unusable.  Therefore you have to create
> 16 subnets, resulting in 14 "usable" to get the required 8 subnets.
>
> In the "real" world, 255.255.224.0 is correct.
> BTW, what is the VLSM question here?
>
> HTH,
> Prof. Tom Lisa, CCAI
> Community College of Southern Nevada
> Cisco ATC/Regional Networking Academy
> "Cunctando restituit rem"
>
> Richard Burdette wrote:
>
>   A prep test I am using has a question for which I disagree with the
>   answer.
>   Here is the question
>
>   If I had a Class B address, what subnet mask would I use if I wanted
>   to
>   split it into 8 class C addresses?
>
>   a.255.255.240.0
>   b.255.255.255.0
>   c.255.255.248.0
>   d.255.255.254.0
>
>   The answer from the test is c.
>
>   I think the answer is not even listed; 255.255.224.0 because to add
>   eight
>   additional subnets we need 2^3=8 bits of subnet which equates to 224
>   of
>   mask.  Am I right or wrong?
>
>   Rich
>
>
>
>
>   [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58621&t=58569
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: access lists + static routing [7:58543]

[Charlie]

Thanks,

I understand now! Here it is:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuratio
n_guide_chapter09186a00800d9816.html


""B.J. Wilson""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Guys, a reminder: you cannot begin a post to the mail list with an URL.
> Type a line of text first, then paste the URL.  The filters are designed
to
> look for an URL at the top of the post, to filter out spam.
>
> BJ
>
>
> ---Original Message---
> From: Charlie
> Sent: 12/04/02 10:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: access lists + static routing [7:58543]
>
> > n_guide_chapter09186a00800d9816.html
>
> This would be helpfull. I found it by searching the key words
"configurring
> access lists".
>
>
> ""Geert Loonbeek""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello
> > I'm looking for a good and free of charge study guide on access lists/
> > static routing.  I'd like to take the 640-607 cisco CCNA exam.
> >
> > Is there anybody who has some info on these topics.
> >
> > Thanks
> >
> > Geert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58553&t=58543
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: access lists + static routing [7:58543]

[B.J. Wilson]

Guys, a reminder: you cannot begin a post to the mail list with an URL. 
Type a line of text first, then paste the URL.  The filters are designed to
look for an URL at the top of the post, to filter out spam.

BJ


---Original Message---
From: Charlie 
Sent: 12/04/02 10:24 AM
To: [EMAIL PROTECTED]
Subject: Re: access lists + static routing [7:58543]

> n_guide_chapter09186a00800d9816.html

This would be helpfull. I found it by searching the key words "configurring
access lists".


""Geert Loonbeek""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello
> I'm looking for a good and free of charge study guide on access lists/
> static routing.  I'd like to take the 640-607 cisco CCNA exam.
>
> Is there anybody who has some info on these topics.
>
> Thanks
>
> Geert




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58550&t=58543
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Peter van Oene]

I've noticed however that the lab itself isn't booked heavily (I could
be wrong)  If the pool isn't full, turn on the hose and fill it up. 
Training down your qualification requirements accomplishes that as far
as I see it.



On Tue, 2002-12-03 at 16:19, Bernard wrote:
> Priscilla,
> 
> "more doable" & "less scary" refers to the same exam (new format) at
> different passing scores.
> I did not mean to compare the new format and the old format.
> 
> The new CCIE written exam with 58% as the passing score is "more doable"
> & "less scary" than the same new CCIE written exam with 70% as the
> passing score.
> 
> Rgds,
> 
> Bernard
> 
> 
> 
> > > This exam is much more doable now. It is not as scary as it
> > > used to be
> > > at 70%.
> > 
> > Isn't your logic backwards if you say that the exam is more doable and
> > less
> > scary now?
> > 
> > To maintain the same ratio of passing people versus non-passing
> people,
> > they
> > reduced the passing score because the exam is harder to pass than it
> used
> > to
> > be.
> > 
> > At least that is what I would assume, or am I confused?
> > 
> > Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58488&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Bernard]

Priscilla,

"more doable" & "less scary" refers to the same exam (new format) at
different passing scores.
I did not mean to compare the new format and the old format.

The new CCIE written exam with 58% as the passing score is "more doable"
& "less scary" than the same new CCIE written exam with 70% as the
passing score.

Rgds,

Bernard



> > This exam is much more doable now. It is not as scary as it
> > used to be
> > at 70%.
> 
> Isn't your logic backwards if you say that the exam is more doable and
> less
> scary now?
> 
> To maintain the same ratio of passing people versus non-passing
people,
> they
> reduced the passing score because the exam is harder to pass than it
used
> to
> be.
> 
> At least that is what I would assume, or am I confused?
> 
> Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58486&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Mirza, Timur]

i can attest to that...i passed w/o a prob 3 yrs ago & failed on the new
written...its a night & day difference...when they lower the pass mark from
70% to 58%, it should make you think!

-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 03, 2002 11:25 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: CCIE written [7:58400]


B.J. Wilson wrote:
> 
> I would think that this would be a bad thing, for two reasons:
> one, the number of people who put "CCIE Written" on their
> resumes will increase, and the availability of lab dates will
> decrease.

I don't think the lower passing score means more people pass. The test is
harder than it used to be.

> 
> US$0.02,
> 
> BJ
> 
> 
> ---Original Message---
> From: Bernard 
> Sent: 12/03/02 11:29 AM
> To: [EMAIL PROTECTED]
> Subject: RE: CCIE written [7:58400]
> 
> > Cisco is using a sliding scale based on overall failure rate
> of the
> exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
> required % to pass will change over time, again based on
> failure rate.
> This exam is much more doable now. It is not as scary as it
> used to be
> at 70%.

Isn't your logic backwards if you say that the exam is more doable and less
scary now?

To maintain the same ratio of passing people versus non-passing people, they
reduced the passing score because the exam is harder to pass than it used to
be.

At least that is what I would assume, or am I confused?

Priscilla

> 
> Bernard 
> 
>  
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, December 03, 2002 3:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CCIE written [7:58400]
> > 
> > From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58484&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: CCIE written [7:58400]

[Priscilla Oppenheimer]

B.J. Wilson wrote:
> 
> I would think that this would be a bad thing, for two reasons:
> one, the number of people who put "CCIE Written" on their
> resumes will increase, and the availability of lab dates will
> decrease.

I don't think the lower passing score means more people pass. The test is
harder than it used to be.

> 
> US$0.02,
> 
> BJ
> 
> 
> ---Original Message---
> From: Bernard 
> Sent: 12/03/02 11:29 AM
> To: [EMAIL PROTECTED]
> Subject: RE: CCIE written [7:58400]
> 
> > Cisco is using a sliding scale based on overall failure rate
> of the
> exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
> required % to pass will change over time, again based on
> failure rate.
> This exam is much more doable now. It is not as scary as it
> used to be
> at 70%.

Isn't your logic backwards if you say that the exam is more doable and less
scary now?

To maintain the same ratio of passing people versus non-passing people, they
reduced the passing score because the exam is harder to pass than it used to
be.

At least that is what I would assume, or am I confused?

Priscilla

> 
> Bernard 
> 
>  
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, December 03, 2002 3:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: CCIE written [7:58400]
> > 
> > From my experience the passing score were 70%
> 
> 




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58478&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: CCIE written [7:58400]

[Creighton Bill-BCREIGH1]

They better not be putting CCIE written, see point 2 below... I posted this
in a thread on the jobs@groupstudy list - straight from the source:

Discussion Thread 
 Response (Marisol) 11/21/2002 08:50 AM 
Dear Bill:

Thank you for your patience.

1) When using the logos for business cards or signatures, it is preferred
that you use the highest certification as those familiar with Cisco
certifications will know the order of certifications.

2) Signature lines, cover letters, or resumes can not reference that an
individual is a CCIE candidate. Only CCIE certified individuals should
reference their certification as they have already completed it.

3) Trademark violations are escalated to our legal team and are strictly
enforced. In addition to the loss of Cisco certifications, legal actions can
also be taken when this happens.

If you have any further questions, click on the hyperlink below to update,
review or generate a support request.

Be sure to bookmark the www.cisco.com/go/certsupport site for all of your
future Cisco Training and Career Certification inquires. 

-Original Message-
From: B.J. Wilson [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, December 03, 2002 10:40 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: CCIE written [7:58400]


I would think that this would be a bad thing, for two reasons: one, the
number of people who put "CCIE Written" on their resumes will increase, and
the availability of lab dates will decrease.

US$0.02,

BJ


---Original Message---
From: Bernard 
Sent: 12/03/02 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE written [7:58400]

> Cisco is using a sliding scale based on overall failure rate of the
exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The required %
to pass will change over time, again based on failure rate. 
This exam is much more doable now. It is not as scary as it used to be at
70%.

Bernard 

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 3:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE written [7:58400]
> 
> From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58459&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: CCIE written [7:58400]

[B.J. Wilson]

I would think that this would be a bad thing, for two reasons: one, the
number of people who put "CCIE Written" on their resumes will increase, and
the availability of lab dates will decrease.

US$0.02,

BJ


---Original Message---
From: Bernard 
Sent: 12/03/02 11:29 AM
To: [EMAIL PROTECTED]
Subject: RE: CCIE written [7:58400]

> Cisco is using a sliding scale based on overall failure rate of the
exam.  As of 10/19, you needed a 58% to pass, not the 70% .  The
required % to pass will change over time, again based on failure rate. 
This exam is much more doable now. It is not as scary as it used to be
at 70%.

Bernard 

 

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 03, 2002 3:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: CCIE written [7:58400]
> 
> From my experience the passing score were 70%




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58451&t=58400
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Regarding Router rental business? [7:58422]

[B.J. Wilson]

> Guys, the spelling is getting terrible. Even painful to read. 

Agreed.  The three R's are *not* "readin', routin', and 'rithmetic." ;-)

BJ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58442&t=58422
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: Test for MCast...Any?? [7:58269]

[Mike Bernico]

BJ,

That's a great idea actually.  I've never tested it and I don't have a
PC to try it on right now, but I think it's very likely to compile on
Cygwin.  Like I said, I can't try it, but if you do please let me know.



On Mon, 2002-12-02 at 08:50, B.J. Wilson wrote:
> Mike -
> 
> By any chance have you tested running your program on a Windows PC using
> Cygwin?  I'm not a Linux person (yet...), and I figured this might be a
> passable way for PC-based users to use MINT.
> 
> BJ
> 
> 
> ---Original Message---
> From: Mike Bernico 
> Sent: 12/02/02 09:30 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Test for MCast...Any?? [7:58269]
> 
> > If you'd just like to send some test multicast traffic and see if your
> receiving it elsewhere, you can try my multicast testing program at
> http://mc-mint.sourceforge.net  It's free under the GPL.  I very much
> doubt it will run under windows though, you probably would want to use
> Linux with it.  In my lab I used  two old 300 MHz PCs to generate
> traffic with it and I've been able to fill some pretty big pipes.
> 
> Mike
> 
> 
> On Thu, 2002-11-28 at 21:18, Cisco Nuts wrote:
> > Hello,Is there a way to test/practise MCast configs. on the Internet?
> > I
> > have a cable-modem connected to a 2514 router and would like to
> > configure
> > MCast on it as well as my Lab routers behind that for PIM-SM. I have a
> > laptop connected as a client to one of the routers. How can I verify
> > that
> > MCast is working on the laptop? I mean, is there a freeware/shareware
> >  application that I can install on my laptop to test (since I cannot
> > obviously have IP/TV client on my laptop).Or is there any other way to
> > do
> > it in the Lab routers themselves.Any basic configs/examples provided
> > is
> > greatfully appreciated.Thank you for your help.Sincerely,CN
> > 
> > 
> > 
> > MSN 8 with e-mail virus protection service: 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58403&t=58269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Re: Test for MCast...Any?? [7:58269]

[B.J. Wilson]

Mike -

By any chance have you tested running your program on a Windows PC using
Cygwin?  I'm not a Linux person (yet...), and I figured this might be a
passable way for PC-based users to use MINT.

BJ


---Original Message---
From: Mike Bernico 
Sent: 12/02/02 09:30 AM
To: [EMAIL PROTECTED]
Subject: Re: Test for MCast...Any?? [7:58269]

> If you'd just like to send some test multicast traffic and see if your
receiving it elsewhere, you can try my multicast testing program at
http://mc-mint.sourceforge.net  It's free under the GPL.  I very much
doubt it will run under windows though, you probably would want to use
Linux with it.  In my lab I used  two old 300 MHz PCs to generate
traffic with it and I've been able to fill some pretty big pipes.

Mike


On Thu, 2002-11-28 at 21:18, Cisco Nuts wrote:
> Hello,Is there a way to test/practise MCast configs. on the Internet?
> I
> have a cable-modem connected to a 2514 router and would like to
> configure
> MCast on it as well as my Lab routers behind that for PIM-SM. I have a
> laptop connected as a client to one of the routers. How can I verify
> that
> MCast is working on the laptop? I mean, is there a freeware/shareware
>  application that I can install on my laptop to test (since I cannot
> obviously have IP/TV client on my laptop).Or is there any other way to
> do
> it in the Lab routers themselves.Any basic configs/examples provided
> is
> greatfully appreciated.Thank you for your help.Sincerely,CN
> 
> 
> 
> MSN 8 with e-mail virus protection service: 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58396&t=58269
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Re[2]: off topic: Win2K 802.1q support? [7:57979]

[Mark W. Odette II]

It has nothing to do with N.O.S; it has to do with what the MANUFACTURER
of the NIC produces for DRIVERS on a given platform!

... and as far as I know, if it is supported on *nix, it definitely is
supported on M$.  The CHIPSET of the NIC depicts what type of VLAN
support is provided- NOT THE O.S.!

The same is true for the ASICs in the Routers and Switches, which is why
some Routers and Switches only support ISL and others support both.

-Mark

-Original Message-
From: thinkworker [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, November 30, 2002 2:05 AM
To: Mark W. Odette II
Subject: Re[2]: off topic: Win2K 802.1q support? [7:57979]

In fact I can make VLAN with Intel Pro10/100 with my FreeBSD box. That
is why I am so corious M$ do not support it.

On Mon, 25 Nov 2002 20:03:41 GMT
"Mark W. Odette II"  wrote:

> .. Actually, the Intel Pro/100+ NIC with the 82559 Controller chip
> supports 802.1q VLAN-aware communications.
> 
> I believe the original poster was asking about what specific Intel
NICs
> support 802.1q VLAN management at the workstation.
> 
> In any case, check out the following link, and look for drivers from
> there.
> 
> http://www.intel.com/network/connectivity/products/pro100mgmt.htm
> 
> 
> -Mark
> BTW- Some Intel NICs appear to only support ISL encapsulation, while
> others look like they only support .1q encapsulation.  Be sure to look
> closely!
> 
> -Original Message-
> From: puro prasad [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, November 25, 2002 1:17 PM
> To: [EMAIL PROTECTED]
> Subject: RE: off topic: Win2K 802.1q support? [7:57979]
> 
> Hi,
> VLANs are NOT created on the PC. U need to create them on a switch. 
> if ur connecting the win2k box to an access port on the switch, no
> special
> lan card is required. What u have should work.
> 802.1q is a trunking protocol which will allow a trunk to carry more
> than
> one VLANs. Theres nothing like 802.1q VLAN.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58346&t=57979
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Block MSN Messenger COMPLETE [7:58304]

[mjans001]

Sorry my 11th finger seemed to hit send.

>From several lists, but not tested thouroughly
http://www.groupstudy.com/archives/cisco/200206/msg00480.html 

 
Block Kazaa
Kazaa connects to other peers running Kazaa, on port 1214. So, the best
way to block Kazaa downloads is to reject incoming and outgoing data
packets-both TCP and UDP packets-on this port.
Block Gnutella clients
The P2P apps, which use the Gnutella network connect to peers on ports
6346 and 6347.


AOL instant messenger can be blocked by filtering out the following I.P.
addresses:

But BLOCK internal DNS server AOL's DNS first BLOCK out  from /32 to
205.188.0.0/16 port = 53
aim.aol.com
login.oscar.aol.com 
64.12.161.153bucp1-vip-m.blue.aol.com
64.12.161.185bucp2-vip-m.blue.aol.com
152.163.214.75  bucp-r01.blue.aol.com
152.163.214.76  bucp-r02.blue.aol.com
152.163.214.108bucp-r03.blue.aol.com
152.163.242.24
152.163.241.120
152.163.241.128
152.163.241.96
205.188.1.56
205.188.3.160
205.188.3.176
205.188.4.106
205.188.5.204
205.188.5.208
205.188.7.164
205.188.7.168
205.188.7.172
205.188.7.176
205.188.147.114
205.188.147.113
205.188.147.114
205.188.148.180
205.188.148.181


AOL Instant Messenger - Ok, I have been able to block this one with
pretty solid results. I had to pretty much block 1 class C's worth of
addresses in the 64 region of AOL's address range, but have not heard
any complaints thus far. The program is pretty damn smart about getting
around rules in your firewall. It will try and use FTP, TELNET, HTTP,
FINGER, NETBIOS over IP, APPLETALK over IP, 1080 (SOCKS), 1024, Lotus
Notes (TCP 1352) and a few others. I pretty much locked the subnet down
but AIM was somehow getting through. I finally figured out that my
CheckPoint firewall was allowing DNS traffic outbound in my rule base
above rule 1. I had to go to the Properties section and disable the
implicit access to DNS (TCP/UDP 53). Once I did that, it killed AIM
altogether. 



DNS name of login.oscar.aol.com which is used to login to aol instant
messenger.

block yahoo messenger
msg.sc5.yahoo.com
msg.yahoo.com

msg.edit.yahoo.com
messenger.yahoo.com
http.pager.yahoo.com
cs.yahoo.com
Default Port: 5050
216.136.175.145
216.136.224.213
216.136.224.214
216.136.225.11
216.136.225.12
216.136.225.35
216.136.225.36
216.136.225.83
216.136.225.84
216.136.226.117
216.136.226.118
216.136.131.93
216.136.175.142
216.136.175.143
216.136.175.144

access-list 101 deny ip 10.1.4.0 0.0.0.255  216.136.0.0 0.0.255.255 
access-list 101 deny ip 10.1.4.0 0.0.0.255  66.163.0.0 0.0.255.255
access-list 101 deny ip 10.1.4.0 0.0.0.255 64.58.0.0 0.0.255.255

Test first.


MSN
gateway.messenger.hotmail.com
Messenger uses port 1863, but if you block it then it can automatically
switch to port 80. 
1. Add the following registry key into client machines either through
login script or similar: 
HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client\PreventRun=1 
This will prevent Messenger from running, whether or not it is
installed. Because this key isn't modified during a Messenger
install/re-install/upgrade, and isn't removed if the software is
uninstalled, this should work for you. 

Nov. 9, and there were multiple login servers, where in the past there
was only one.  By Nov. 29, it appeared that there were login servers at
addresses 
64.4.13.17 64.4.13.170 through 64.4.13.190.  
Microsoft may be adding even more in the future.  I was still able to
block MSN Messenger with just default filter exceptions and the Access
Rule listed above, but should a new version of MSN Messenger come out
that is able to slip by the proxy rules, try redirecting an entire
subnet.  Redirecting subnet 64.4.13.160 (255.255.255.224) will prevent
traffic from reaching all addresses from 64.4.13.161 through
64.4.13.191.  (Changing that subnet to 64.4.13.128 and the subnet mask
to 255.255.255.128 would expand the blocking to 64.4.13.129 through
64.4.13.255). 

Block ICQ/AIM traffic
block out from any to any port = 5190
block in  from any to any port = 5190
web.icq.com
ads.icq.com
login.icq.com
cb.icq.com
icq.mirabilis.com
http.proxy.icq.com 
 
 
 
 
Work in progress. (from several posts)
 
Martijn Jansen 





-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] [ 
mailto:[EMAIL PROTECTED]] Namens Mears, Rob
Verzonden: dinsdag 19 november 2002 18:28
Aan: [EMAIL PROTECTED]
Onderwerp: RE: RE: Block MSN Messenger [7:57595]


Yes and I have done it all via the PIX
Where you run into problems is when they use port 80.

Rob

Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+
LAN Engineer and Technical Mercenary
Valor Telecom
469.420.2656


-Original Message-
From: vikramjskeer [ 
mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 19, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: Block MSN Messenger [7:57595]

Hi All,


Very rightly said that these messengers use so many servers and so many
ports that it's kind of impossible to

RE: RE: Block MSN Messenger [7:57595]

[mjans001]

AOL instant messenger can be blocked by filtering out the following I.P.
addresses: 
205.188.3.160. 205.188.3.176, 
205.188.5.204, 
205.188.5.208, 
205.188.7.164, 
205.188.7.168, 
205.188.7.172 
205.188.7.176, and 

 DNS name of login.oscar.aol.com which is used to login to aol instant
messenger.

block yahoo messenger 
msg.sc5.yahoo.com 
msg.yahoo.com

MSN
gateway.messenger.hotmail.com

This should resolve most of your messenger blocking issues. If you need
anything else, let me know.
 
 

-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Mears,
Rob
Verzonden: dinsdag 19 november 2002 18:28
Aan: [EMAIL PROTECTED]
Onderwerp: RE: RE: Block MSN Messenger [7:57595]


Yes and I have done it all via the PIX
Where you run into problems is when they use port 80.

Rob

Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+
LAN Engineer and Technical Mercenary
Valor Telecom
469.420.2656


-Original Message-
From: vikramjskeer [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 19, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: Block MSN Messenger [7:57595]

Hi All,


Very rightly said that these messengers use so many servers and so many
ports that it's kind of impossible to block them all. But you can very
easily do it, right on the OS level. I know about the Win2K that you can
set up some system policies with which you can directly block these exes
themselves.


Hope it helps:


Regards,


Vikram

"Lidiya White" wrote:



Try to block the login servers: http://acronymsonline.com/im_ips.htm

-- Lidiya White



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Josh Green
Sent: Monday, November 18, 2002 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: Block MSN Messenger [7:57595]


It is possible, however Messenger uses so many different ports on so
many different servers that it's not worth your time.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 8:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Block MSN Messenger [7:57595]

no. don't waste your time.


""Ahed Naimi"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All;
>
> Is there any way to block MSN Messenger by using the access-list
statements > on an IOS Cisco router. > > Thanks All. Get Your
Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy
Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in Change the way you talk. Indiatimes presents
"Valufon", Your PC to Phone service with clear voice at rates far less
than the normal ISD rates. Go to http://www.valufon.indiatimes.com.
Choose your plan. BUY NOW.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58302&t=57595
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: CCIP MCast and Qos Exam......How tough?? [7:58161]

[Greg Owens]

is there a good book out for this test
> 
> From: "Mike Bernico" 
> Date: 2002/11/27 Wed AM 10:17:28 EST
> To: [EMAIL PROTECTED]
> Subject: RE: CCIP MCast and Qos Exam..How tough?? [7:58161]
> 
> I've taken it.  I believed I passed it first try although I recall it was
> difficult because of it's huge scope.  It's not nearly as hard as the 
> Optical test, it's pretty much on par with the MPLS test.  I would say that
> it gets fairly detailed in both QoS and Multicast.  I would know more than
> just an overview.   I definitely recall it being very theory oriented.  If
> you follow the outline I'm sure you'll be fine.
> 
> Good Luck!
> 
> 
> 
> ---
> Mike Bernico [EMAIL PROTECTED]
> Illinois Century Network  http://www.illinois.net
> (217) 557-6555
> 
> 
> > -Original Message-
> > From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, November 26, 2002 8:38 PM
> > To: [EMAIL PROTECTED]
> > Subject: CCIP MCast and Qos Exam..How tough?? [7:58161]
> > 
> > 
> > Hello, Has anyone taken the CCIP Mcast and Qos exam? Need to know how
> > tough it is going to be. Do they drill you in the intricacies 
> > of PIM-SM,
> > DM, Diffserv using DSCP, NBar etc. Now,  I have been told my some that
> > since this exam is  like 2 exams combined into one, the exam questions
> > are going to be more general and just need a real good overview of all
> > the Qos and MCast topics. Is this any true? Please advise.Thank
> > you.Sincerely, CN
> > 
> > --
> > --
> > 
> > Protect your PC - Click here for McAfee.com VirusScan Online
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=58194&t=58161
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Cisco 3005 VPN concentrator issues. [7:57495]

[Greg Owens]

What is the limitation of a PIX with a VPN Accerator card?
> 
> From: "lounelson" 
> Date: 2002/11/21 Thu PM 08:59:22 EST
> To: [EMAIL PROTECTED]
> Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495]
> 
> I note you said 200 users
> The 3005 is limited to 100 simultaneous user
> 
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_models_compar
> ison.html
> 
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
> Umar Ahmed
> Sent: Friday, November 15, 2002 3:00 AM
> To: [EMAIL PROTECTED]
> Subject: Cisco 3005 VPN concentrator issues. [7:57495]
> 
> Hi all,
> 
> Ive got a customer who has a 3005 concentrator connected to our network.
> He
> has setup a vpn connection which he accesses from home over the public
> internet. The problem he and the other 200 users are having is that they
> are
> loosing connectivity to the box intermittently throughtout the day. When
> he
> has loss of service, I can ping the vpn box directly connected to my
> network, whats even more strange, is that I can ping other customer
> hosts on
> the same subnet . Any ideas ??
> 
> Regards,
> 
> Umar.
Greg Owens
202-398-2552




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=57888&t=57495
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Re: Fw: New CCIE Written Exam [7:57341]

[Creighton Bill-BCREIGH1]

Boson is a good resource, especially test #1 and moreso #3

-Original Message-
From: kavita geha [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, November 20, 2002 1:16 AM
To: [EMAIL PROTECTED]
Subject: RE: RE: Re: Fw: New CCIE Written Exam [7:57341]


I am planning to give CCIE R&S. Can anyone please send me some question bank
which can help me for the exam. Rgds Kavita




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=57778&t=57341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Re: Fw: New CCIE Written Exam [7:57341]

[Silju Pillai]

You can get practice questions from sites like boson, certificationzone etc.

regards


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=57763&t=57341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Re: Fw: New CCIE Written Exam [7:57341]

[kavita geha]

I am planning to give CCIE R&S. Can anyone please send me some question bank
which can help me for the exam.
Rgds
Kavita 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=57758&t=57341
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: RE: Block MSN Messenger [7:57595]

[Mears, Rob]

Yes and I have done it all via the PIX
Where you run into problems is when they use port 80.

Rob

Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+
LAN Engineer and Technical Mercenary
Valor Telecom
469.420.2656


-Original Message-
From: vikramjskeer [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, November 19, 2002 10:46 AM
To: [EMAIL PROTECTED]
Subject: Re: RE: Block MSN Messenger [7:57595]

Hi All,


Very rightly said that these messengers use so many servers and so many
ports that it's kind of impossible to block them all. But you can very
easily do it, right on the OS level. I know about the Win2K that you can
set
up some system policies with which you can directly block these exes
themselves.


Hope it helps:


Regards,


Vikram

"Lidiya White" wrote:



Try to block the login servers:
http://acronymsonline.com/im_ips.htm

-- Lidiya White



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Josh Green
Sent: Monday, November 18, 2002 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: Block MSN Messenger [7:57595]


It is possible, however Messenger uses so many different ports on so
many
different servers that it's not worth your time.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 8:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Block MSN Messenger [7:57595]

no. don't waste your time.


""Ahed Naimi"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All;
>
> Is there any way to block MSN Messenger by using the access-list
statements
> on an IOS Cisco router.
>
> Thanks All.
Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in
Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone
service with clear voice at rates far less than the normal ISD rates. Go
to
http://www.valufon.indiatimes.com. Choose your plan. BUY NOW.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=57717&t=57595
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: RE: Block MSN Messenger [7:57595]

[vikramjskeer]

Hi All,


Very rightly said that these messengers use so many servers and so many
ports that it's kind of impossible to block them all. But you can very
easily do it, right on the OS level. I know about the Win2K that you can set
up some system policies with which you can directly block these exes
themselves.


Hope it helps:


Regards,


Vikram

"Lidiya White" wrote:



Try to block the login servers:
http://acronymsonline.com/im_ips.htm

-- Lidiya White



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Josh Green
Sent: Monday, November 18, 2002 10:16 AM
To: [EMAIL PROTECTED]
Subject: RE: Block MSN Messenger [7:57595]


It is possible, however Messenger uses so many different ports on so many
different servers that it's not worth your time.

-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 18, 2002 8:36 AM
To: [EMAIL PROTECTED]
Subject: Re: Block MSN Messenger [7:57595]

no. don't waste your time.


""Ahed Naimi"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Dear All;
>
> Is there any way to block MSN Messenger by using the access-list
statements
> on an IOS Cisco router.
>
> Thanks All.
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in
Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone
service with clear voice at rates far less than the normal ISD rates. Go to
http://www.valufon.indiatimes.com. Choose your plan. BUY NOW.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=57714&t=57595
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]