RE: RE: Slow Browsing via 500 Pix firewall [7:74583]
this may be silly but did you do a "sho debug" to see if any debugs were running? I had accidentally left a debug crypto ipsec running after trouble shooting a vpn. that drastically slowed down everything. -Original Message- From: Mark To: [EMAIL PROTECTED] Sent: 9/3/2003 8:46 PM Subject: Re: RE: Slow Browsing via 500 Pix firewall [7:74583] Is the problem related to a slow initial connection to a Web Server? If so then it could be an IDENT protocol problem (TCP port 113 connection coming back to you from the server). Try putting "service resetoutside" on the PIX and see if the problem still persists. Mark CCIE R&S, Security Lab Technician GigaVelocity.com - Original Message - >From: "Jurkouich, Brett, CNTR, DCAA" >Reply-To: "Jurkouich, Brett, CNTR, DCAA" >To: [EMAIL PROTECTED] >Subject: RE: Slow Browsing via 500 Pix firewall [7:74583] >Date: Tue, 2 Sep 2003 18:20:06 GMT > >Try turning off the port 80 inspecting with the "no fixup protocol http >80" command > >-Original Message- >From: Faisal [mailto:[EMAIL PROTECTED] >Sent: Monday, September 01, 2003 1:38 AM >To: [EMAIL PROTECTED] >Subject: Slow Browsing via 500 Pix firewall [7:74583] > > >Hi All, >I am having problem of slow or interminnent browsing through pix >firewall. If I bypass the traffic speeds are fine. But if all that >traffic is going via firewall then it becomes extremely slow. Please >anybody can help me how to sort this out. > >Regards >Faisal >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74784&t=74583 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: Re: Ip snooping in cisco routers [7:74708]
thanks for all for your inputs ramesh "dre" wrote: ""Reimer, Fred"" wrote in message ... > E gads! All hacks because even at this time Cisco can't manage to write the > little code necessary to create a buffer in memory where packets can be > stored, and then transferred via TFTP. With today's routers that have more > than enough processing power and memory, there's just no excuse, IMO. I, personally, prefer ERSPAN to most other methods. Being able to have an encapsulated stream of capture data available from any available IP routed path (could be the whole Internet), and able to export to your personal workstation, e.g., running tcpdump or Ethereal, is definitely the proper way to be sniffing. OTOH, Junipers should be able to do what you are talking about in some (but not all) cases. Depends on how much traffic you are talking about. The RSPAN+VACL method described on CCO is just as valid as anything else, but requires Cisco Catalyst switches with some type of Layer-3 functionality (e.g. Cat3550, some Cat6k, some Cat4k, others). In the case of a 6500 it requires a PFC card, of which all Sup2 and Sup720 modules include. Sup1/Sup1a needs PFC to do RSPAN. -dre **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets on Air Sahara Flights at Prices Lower Than Before. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74775&t=74708 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: Slow Browsing via 500 Pix firewall [7:74583]
Is the problem related to a slow initial connection to a Web Server? If so then it could be an IDENT protocol problem (TCP port 113 connection coming back to you from the server). Try putting "service resetoutside" on the PIX and see if the problem still persists. Mark CCIE R&S, Security Lab Technician GigaVelocity.com - Original Message - >From: "Jurkouich, Brett, CNTR, DCAA" >Reply-To: "Jurkouich, Brett, CNTR, DCAA" >To: [EMAIL PROTECTED] >Subject: RE: Slow Browsing via 500 Pix firewall [7:74583] >Date: Tue, 2 Sep 2003 18:20:06 GMT > >Try turning off the port 80 inspecting with the "no fixup protocol http >80" command > >-Original Message- >From: Faisal [mailto:[EMAIL PROTECTED] >Sent: Monday, September 01, 2003 1:38 AM >To: [EMAIL PROTECTED] >Subject: Slow Browsing via 500 Pix firewall [7:74583] > > >Hi All, >I am having problem of slow or interminnent browsing through pix >firewall. If I bypass the traffic speeds are fine. But if all that >traffic is going via firewall then it becomes extremely slow. Please >anybody can help me how to sort this out. > >Regards >Faisal >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74763&t=74583 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX Firewal Software Version [7:73894]
In 6.2(2) version of software you might think of turning off the ILS and SIP fixups. These are known for reloading the PIX for no reason. There are bugs listed on Cisco's website about it. Mark CCIE R&S, Security Lab Technician GigaVelocity.com - Original Message - >From: "Deepali S" >Reply-To: "Deepali S" >To: [EMAIL PROTECTED] >Subject: RE: PIX Firewal Software Version [7:73894] >Date: Tue, 2 Sep 2003 07:27:31 GMT > >Hi , > > I would suggest you to use PIX 6.2 software rather than 6.3.1 , since >this >has a lot of BUGs , you can download the latest PIX software version 6.3.2 > > Let me know if you have any queries. >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74744&t=73894 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX Firewal Software Version [7:73894]
Pix 6.3(3) was just released. You might want to try that one. I was told that Cisco fixed a bunch of things in this new release. (It also looks like 6.2(3) was also released) thanks, -Brad Ellis CCIE#5796 (R&S / Security) Network Learning Inc [EMAIL PROTECTED] www.ccbootcamp.com (cisco training) ""Mark"" wrote in message news:[EMAIL PROTECTED] > In 6.2(2) version of software you might think of turning off the ILS and SIP > fixups. These are known for reloading the PIX for no reason. There are bugs > listed on Cisco's website about it. > > Mark > CCIE R&S, Security > Lab Technician > GigaVelocity.com > > - Original Message - > >From: "Deepali S" > >Reply-To: "Deepali S" > >To: [EMAIL PROTECTED] > >Subject: RE: PIX Firewal Software Version [7:73894] > >Date: Tue, 2 Sep 2003 07:27:31 GMT > > > >Hi , > > > > I would suggest you to use PIX 6.2 software rather than 6.3.1 , since > >this > >has a lot of BUGs , you can download the latest PIX software version 6.3.2 > > > > Let me know if you have any queries. > >**Please support GroupStudy by purchasing from the GroupStudy Store: > >http://shop.groupstudy.com > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74721&t=73894 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX Firewal Software Version [7:73894]
In 6.2(2) version of software you might think of turning off the ILS and SIP fixups. These are known for reloading the PIX for no reason. There are bugs listed on Cisco's website about it. Mark CCIE R&S, Security Lab Technician GigaVelocity.com - Original Message - >From: "Deepali S" >Reply-To: "Deepali S" >To: [EMAIL PROTECTED] >Subject: RE: PIX Firewal Software Version [7:73894] >Date: Tue, 2 Sep 2003 07:27:31 GMT > >Hi , > > I would suggest you to use PIX 6.2 software rather than 6.3.1 , since >this >has a lot of BUGs , you can download the latest PIX software version 6.3.2 > > Let me know if you have any queries. >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74693&t=73894 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: Slow Browsing via 500 Pix firewall [7:74583]
Is the problem related to a slow initial connection to a Web Server? If so then it could be an IDENT protocol problem (TCP port 113 connection coming back to you from the server). Try putting "service resetoutside" on the PIX and see if the problem still persists. Mark CCIE R&S, Security Lab Technician GigaVelocity.com - Original Message - >From: "Jurkouich, Brett, CNTR, DCAA" >Reply-To: "Jurkouich, Brett, CNTR, DCAA" >To: [EMAIL PROTECTED] >Subject: RE: Slow Browsing via 500 Pix firewall [7:74583] >Date: Tue, 2 Sep 2003 18:20:06 GMT > >Try turning off the port 80 inspecting with the "no fixup protocol http >80" command > >-Original Message- >From: Faisal [mailto:[EMAIL PROTECTED] >Sent: Monday, September 01, 2003 1:38 AM >To: [EMAIL PROTECTED] >Subject: Slow Browsing via 500 Pix firewall [7:74583] > > >Hi All, >I am having problem of slow or interminnent browsing through pix >firewall. If I bypass the traffic speeds are fine. But if all that >traffic is going via firewall then it becomes extremely slow. Please >anybody can help me how to sort this out. > >Regards >Faisal >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >**Please support GroupStudy by purchasing from the GroupStudy Store: >http://shop.groupstudy.com >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74694&t=74583 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Re: Your application [7:74449]
Dear [EMAIL PROTECTED] The email that you sent to [EMAIL PROTECTED] did not reach the intended receipient due to existance of virus. Kindly have your computer check for virus. Best Regards, Mail Administrator Datacraft Asia Ltd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74449&t=74449 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Re: Thank you! [7:74488]
Dear [EMAIL PROTECTED] The email that you sent to [EMAIL PROTECTED] did not reach the intended receipient due to existance of virus. Kindly have your computer check for virus. Best Regards, Mail Administrator Datacraft Asia Ltd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74488&t=74488 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Re: Thank you! [7:74408]
Email Delivery Failure Your message failed to pass Hitachi Data Systems anti-virus scanning system. If you believe this message was received in error please consult your HItachi Data Systems contact or the intended email recipient for further assistance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74408&t=74408 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: Re: Re: My details [7:74400]
Dear [EMAIL PROTECTED] The email that you sent to [EMAIL PROTECTED] did not reach the intended receipient due to existance of virus. Kindly have your computer check for virus. Best Regards, Mail Administrator Datacraft Asia Ltd Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74400&t=74400 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
virus found in sent message "Re: Re: My details" [7:74196]
A virus was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The virus was reported to be: Worm.Sobig.F Please update your virus scanner or contact your IT support personnel as soon as possible as you have a virus on your system. Your message was sent with the following envelope: MAIL FROM: [EMAIL PROTECTED] RCPT TO: [EMAIL PROTECTED] .. and with the following headers: --- MAILFROM: [EMAIL PROTECTED] Received: from unknown (HELO PSHERRY) (68.193.198.44) by 0 with SMTP; 19 Aug 2003 18:34:34 - From: To: Subject: Re: Re: My details Date: Tue, 19 Aug 2003 14:32:49 --0400 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="_NextPart_000_00099118" --- Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74196&t=74196 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX translation problem [7:72567]
4000 even though their 65000 ports available > > From: "Lynne Padgett" > Date: 2003/08/08 Fri AM 11:11:01 EDT> To: [EMAIL PROTECTED] > Subject: RE: PIX translation problem [7:72567] > > Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name="replyAll"] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73743&t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: PIX translation problem [7:72567]
changing the timeout value worked, so the problem is fixed Thanks all > > From: "Reimer, Fred" > Date: 2003/08/08 Fri AM 11:26:37 EDT > To: [EMAIL PROTECTED] > Subject: RE: PIX translation problem [7:72567] > > Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name="replyAll"] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73744&t=72567 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RE: NOBODY emails [7:72997]
ios bug has hit the mailing lists too... - Original Message - From: "Antero Vasconcelos" Date: Friday, July 25, 2003 4:21 pm Subject: RE: NOBODY emails [7:72997] > I4m just beeing tired of that person. > > antero > > -Original Message- > From: Taufik Kurniawan [mailto:[EMAIL PROTECTED] > Sent: sexta-feira, 25 de Julho de 2003 07:15 > To: [EMAIL PROTECTED] > Subject: Re: NOBODY emails [7:72997] > > > I got .. about 10 emails > > > At 03:56 25/07/2003 +, Puckette, Larry (TIFPC) wrote: > >Is anybody else receiving multiple emails from > [EMAIL PROTECTED] that > >are empty?? > > > >Larry Puckette > >Network Analyst > >Temple Inland > >[EMAIL PROTECTED] > >512-434-1838 > >Where there is no idol but money and power, there is no hope for > integrity.> > > -Original Message- > >From: Maximus [mailto:[EMAIL PROTECTED] > >Sent: Thursday, July 24, 2003 9:02 PM > >To: [EMAIL PROTECTED] > >Subject:RE: Vty access class [7:72990] > > > >I believe the standard ACL should be enough since your already > specifying>transport input ssh on line vty 0 4. > > > >Just my $0.02 > > > >Jablonski, Michael wrote: > > > > > > I'm having a bit of trouble with extended access-lists for vty > > > access. > > > Basically I'd like to setup an extended access list that only > > > allows ssh > > > access from certain IPs, but after creating the list and > > > applying it to the > > > VTY I lose access. But if I use a standard acl only allowing > > > certain IPs it > > > works fine... > > > > > > ip access-list extended local_shell > > > permit tcp host 192.168.1.2 host 192.168.1.1 eq 22 > > > > > > vty 0 4 > > > access-class local_shell in > > > transport input ssh > > > > > > Is the standard enough & is the above over-kill? > > > > > > Thanx, > > > mkj > *** > Este email assim como os ficheiros que possa ter em anexo sao > confidenciaise para uso exclusivo da pessoa ou organizacao para o > qual foi enviado. Se > recebeu esta mensagem por engano por favor notifique a Compta > atraves do > endereco [EMAIL PROTECTED] > > Esta mensagem foi verificada pelo sistema MAILsweeper nao tendo sido > encontrados virus. http://www.mimesweeper.com > > MAILsweeper - Modulo da suite MIMEsweeper, solucao de filtragem de > conteudoscomercializada pela Compta SA. > > A Compta SA detem o mais alto nivel de especializacao MIMEsweeper, > tendosido reconhecida pela Clearswift como Premier Partner. > *** > This message is confidential and may contain privileged > information intended > solely for the named addressee(s). It may not be used or disclosed > exceptfor the purpose for which it has been sent. > > If you are not the intended recipient, you must not copy, > distribute or take > any action in reliance on it. If you have received this message in > error,please notify Compta by emailing [EMAIL PROTECTED] > quoting the sender and > delete the message and any attached documents. > > This footnote confirms that this email message has been swept by > MIMEsweeperfor Content Security threats, including computer viruses > *** > Nondisclosure violations to [EMAIL PROTECTED] - (on sprinter) The information contained in this email is confidential and is meant to be read only by the person to whom it is addressed.Please visit http://www.millenniumit.com/legal/email.htm to read the entire confidentiality clause. - Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=73021&t=72997 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[3]: OSPF max Router-LSA links [7:72024]
At 02:23 PM 7/16/2003 +, Reimer, Fred wrote: >This sounds like a simplistic question, but on a link between two routers >why would you have a mis-matched MTU? I can see having a MTU in a multi-hop >conversation (path MTU) being less than the MTU on the outgoing, or >incoming, interface, but on a direct link between two routers shouldn't the >MTU be the same? Different vendors might default to different values on the same interface type. In a mixed-media bridging environment the two interfaces that are supposed to exchange OSPF information might be of different types. > I can think of many more issues that OSPF having problems >if the MTU were mis-matched, like just general connectivity. Pretty much >every single file transfer would end up failing; you'd have intermittent >connectivity for everyone. Exactly. >Or, does an OSPF talk to routers that are beyond its directly connected >peers? Only over virtual links. Thanks, Zsombor > I always though that when it was said that OSPF routers flood LSAs >throughout the network that they just transmit those LSAs to their >neighbors, who transmit to their neighbors, etc, until all routers in the >area are updated. This as opposed to one OSPF router sending updates to >each and every OSPF router in the area, which necessarily may involve going >over links in which neither source or destination router was connected, and >may have an MTU less than either source or destination. Which one is it? > >Fred Reimer - CCNA > > >Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 >Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > >NOTICE; This email contains confidential or proprietary information which >may be legally privileged. It is intended only for the named recipient(s). >If an addressing or transmission error has misdirected the email, please >notify the author by replying to this message. If you are not the named >recipient, you are not authorized to use, disclose, distribute, copy, print >or rely on this email, and should immediately delete it from your computer. > > >-Original Message- >From: Karen E Young [mailto:[EMAIL PROTECTED] >Sent: Wednesday, July 16, 2003 7:34 AM >To: [EMAIL PROTECTED] >Subject: Re[3]: OSPF max Router-LSA links [7:72024] > >Sorry, accidentally sent the message before I finished my response and DNS >problems to boot... > > >If the Interface MTU field is larger than can be accepted without >fragmentation, then the packet is rejected. No acknowledgement is sent and >the behavior after that is dependent on the vendor. Usually it results in >neighbors getting stuck in Exchange or ExStart. In any case, the adjacency >will never form. Even if the MTU is smaller than the receiving interface the >exchange will fail. There's always one side that's larger and one that's >smaller, so one or the other of them will hang. > >This particular little hole is (unfortunately) due to a fault in OSPF itself >since no acknowledgement and situational handling was specified. > >As a CCIE friend of mine said, "However, a vendor could choose to implement >something that, after getting no response to DD packets, would decrease the >packet size, even sending a really tiny DD packet to continue negotiations >and receive DD from the other router, learning its MTU, then adjusting to >that. I *think* that would work." - I personally am not aware of any >vendors that implement anything like this but I could be wrong... > >Here's a good discussion of it: >http://www.riverstonenet.com/support/ospf/stuckexstart.htm#_Toc515894155 > >There's also a doc on Cisco about it: >http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a0080 >093f0d.shtml > > >Here's an interesting thought... what if the router with the larger MTU >checked the MTU size of its neighbor, and dynamically adjusted? No guessing >involved, just match the smaller MTU and deal with the mismatch? The MTUs >could remain mismatched, which might cause frame fragmentation, but the OSPF >multicast traffic would be sent with matching MTU sizes. Basically after >being hung in ExStart for x seconds, it would send its first DD packet using >the same size received by the adjacent router. > >Just a thought... > > >HTH, >Karen > >"A rose by any other name is Cisco specific terminology..." > >*** REPLY SEPARATOR *** > >On 7/15/2003 at 7:29 AM Zsombor Papp wrote: > > >At 09:48 AM 7/15/2003 +, Karen E Young wrote: > >>KY: According to the RFC (page 99) "If the Interface MTU field in the > >>Database Description packet indicates an IP datagram size that is larger > >>than the router can accept on the receiving interface without > >fragmentation, > >>the Database Description packet is rejected." > >> > >>With this in mind the only time fragmentation should occur is when a > >virtual > >>link is used since the MTU of a virtual link is set to "0". > > > >The "Interface MTU" field describes the MTU of the sending interface, not > >the size
RE: Re[3]: OSPF max Router-LSA links [7:72024]
This sounds like a simplistic question, but on a link between two routers why would you have a mis-matched MTU? I can see having a MTU in a multi-hop conversation (path MTU) being less than the MTU on the outgoing, or incoming, interface, but on a direct link between two routers shouldn't the MTU be the same? I can think of many more issues that OSPF having problems if the MTU were mis-matched, like just general connectivity. Pretty much every single file transfer would end up failing; you'd have intermittent connectivity for everyone. Or, does an OSPF talk to routers that are beyond its directly connected peers? I always though that when it was said that OSPF routers flood LSAs throughout the network that they just transmit those LSAs to their neighbors, who transmit to their neighbors, etc, until all routers in the area are updated. This as opposed to one OSPF router sending updates to each and every OSPF router in the area, which necessarily may involve going over links in which neither source or destination router was connected, and may have an MTU less than either source or destination. Which one is it? Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Karen E Young [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 16, 2003 7:34 AM To: [EMAIL PROTECTED] Subject: Re[3]: OSPF max Router-LSA links [7:72024] Sorry, accidentally sent the message before I finished my response and DNS problems to boot... If the Interface MTU field is larger than can be accepted without fragmentation, then the packet is rejected. No acknowledgement is sent and the behavior after that is dependent on the vendor. Usually it results in neighbors getting stuck in Exchange or ExStart. In any case, the adjacency will never form. Even if the MTU is smaller than the receiving interface the exchange will fail. There's always one side that's larger and one that's smaller, so one or the other of them will hang. This particular little hole is (unfortunately) due to a fault in OSPF itself since no acknowledgement and situational handling was specified. As a CCIE friend of mine said, "However, a vendor could choose to implement something that, after getting no response to DD packets, would decrease the packet size, even sending a really tiny DD packet to continue negotiations and receive DD from the other router, learning its MTU, then adjusting to that. I *think* that would work." - I personally am not aware of any vendors that implement anything like this but I could be wrong... Here's a good discussion of it: http://www.riverstonenet.com/support/ospf/stuckexstart.htm#_Toc515894155 There's also a doc on Cisco about it: http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a0080 093f0d.shtml Here's an interesting thought... what if the router with the larger MTU checked the MTU size of its neighbor, and dynamically adjusted? No guessing involved, just match the smaller MTU and deal with the mismatch? The MTUs could remain mismatched, which might cause frame fragmentation, but the OSPF multicast traffic would be sent with matching MTU sizes. Basically after being hung in ExStart for x seconds, it would send its first DD packet using the same size received by the adjacent router. Just a thought... HTH, Karen "A rose by any other name is Cisco specific terminology..." *** REPLY SEPARATOR *** On 7/15/2003 at 7:29 AM Zsombor Papp wrote: >At 09:48 AM 7/15/2003 +, Karen E Young wrote: >>KY: According to the RFC (page 99) "If the Interface MTU field in the >>Database Description packet indicates an IP datagram size that is larger >>than the router can accept on the receiving interface without >fragmentation, >>the Database Description packet is rejected." >> >>With this in mind the only time fragmentation should occur is when a >virtual >>link is used since the MTU of a virtual link is set to "0". > >The "Interface MTU" field describes the MTU of the sending interface, not >the size of the DD packet. Just because the MTU of the sending router is >smaller than or equal to that of the receiving router, it doesn't follow >that fragmentation can't occur. Fragmentation occurs because the data (ie. >the DD packet) to be sent is larger than the MTU of the *sending* router. > >Thanks, > >Zsombor Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72391&t=72024
Re: Re[2]: CCNP ReCert Questions [7:72071]
Sorry I meant MLS. Thanks Karen. - Original Message - From: "Karen E Young" To: "Simon Watson" Cc: Sent: Monday, July 14, 2003 4:45 PM Subject: Re[2]: CCNP ReCert Questions [7:72071] Simon, Careful there! Don't mistake MLS for MPLS. Two different animals entirely. MLS is Multi-Layer Switching and is strictly a LAN technology while MPLS (Multi-Protocol Label Switching) is predominantly used in the WAN. Here's some stuff on MPLS. http://www.convergedigest.com/Bandwidth/archive/010910TUTORIAL-rgallaher1.ht m http://www.mplsrc.com/ http://www.cisco.com/warp/public/732/Tech/mpls/mpls_presentations.shtml http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml Cisco Networkers 2001 Power session on MPLS: http://www.cisco.com/networkers/nw01/pres/pr/542/ Also, if you go to http://www.webtorials.com, you'll see a link for "MPLScon 2003 Conference Presentation Handouts". You'll need a Webtorials account but they're free. The links for creating an account or signing in are up at the top of the page. This is one of the best places to look since the information goes into a bit more depth than that on most sites. Hope this helps, Karen *** REPLY SEPARATOR *** On 7/12/2003 at 9:17 AM Simon Watson wrote: >Hi PriscillaI'm in the same position as John (Cert expires on the 21st). >But I'm going to give the re-cert a go I've printed out the the MPLS >supplement you suggested to look on, will this be sufficent for the MPLS >portion of the test.Also the Catalyst 5K was the principle switch in the >switching portion 3 years ago.What switch is the switching portion of the >test based on now ???. >From: "Priscilla Oppenheimer" >Reply-To: >"Priscilla Oppenheimer" >To: [EMAIL PROTECTED] >Subject: RE: CCNP >ReCert Questions [7:72071] >Date: Thu, 10 Jul 2003 19:22:00 GMT > >John >Cianfarani wrote: > > > > Well I decided I wouldn't push it in such a >short timeframe > > with the one > > exam. With work and whatever else >probably won't have enough > > time to > > study fully for it. So I will >write either all 4 again, or > > cit/bcran > > and then the new Composite >once it's out. > > >You shouldn't lose your CCNP, albeit temporarily >(hopefully). Think how hard >you worked to get it. How will you feel when >you can no longer say you have >it? I think you should try the recert >exam. > >I'm sorry if I scared you by saying it is hard. It is hard, but >study the >IS-IS supplement from Cisco Press and some material on >multilayer switching >and eat a lot of blueberries. At least give it a >try. > >Here's a link on multilayer switching: > >>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/sw itch_c/xcprt5/xcdmsov.htm >> >Do you know about the free PDF document that Cisco Press put out on >IS-IS >for BSCI candidates? When Cisco added IS-IS, Cisco Press didn't >have a book >out yet that covered it (from a BSCI viewpoint anyway), so >they put out a >PDF. Here's a link: > >>http://www.ciscopress.com/content/images/1578702283/downloads/BSCNSuppleme nt.pdf?session_id={D6502E20-0A8E-4868-8FE7-5A1A54F64857} >> >Good luck whichever way you go, but I definitely recommend not >lettting your >CCNP disappear, even temporarily. > >Priscilla > > > > > >Anyone know if the Composite will count towards things like > > CCIP? If >it > > doesn't I'd just take the 4 exam route. > > > > Thanks > > John > >> > > -Original Message- > > From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 09, 2003 7:22 PM >> > To: [EMAIL PROTECTED] > > Subject: Re: CCNP ReCert Questions >[7:72071] > > > > Amazing wrote: > > > > > > I just did the CCNP recet >test two weeks ago and passed with > > > not too much > > > studying -- >used boson test to see my weak areas and just > > > brushed up on > > > >those areas -- hint -- you can use the same study materials > > you > > > >used three > > > years ago -- nothing has changed. > > > > I wouldn't >recommend just using the same material as 3 years > > ago. There > > are >> > some new topics, like IS-IS for Routing and multilayer > > switching >for > > Switching. Support and Remote Access seemed to be pretty > > >similar, but > > those > > other two were pretty different from 3 years >ago, at least in > > my test. I > > found it to be a two-Tums-package >test for sure, depsite a good > > score in > > the > > end. > > > > > > > >> as to the answer to your questions, my experience has been > > that > > >> you should > > > go directly to cisco with these questions so you have >a > > > > I defintely agree there. Go to Cisco. Even if we give you an > >> answer, the > > Authoritative Bit will not be set. :-) That won't stop >me > > though from > > adding > > a few more comments below > > > > > >documented answer > > > when they change their mind later on ;-) > > > > >> > d > > > > > > > > > ""John Cianfarani"" wrote in message > > > >news:[EMAIL PROTECTED] > > > > I have to >recert my CCNP by the 21st of this month. (yeah I > > > kn
RE: Re[2]: Frame-relay & HSRP [7:72166]
Masaru, The main importance of the physical "main" interface configuration in frame-relay is to set your encapsulation and or/LMI-Type if you use ANSI or Q.933a, the default of CISCO is already set for you, and you do not need to manually configure it either unless you have disabled inverse-arp. The scenario I gave you resolves your issue with HSRP and the UP UP situation for standby tracking. You want to generate a UP Down situation so you have a true failover, which your current configuration cannot provide.. at least I am not aware of another way. The advantage to sub-interfaces which include scalability, dlci prioritization, and your little HSRP problem are just a few the the added values of doing it.. You will always need the Physical Interface configuration for Layer 2 capabilities, but the layer 3 can be done on a sub-interface level where you will also specify your local dlci information. In your setup you would want to use point-to-point links since your not in a Hub-and-Spoke or Full-Mesh design, where you need multipoint connections.If you use a subinterface.. and your link to R1 goes down, you will generate an UP DOWN on R3's subinterface where if you track that subinterface in HSRP, it will fail over to R4. Here is a URL that may help anything I missed.. the Cisco DOC CD is a valuable source of information on this kind of stuff.. You may also want to thoroughly read through Chapter 4 of Caslow/Pavlichenko's:Bridges, routers, and Switches for CCIE's. They explain the different uses of Frame-relay pretty well. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/wan_c/wcdfrely.htm#31757 All the Best! Sal Masaru Umetsu wrote: > > Thanks Salvatore. > > As a resolution, is it only to change the configuration from > main-interface to sub-interface p2p$B!)(B > If it is only sub-interface p2p, when and how should I use > main-interface frame-relay configuration ? Don't you usually > use main-interface > frame-relay configuration ? > Is there any solution by using current(main-interface) > configuration to > resolve my problem ? > If there's something good to see, please let me know the URL or > book. > > Thanks. > > On Sat, 12 Jul 2003 02:58:51 GMT > "Salvatore De Luca" wrote: > > nobody> When you have a FR connection, you have a dedicated > circuit to your provider > nobody> which then on taps into the frame cloud. So consider it > alomost like a > nobody> point-to-point link to your local Carrier and then from > there you connect > nobody> within the providers Frame Switch into their Frame > Relay cloud. Now, when > nobody> you shutdown R1's Wan interface your HSRP failed over > fine. The reason that > nobody> R3 was showing Up Up was that your circuit to your > carrier from R3 did not > nobody> go down and it stil exhanges LMI with R3's Physical > interface, your PVC > nobody> should have been showing INACTIVE at this point though. > I would recommend > nobody> using point-to-point subinterfaces on your FR WAN > connections. When you do > nobody> this and then shut down one end of the link the line > protocol on the > nobody> sub-interface of R3 would go "UP DOWN" and if you then > track the > nobody> SUB-Interface, you should have a successful failover > for the "Standby Track" > nobody> command on R3. Currently, you have outboud traffic > going out R2 --->R4 and > nobody> return traffic going to the Active HSRP router "R3" > then dropping packets > nobody> because your PVC is INACTIVE and you are in an UP UP > state.. > nobody> > nobody> You have successfully achieved Asymetrical routing.. :( > nobody> > nobody> Until your Interface Line protocol Drops in an "UP > DOWN" state on R3's WAN > nobody> interface.. then Standby Interface tracking wont do > anything.. > nobody> > nobody> > nobody> Masaru Umetsu wrote: > nobody> > > nobody> > Dear all > nobody> > > nobody> > I have a question about frame-relay. Network Diagram > is below. > nobody> > > nobody> > R1* * *R3 > nobody> > | * FR * | > nobody> > R2* * *R4 > nobody> > > nobody> > I configured a HSRP between R1 and R2, R3 and R4. > nobody> > R1,R3 are Active router.(R2,R4 are Standby router) > nobody> > And I configured standby track in a Wan side of R1,R3. > nobody> > > nobody> > When I disabled(shutdown the interface) the serial0/0 > of R1 , > nobody> > then R2 became Active router. It's ok. > nobody> > But R3 didn't detect a down of Wan side,so serial0/0 > of R3 is > nobody> > up-up. > nobody> > Therefore,I can't send a data between R2 and R4. > nobody> > Regarding Frame-relay configuration, I configured > frame-relay in > nobody> > main-interface. Is it a mechanism of Frame-relay in > nobody> > main-interface ? > nobody> > I don't know in detail. Should I use sub-interface & > nobody> > point-2-point > nobody> > definition in frame-relay to use HSRP standby track ? > Please > nobody> > explain me > nobody> > about this problem. > nobody> > > nobody> > > nobody> > no
Re: RE: Multimedia/Voice over VSAT [7:71706]
interactive voice over satellite is problematic due to the inherent latency of the signal travelling 40,000km distance to the satellite and another 40,000km back. this adds 125ms of latency in each direction (to/from the bird), give or take. if you remeber using satellite for long distance calls it took some getting used to (a bit like talking on a 2 way radio) and the perceived signal quality was less than using an under the pond cable. satellite for 1 way video is fine, carriers use it for backhaul on a regular basis, but interactive video suffers the same difficulties as interactive voice. so with the amount of latency already involved i would try to reduce any further quality impairments caused by voip or digital video processing. satellite offers a variety of quality impairments of its Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=71943&t=71706 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
Look, guys, the bottom line is this. The fact is, it is more desirable to have a lower-number ccie than it is to have a higher-number. I believe that this is so because the test was more rigorous in the past than it is today, but even if you don't believe this to be the case, you have to acknowledge that other people think so, and in particular, people who have hiring power think so. And since no man here is Bill Gates, we all have to work for a living, which means that we all have to get jobs, which means that we all have to impress those people who have hiring power. At the end of the day, those people have the jobs that we want, so we have to follow their rules even if we don't agree with them. I've heard a lot of objections in this thread to what I've been saying, and hey guys, it may surprise you, but I don't like what I'm saying any more than you guys do. I don't have a particularly low number. I've lost out on opportunities because my number was not "deemed" low enough by recruiters/HR/headhunters. And yes, just like a lot of people here, my first reaction was similar to you guys - I got pissed off at those recruiters/HR guys. But that was my first reaction. I then thought about it and I realized that it's not the recruiters fault that they're acting this way - they're doing it because the HR departments of the companies who they are scouting for told them to do it. And it's not really HR's fault either - I highly doubt that HR is spending all their time scheming to intentionally come up with unfair hiring practices just to screw guys like me over, like some kind of weird X-Files conspiracy (why would they want to waste their time trying to deliberately screw me and some of the other higher-number ccie's over when they've never even met us - what exactly does HR gain by doing this?). So why get ticked off at recruiters or at HR when they're only doing their jobs? I believe the real underlying root cause lies with Cisco itself for not properly maintaining the quality of the program. Again, I will pose a question I posed in my discussions with Mark Hayes in this thread - why are bootcamps thriving businesses? Because quite obviously they are selling what is in essence an improved chance to pass the test. In a nutshell, that's what you're really buying when you attend a bootcamp. If this was not the case, then why would people spend money to attend one? Now don't get me wrong - I'm not saying there's anything wrong with bootcamps per se (they're out to make money just like any other company) but it does mean that their existence makes the test easier and this effect must be counteracted by Cisco by making the exam even harder if you aim to maintain the same rigor of the program (another way to counteract the effect of bootcamps is to use relative scoring, but I digress). Otherwise you end up with the situation you have today - where guys are to a certain extent just buying their way to a cert. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70695&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: RE: RE: number of CCIE??? [7:70328]
much as I hate to help keep this particular thread alive --- below ""n rf"" wrote in message news:[EMAIL PROTECTED] > Craig Columbus wrote: > > > > passing from October 2002 to present. The most recent number > > I've seen is > > 11757. Which, averages about 170 people per month. > > Extrapolating to > > October, the number of people passing from Oct 2002 to Oct 2003 > > should turn > > out to be around 2044. My conclusion then, is that since the > > labs stay > > booked, and since the expected doubling of the people passing > > has not > > occurred, that the new lab is somewhat more difficult than the > > old > > lab. Therefore, the "difficulty barrier" was increased to > > partially, but > > not fully, counter the effects of lowering the "quantity > > barrier" (number > > of lab seats). Had the difficulty been raised enough to fully > > counter the > > quantity barrier, the number of those passing would have been > > held constant. > > Actually, I believe your numerical analysis is somewhat incomplete. > > At the same time that Cisco made the change from 2 days to 1, Cisco also > (quietly) eliminated weekend testing. Also, Cisco has lately banked some > test locations (i.e. Halifax). Finally, anecdotally I've been hearing that > the number of empty seats in any particular location seems to be higher than > it was in the past. For all these factors, I therefore don't think that > there has been a true doubling of seats. well, first of all, yes I saw a number of empty seats last two times through, but don't forget - there are a hell of a lot more racks as well. I believe San Jose doubled the number of available racks from 10 to 20 ( and don't rag on me if I am wrong about the specifics, please. I have to go from memory here. ) the only people who can provide true statistics are working for Cisco, and believe me, they ain't talking. then there is the bad economy factor. I haven't checked lately, but when I was looking a few months ago, it was no problem to find open slots less than 30 days out. if it is true that there are 150 people passing per month ( and I don't know because I haven't been keep stats lately ) then the conclusion is that test takers are just better prepared, for whatever reason. ( that reason could be multiple repetitions, or lots more study, or lots more cheating.) Come to think of it, this thread is long overdue for disappearance under it's own weight. goodnight, all Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70712&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
Craig Columbus wrote: > passing from October 2002 to present. The most recent number > I've seen is > 11757. Which, averages about 170 people per month. > Extrapolating to > October, the number of people passing from Oct 2002 to Oct 2003 > should turn > out to be around 2044. My conclusion then, is that since the > labs stay > booked, and since the expected doubling of the people passing > has not > occurred, that the new lab is somewhat more difficult than the > old > lab. Therefore, the "difficulty barrier" was increased to > partially, but > not fully, counter the effects of lowering the "quantity > barrier" (number > of lab seats). Had the difficulty been raised enough to fully > counter the > quantity barrier, the number of those passing would have been > held constant. Actually, I believe your numerical analysis is somewhat incomplete. At the same time that Cisco made the change from 2 days to 1, Cisco also (quietly) eliminated weekend testing. Also, Cisco has lately banked some test locations (i.e. Halifax). Finally, anecdotally I've been hearing that the number of empty seats in any particular location seems to be higher than it was in the past. For all these factors, I therefore don't think that there has been a true doubling of seats. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70696&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
Mark W. Odette II wrote: > > Robert, the way you described your hiring/screening process is > the way I > wished all Corporate America job providers did it. > > It's nice to know that at least one business out there doesn't > hide > behind an HR group that isn't prepared to perform the screening > process > properly and/or fairly. Ah, but let's not give him more credit than he's due. Read my reply to him. Essentially, while Robert's practices are commendable, he left out a very important piece of information - namely out of all the original candidates who submitted resumes, how exactly did he figure out who was to be granted an interview? Obviously he used some sort of a screening process - # years of experience, ccie status (or lack thereof), degree (or lack therefore), etc. But it's obvious that he used something because it is simply impossible to grant an interview to absolutely everybody who submits a resume. And whatever screening process he used to whittle the numbers down to something manageable is inherently imperfect.Perhaps Robert's screen is better than ones used by HR departments around the world, but let's not kid ourselves here - it wasn't perfect. No matter what screen you do, you run the risk of throwing what may turn out to be your best candidate. And that's really the bottom line. While we would all obviously prefer not to be treated like some number, the fact is, no company is really prepared to properly investigate every single candidate thorougly. Every candidate is going to make some sweeping generalizations that while they may not be totally fair, are done in the name of economic efficiency. Degree'd people tend to be more productive than non-degree'd people. That doesn't mean that every single non-degree'd person is worse than every single degree'd person, but the general rule holds enough times that companies can and will use it as a screen. Things like that. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70692&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: (no subject) [7:70562]
bgp backdoor has got a specific use ..suppose you have a network that you have learnt both from igp(ospf) & egp(ebgp), then your router prepers egbp route as it is having less metric .If you want to force your router to prefer igp router,you need to add router backdoor entry in bgp config of your router ramesh ccnp "grant grant123nj" wrote: Hi, Srivathsan As I know, Cisco network backdoor command in BGP is to generate a local BGP route, of which administrative distance is 200. The only difference between the network and the network backdoor command is that the later route is not advertised to EBGP peer. Regards, Grant Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70573&t=70562 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
Howard, I hate to have to say ;>) - Check the GroupStudy archives - about 12th - 13th Jan 2001. Best regards, Dom Stocqueler (another Monty Python fan) Zoo Keeper (Small Reptiles) - SysDom Technologies -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard C. Berkowitz Sent: 11 June 2003 23:09 To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] At 4:41 PM + 6/11/03, Kaminski, Shawn G wrote: >STOP IT! Both of you! :-) > >Shawn K. > >P.S. This thread has been highly entertaining! > What is the velocity of the sparrow, measured in CCIE units? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70553&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
LOL! OK. I will only accuse you of blatant bias, if that feels better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n rf Sent: Wednesday, June 11, 2003 12:50 PM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] Steve Wilson wrote: > > Thank you gents, > I have come to the conclusion that Jack and NRF is one and the > same person. > Anyone who has seen, or read, "Fight Club" will recognise the > symptoms. Any > minute now NRF will shoot himself through the mouth and end it > all. I think I really am going to go postal if people continue to accuse me of attempting to convey some hidden message using some underlying subterfuge, Morse code, esperanto, smoke-signals, interpretive dance, subliminal messages (buy CocaCola! Jennifer Lopez - come over to my place), invisible ink, Thieves' Cant, or any other form of communication besides plain English . Oh, what nrf said is this, but what he's actually secretly trying to say is something else entirely, and I know this because I have something that nobody else has - my own nrf-secret-decoder-ring. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70551&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
At 4:41 PM + 6/11/03, Kaminski, Shawn G wrote: >STOP IT! Both of you! :-) > >Shawn K. > >P.S. This thread has been highly entertaining! > What is the velocity of the sparrow, measured in CCIE units? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70544&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
Robert, the way you described your hiring/screening process is the way I wished all Corporate America job providers did it. It's nice to know that at least one business out there doesn't hide behind an HR group that isn't prepared to perform the screening process properly and/or fairly. -Mark -Original Message- From: Robertson, Douglas [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 1:58 PM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] This has been an entertaining thread, but the way I see it is this. Maybe the high/low CCIE would work with the headhunters and that is a different story, but we have interviewed/employed a number of IT guys over the past couple of months, CCIE's included and to be honest I do not look to the CCIE number for a reference of technical ability (I do look that it is a valid CCIE number). The candidates that we interview complete a test, written and lab, tiered in difficulty. We make an evaluation based on experience, team orientation, and test/lab results. There is no pressure to answer or complete the test/lab however that is how we determine the level/tier of the prospective candidate, not the CCIE number. That is just how we do it. My two cents Doug -Original Message- From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 12:42 PM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] STOP IT! Both of you! :-) Shawn K. P.S. This thread has been highly entertaining! -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] >Jack Nalbandian wrote: Boy, for a guy who says that he wants to close the thread, you really have a lot to say. > > 1. Attacking his motives and attacking his character are > mutually exclusive > endeavors. I attack his motive of defaming the certification > process itself > in a series of different topics. I have not criticized any > such commentary > that balances all facts, but NRF's overall commentary does no > such thing. Uh, how's that? At the end of the day you are refusing to deal with the issues at hand. Whether you choose to attack my motives or my character - whatever you want to call it - it's still out of bounds. You are either talking about the actual issues at hand, or you're not. Simple as that. Besides, character and motives are basically one and the same. Wouldn't somebody with bad character necessarily have bad motives? Is there really such a thing as a guy with bad character having good motives? Or vice versa? I don't think so. So really, when you say that you're questioning my motives but not my character, that's really a distinction without a difference. Look, the bottom line is this. I don't question your motives or your character. Don't do it to me. > > 2. There is the issue of devaluation of certifications due to > the "forces > majeur" that you mention, but the actual argument, it seems, > you have missed > as well. The entire focus seems to be on "certification > tracks" and how > "worthless they are," not due to the actual market forces at > play, but due > to the very (alleged) "inherent weakness" of the certification > process > itself. Therefore, your well-thought out and long-winded (not > meant as a > pejorative) is too far off the mark. Why do you keep insisting on telling me what my own focus is? Don't you think I would know the focus of my own posts? When have I said in this particular thread that all certifications were worthless? In fact, you could easily say quite the opposite - I have said several times that certain certifications, namely low-number CCIE's, are in fact quite valuable. So how does that jive with your accusation that I am somehow painting all certifications as worthless, when in fact I have singled out a certification subset as worthy? Oh, but I get it, you keep insisting that I am actually bashing all certs as a "stealth undercurrent thesis", despite the fact that I think everybody in this ng would agree that I don't exactly "do" stealth. If I want to say something, I'm going to say it. Here's an idea, Jack. Instead of debating me on what you believe the undercurrents of my words are saying, why not debate me on what I'm ACTUALLY saying? To do otherwise is really to engage in that character assassination and shooting-of-the-messenger that is simply uncouth. > 2b. The second repetitively implied undertext is that of the > (alleged) > "superiority" of college education, the original method of > degradation and > defamation of the certificiation process itself. I dismissed > th
RE: RE: RE: RE: number of CCIE??? [7:70328]
Steve Wilson wrote: > > Thank you gents, > I have come to the conclusion that Jack and NRF is one and the > same person. > Anyone who has seen, or read, "Fight Club" will recognise the > symptoms. Any > minute now NRF will shoot himself through the mouth and end it > all. I think I really am going to go postal if people continue to accuse me of attempting to convey some hidden message using some underlying subterfuge, Morse code, esperanto, smoke-signals, interpretive dance, subliminal messages (buy CocaCola! Jennifer Lopez - come over to my place), invisible ink, Thieves' Cant, or any other form of communication besides plain English . Oh, what nrf said is this, but what he's actually secretly trying to say is something else entirely, and I know this because I have something that nobody else has - my own nrf-secret-decoder-ring. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70534&t=70328 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
This has been an entertaining thread, but the way I see it is this. Maybe the high/low CCIE would work with the headhunters and that is a different story, but we have interviewed/employed a number of IT guys over the past couple of months, CCIE's included and to be honest I do not look to the CCIE number for a reference of technical ability (I do look that it is a valid CCIE number). The candidates that we interview complete a test, written and lab, tiered in difficulty. We make an evaluation based on experience, team orientation, and test/lab results. There is no pressure to answer or complete the test/lab however that is how we determine the level/tier of the prospective candidate, not the CCIE number. That is just how we do it. My two cents Doug -Original Message- From: Kaminski, Shawn G [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 12:42 PM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] STOP IT! Both of you! :-) Shawn K. P.S. This thread has been highly entertaining! -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] >Jack Nalbandian wrote: Boy, for a guy who says that he wants to close the thread, you really have a lot to say. > > 1. Attacking his motives and attacking his character are > mutually exclusive > endeavors. I attack his motive of defaming the certification > process itself > in a series of different topics. I have not criticized any > such commentary > that balances all facts, but NRF's overall commentary does no > such thing. Uh, how's that? At the end of the day you are refusing to deal with the issues at hand. Whether you choose to attack my motives or my character - whatever you want to call it - it's still out of bounds. You are either talking about the actual issues at hand, or you're not. Simple as that. Besides, character and motives are basically one and the same. Wouldn't somebody with bad character necessarily have bad motives? Is there really such a thing as a guy with bad character having good motives? Or vice versa? I don't think so. So really, when you say that you're questioning my motives but not my character, that's really a distinction without a difference. Look, the bottom line is this. I don't question your motives or your character. Don't do it to me. > > 2. There is the issue of devaluation of certifications due to > the "forces > majeur" that you mention, but the actual argument, it seems, > you have missed > as well. The entire focus seems to be on "certification > tracks" and how > "worthless they are," not due to the actual market forces at > play, but due > to the very (alleged) "inherent weakness" of the certification > process > itself. Therefore, your well-thought out and long-winded (not > meant as a > pejorative) is too far off the mark. Why do you keep insisting on telling me what my own focus is? Don't you think I would know the focus of my own posts? When have I said in this particular thread that all certifications were worthless? In fact, you could easily say quite the opposite - I have said several times that certain certifications, namely low-number CCIE's, are in fact quite valuable. So how does that jive with your accusation that I am somehow painting all certifications as worthless, when in fact I have singled out a certification subset as worthy? Oh, but I get it, you keep insisting that I am actually bashing all certs as a "stealth undercurrent thesis", despite the fact that I think everybody in this ng would agree that I don't exactly "do" stealth. If I want to say something, I'm going to say it. Here's an idea, Jack. Instead of debating me on what you believe the undercurrents of my words are saying, why not debate me on what I'm ACTUALLY saying? To do otherwise is really to engage in that character assassination and shooting-of-the-messenger that is simply uncouth. > 2b. The second repetitively implied undertext is that of the > (alleged) > "superiority" of college education, the original method of > degradation and > defamation of the certificiation process itself. I dismissed > this as a > comparison between apples and oranges with the intent to > devalue oranges by > judging their value in apple terms. If you have read my posts > at all, you > will know my position on this. I can repost the relevant > content if you > wish. > There you go again with the implied undertext. How the heck am I supposed to prove a negative? You can always accuse anybody of using subliminal messages and codewords, and what the heck am I supposed to do about it? Nobo
RE: RE: RE: RE: number of CCIE??? [7:70328]
STOP IT! Both of you! :-) Shawn K. P.S. This thread has been highly entertaining! -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:28 AM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] >Jack Nalbandian wrote: Boy, for a guy who says that he wants to close the thread, you really have a lot to say. > > 1. Attacking his motives and attacking his character are > mutually exclusive > endeavors. I attack his motive of defaming the certification > process itself > in a series of different topics. I have not criticized any > such commentary > that balances all facts, but NRF's overall commentary does no > such thing. Uh, how's that? At the end of the day you are refusing to deal with the issues at hand. Whether you choose to attack my motives or my character - whatever you want to call it - it's still out of bounds. You are either talking about the actual issues at hand, or you're not. Simple as that. Besides, character and motives are basically one and the same. Wouldn't somebody with bad character necessarily have bad motives? Is there really such a thing as a guy with bad character having good motives? Or vice versa? I don't think so. So really, when you say that you're questioning my motives but not my character, that's really a distinction without a difference. Look, the bottom line is this. I don't question your motives or your character. Don't do it to me. > > 2. There is the issue of devaluation of certifications due to > the "forces > majeur" that you mention, but the actual argument, it seems, > you have missed > as well. The entire focus seems to be on "certification > tracks" and how > "worthless they are," not due to the actual market forces at > play, but due > to the very (alleged) "inherent weakness" of the certification > process > itself. Therefore, your well-thought out and long-winded (not > meant as a > pejorative) is too far off the mark. Why do you keep insisting on telling me what my own focus is? Don't you think I would know the focus of my own posts? When have I said in this particular thread that all certifications were worthless? In fact, you could easily say quite the opposite - I have said several times that certain certifications, namely low-number CCIE's, are in fact quite valuable. So how does that jive with your accusation that I am somehow painting all certifications as worthless, when in fact I have singled out a certification subset as worthy? Oh, but I get it, you keep insisting that I am actually bashing all certs as a "stealth undercurrent thesis", despite the fact that I think everybody in this ng would agree that I don't exactly "do" stealth. If I want to say something, I'm going to say it. Here's an idea, Jack. Instead of debating me on what you believe the undercurrents of my words are saying, why not debate me on what I'm ACTUALLY saying? To do otherwise is really to engage in that character assassination and shooting-of-the-messenger that is simply uncouth. > 2b. The second repetitively implied undertext is that of the > (alleged) > "superiority" of college education, the original method of > degradation and > defamation of the certificiation process itself. I dismissed > this as a > comparison between apples and oranges with the intent to > devalue oranges by > judging their value in apple terms. If you have read my posts > at all, you > will know my position on this. I can repost the relevant > content if you > wish. > There you go again with the implied undertext. How the heck am I supposed to prove a negative? You can always accuse anybody of using subliminal messages and codewords, and what the heck am I supposed to do about it? Nobody can prove a negative. But once again, I ask you, why not debate me on my actual words, rather than what you "insinuate" my words to mean? To me, this particular thread only has to do with the decline in value of the CCIE as related to the value of lower vs. higher-number CCIE's - the value of college education has nothing to do with it. If you want to start your own thread about that, I'm happy to oblige. But for now, let's stick to the subject at hand. > 2c. All (mostly alleged, some legitimately identifiable) flaws > of > certification were constantly addressed by NRF, but none of the > flaws > associated with the college degree programs were even cited. > Thus, a lack > of balance that is consistent in his writings. In a nutshell, I > have pointed > that all the ills that the MCSE or CCNA/CCNP/CCIE tracks are > plauged with > also plague the university programs. One example is
RE: RE: RE: RE: number of CCIE??? [7:70328]
Thank you gents, I have come to the conclusion that Jack and NRF is one and the same person. Anyone who has seen, or read, "Fight Club" will recognise the symptoms. Any minute now NRF will shoot himself through the mouth and end it all. Seriously though over the years I have passed exams to get qualifications relevant to the job I am trying to get. The only problem is that the requirements in said job change and the qualifications become out of date. It is a constant merry-go-round. As far as I am concerned it sucks both ways. If you have an old qualification that you have updated, good for you. If you have a nice shiny new one well done, you know the stuff to pass the new exam. Could you pass the original one that the previous guy did, probably not? I have met excellent engineers who had the latest qualifications and also even better ones that didn't. The best that I can do is do my job as well as I can and hope that if I am made redundant again I have the right combination of qualifications and experience to get another job. Can we please now all get off our high horses, get drunk and forget the whole argument? Cheers, Steve Wilson CCNP CCDA Network Engineer -Original Message- From: n rf [mailto:[EMAIL PROTECTED] Sent: 11 June 2003 15:28 To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] >Jack Nalbandian wrote: Boy, for a guy who says that he wants to close the thread, you really have a lot to say. > > 1. Attacking his motives and attacking his character are > mutually exclusive > endeavors. I attack his motive of defaming the certification > process itself > in a series of different topics. I have not criticized any > such commentary > that balances all facts, but NRF's overall commentary does no > such thing. Uh, how's that? At the end of the day you are refusing to deal with the issues at hand. Whether you choose to attack my motives or my character - whatever you want to call it - it's still out of bounds. You are either talking about the actual issues at hand, or you're not. Simple as that. Besides, character and motives are basically one and the same. Wouldn't somebody with bad character necessarily have bad motives? Is there really such a thing as a guy with bad character having good motives? Or vice versa? I don't think so. So really, when you say that you're questioning my motives but not my character, that's really a distinction without a difference. Look, the bottom line is this. I don't question your motives or your character. Don't do it to me. > > 2. There is the issue of devaluation of certifications due to > the "forces > majeur" that you mention, but the actual argument, it seems, > you have missed > as well. The entire focus seems to be on "certification > tracks" and how > "worthless they are," not due to the actual market forces at > play, but due > to the very (alleged) "inherent weakness" of the certification > process > itself. Therefore, your well-thought out and long-winded (not > meant as a > pejorative) is too far off the mark. Why do you keep insisting on telling me what my own focus is? Don't you think I would know the focus of my own posts? When have I said in this particular thread that all certifications were worthless? In fact, you could easily say quite the opposite - I have said several times that certain certifications, namely low-number CCIE's, are in fact quite valuable. So how does that jive with your accusation that I am somehow painting all certifications as worthless, when in fact I have singled out a certification subset as worthy? Oh, but I get it, you keep insisting that I am actually bashing all certs as a "stealth undercurrent thesis", despite the fact that I think everybody in this ng would agree that I don't exactly "do" stealth. If I want to say something, I'm going to say it. Here's an idea, Jack. Instead of debating me on what you believe the undercurrents of my words are saying, why not debate me on what I'm ACTUALLY saying? To do otherwise is really to engage in that character assassination and shooting-of-the-messenger that is simply uncouth. > 2b. The second repetitively implied undertext is that of the > (alleged) > "superiority" of college education, the original method of > degradation and > defamation of the certificiation process itself. I dismissed > this as a > comparison between apples and oranges with the intent to > devalue oranges by > judging their value in apple terms. If you have read my posts > at all, you > will know my position on this. I can repost the relevant > content if you > wish. > There you go again with the implied undertext. How the heck am I supposed to prove a nega
RE: RE: RE: RE: number of CCIE??? [7:70328]
>Jack Nalbandian wrote: Boy, for a guy who says that he wants to close the thread, you really have a lot to say. > > 1. Attacking his motives and attacking his character are > mutually exclusive > endeavors. I attack his motive of defaming the certification > process itself > in a series of different topics. I have not criticized any > such commentary > that balances all facts, but NRF's overall commentary does no > such thing. Uh, how's that? At the end of the day you are refusing to deal with the issues at hand. Whether you choose to attack my motives or my character - whatever you want to call it - it's still out of bounds. You are either talking about the actual issues at hand, or you're not. Simple as that. Besides, character and motives are basically one and the same. Wouldn't somebody with bad character necessarily have bad motives? Is there really such a thing as a guy with bad character having good motives? Or vice versa? I don't think so. So really, when you say that you're questioning my motives but not my character, that's really a distinction without a difference. Look, the bottom line is this. I don't question your motives or your character. Don't do it to me. > > 2. There is the issue of devaluation of certifications due to > the "forces > majeur" that you mention, but the actual argument, it seems, > you have missed > as well. The entire focus seems to be on "certification > tracks" and how > "worthless they are," not due to the actual market forces at > play, but due > to the very (alleged) "inherent weakness" of the certification > process > itself. Therefore, your well-thought out and long-winded (not > meant as a > pejorative) is too far off the mark. Why do you keep insisting on telling me what my own focus is? Don't you think I would know the focus of my own posts? When have I said in this particular thread that all certifications were worthless? In fact, you could easily say quite the opposite - I have said several times that certain certifications, namely low-number CCIE's, are in fact quite valuable. So how does that jive with your accusation that I am somehow painting all certifications as worthless, when in fact I have singled out a certification subset as worthy? Oh, but I get it, you keep insisting that I am actually bashing all certs as a "stealth undercurrent thesis", despite the fact that I think everybody in this ng would agree that I don't exactly "do" stealth. If I want to say something, I'm going to say it. Here's an idea, Jack. Instead of debating me on what you believe the undercurrents of my words are saying, why not debate me on what I'm ACTUALLY saying? To do otherwise is really to engage in that character assassination and shooting-of-the-messenger that is simply uncouth. > 2b. The second repetitively implied undertext is that of the > (alleged) > "superiority" of college education, the original method of > degradation and > defamation of the certificiation process itself. I dismissed > this as a > comparison between apples and oranges with the intent to > devalue oranges by > judging their value in apple terms. If you have read my posts > at all, you > will know my position on this. I can repost the relevant > content if you > wish. > There you go again with the implied undertext. How the heck am I supposed to prove a negative? You can always accuse anybody of using subliminal messages and codewords, and what the heck am I supposed to do about it? Nobody can prove a negative. But once again, I ask you, why not debate me on my actual words, rather than what you "insinuate" my words to mean? To me, this particular thread only has to do with the decline in value of the CCIE as related to the value of lower vs. higher-number CCIE's - the value of college education has nothing to do with it. If you want to start your own thread about that, I'm happy to oblige. But for now, let's stick to the subject at hand. > 2c. All (mostly alleged, some legitimately identifiable) flaws > of > certification were constantly addressed by NRF, but none of the > flaws > associated with the college degree programs were even cited. > Thus, a lack > of balance that is consistent in his writings. In a nutshell, I > have pointed > that all the ills that the MCSE or CCNA/CCNP/CCIE tracks are > plauged with > also plague the university programs. One example is that > plagiarism off the > web is a huge concern among college deans, so far forcing them > to hire > specialists who track down web-based term papers for sale. Why have I not addressed then? Surprise surprise, because I am not talking about the value of college in this thread. Only you are. Why are you stunned to discover that I have not discussed things thatare not related to the subject at hand? What exactly does the value of college have anything to do with the decline in value of the CCIE, as demonstrated by the value of lower and higher-number CCIE's? > > 3. The new topic
RE: RE: RE: RE: number of CCIE??? [7:70328]
1. Attacking his motives and attacking his character are mutually exclusive endeavors. I attack his motive of defaming the certification process itself in a series of different topics. I have not criticized any such commentary that balances all facts, but NRF's overall commentary does no such thing. 2. There is the issue of devaluation of certifications due to the "forces majeur" that you mention, but the actual argument, it seems, you have missed as well. The entire focus seems to be on "certification tracks" and how "worthless they are," not due to the actual market forces at play, but due to the very (alleged) "inherent weakness" of the certification process itself. Therefore, your well-thought out and long-winded (not meant as a pejorative) is too far off the mark. 2b. The second repetitively implied undertext is that of the (alleged) "superiority" of college education, the original method of degradation and defamation of the certificiation process itself. I dismissed this as a comparison between apples and oranges with the intent to devalue oranges by judging their value in apple terms. If you have read my posts at all, you will know my position on this. I can repost the relevant content if you wish. 2c. All (mostly alleged, some legitimately identifiable) flaws of certification were constantly addressed by NRF, but none of the flaws associated with the college degree programs were even cited. Thus, a lack of balance that is consistent in his writings. In a nutshell, I have pointed that all the ills that the MCSE or CCNA/CCNP/CCIE tracks are plauged with also plague the university programs. One example is that plagiarism off the web is a huge concern among college deans, so far forcing them to hire specialists who track down web-based term papers for sale. 3. The new topic of "number of CCIEs" appears to me to be a part of a series of attempts to degrade the idea of vendor certification as a whole. That is his pattern as far as I have observed. I would appreciate genuine concern and balanced commentary on the matter, but mythology is all I read from his angle. That is my observation, and you have not convinced me otherwise. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig Columbus Sent: Monday, June 09, 2003 3:19 PM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] I've been trying to hold my tongue on this one since this firestorm comes up at least once a quarterBUT: NRF is correct. Attacking him and his motives fails to address the issue at hand. Rightly, or wrongly, there is a slight devaluation of the CCIE certification and it's not NRF's fault. Let me be clear: I'm not attacking any one who has earned, or is pursuing, the CCIE designation. I think any process that furthers an individual's knowledge, including the CCIE certification process, is valuable. But, let's go back to the original post... the original poster believed that the rate of people pursuing, and passing, the CCIE examination was increasing by quite a bit and wondered aloud if this was devaluing the certification. And, the answer is: yes, to some degree. Now before you pounce upon me, try to follow my logic. If you can't be bothered to read the logic, at least skip to my conclusion at the end before bashing me. DISCLAIMER: I realize that this is simplifying things...you economists in the audience shouldn't send me emails pointing out the complexity I left out. Certain basic economic laws apply to all commerce transactions, including the exchange of money for skilled IT labor. The two laws that apply are: 1) The Law of Supply. This law states: a) that at higher prices, producers are willing to offer more products for sale than at lower prices. In terms of this discussion, this means that when companies are willing to pay higher salaries (PRICE), CCIEs (PRODUCERS) are willing to provide more services (PRODUCTS) than when salaries are low. b) states that the supply increases as prices increase and decreases as prices decrease. Means that more people will become CCIEs (producers) to cash in on the higher prices (SALARIES) and people will stop trying to work as CCIEs when the salaries drop. c) states that those already in business will try to increase productions as a way of increasing profits. This is very similar to, but subtly different than, part a. Whereas in part a, the producers will offer more services in terms of product offering, part c indicates that producers will try to work more hours to optimize income. 2) The Law of Demand. This law states: a) that people will buy more of a product at a lower price than at a higher price, if nothing changes. This means that companies will request more services, up to the point where the company no longer can make use of the services,
RE: RE: RE: RE: number of CCIE??? [7:70328]
Kudos to Craig for a well thought out and written response. This is what I wanted to say but my temper got the better of me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Craig Columbus Sent: Monday, June 09, 2003 5:19 PM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] I've been trying to hold my tongue on this one since this firestorm comes up at least once a quarterBUT: NRF is correct. Attacking him and his motives fails to address the issue at hand. Rightly, or wrongly, there is a slight devaluation of the CCIE certification and it's not NRF's fault. Let me be clear: I'm not attacking any one who has earned, or is pursuing, the CCIE designation. I think any process that furthers an individual's knowledge, including the CCIE certification process, is valuable. But, let's go back to the original post... the original poster believed that the rate of people pursuing, and passing, the CCIE examination was increasing by quite a bit and wondered aloud if this was devaluing the certification. And, the answer is: yes, to some degree. Now before you pounce upon me, try to follow my logic. If you can't be bothered to read the logic, at least skip to my conclusion at the end before bashing me. DISCLAIMER: I realize that this is simplifying things...you economists in the audience shouldn't send me emails pointing out the complexity I left out. Certain basic economic laws apply to all commerce transactions, including the exchange of money for skilled IT labor. The two laws that apply are: 1) The Law of Supply. This law states: a) that at higher prices, producers are willing to offer more products for sale than at lower prices. In terms of this discussion, this means that when companies are willing to pay higher salaries (PRICE), CCIEs (PRODUCERS) are willing to provide more services (PRODUCTS) than when salaries are low. b) states that the supply increases as prices increase and decreases as prices decrease. Means that more people will become CCIEs (producers) to cash in on the higher prices (SALARIES) and people will stop trying to work as CCIEs when the salaries drop. c) states that those already in business will try to increase productions as a way of increasing profits. This is very similar to, but subtly different than, part a. Whereas in part a, the producers will offer more services in terms of product offering, part c indicates that producers will try to work more hours to optimize income. 2) The Law of Demand. This law states: a) that people will buy more of a product at a lower price than at a higher price, if nothing changes. This means that companies will request more services, up to the point where the company no longer can make use of the services, at a lower price than at a higher price. b) that at a lower price, more people can afford to buy more goods and more of an item more frequently, than they can at a higher price. Again, this means that at a lower salary, companies can afford to buy more IT services more frequently than they can when salaries are high. c) that at lower prices, people tend to buy some goods as a substitute for others more expensive. This means that when the services of a CCNP are cheaper than those of a CCIE, and the services of the CCNP are sufficient, then companies will tend to only purchase (hire) the services of a CCNP. The equilibrium point, where supply equals demand is known as the Market Price. The market price will remain unchanged as long as supply and demand remains unchanged. If there is an increase in demand or a decrease in supply, the market price will increase. If the opposite occurs, that is, if demand decreases and supply increases, the market price will decrease. Now, when you apply these rules to the current CCIE certification / economic situation, several things become clear: 1) CCIE salaries have always been fairly high. This is due to the higher demand for CCIE services and the relatively low supply of CCIEs available. 2) There are many people who wish to cash in on the high salaries typically paid to CCIEs. However, there are barriers to entry (another economics term) for suppliers. Namely, the cost of the certification and the intelligence / experience required to pass the difficult examination. These barriers will prevent everyone who wishes to become a CCIE from actually attaining the certification. 3) One of the barriers for entry (CCIE test requirements) has recently been lowered. Namely, the move from a two day test to a one day test. Since twice the number of people can now take the exam as could previously take the exam in a given time period, the number of those passing in a given time period is going to increase. 4) Without an additional barrier to entry being erected,
RE: RE: RE: RE: number of CCIE??? [7:70328]
I've been trying to hold my tongue on this one since this firestorm comes up at least once a quarterBUT: NRF is correct. Attacking him and his motives fails to address the issue at hand. Rightly, or wrongly, there is a slight devaluation of the CCIE certification and it's not NRF's fault. Let me be clear: I'm not attacking any one who has earned, or is pursuing, the CCIE designation. I think any process that furthers an individual's knowledge, including the CCIE certification process, is valuable. But, let's go back to the original post... the original poster believed that the rate of people pursuing, and passing, the CCIE examination was increasing by quite a bit and wondered aloud if this was devaluing the certification. And, the answer is: yes, to some degree. Now before you pounce upon me, try to follow my logic. If you can't be bothered to read the logic, at least skip to my conclusion at the end before bashing me. DISCLAIMER: I realize that this is simplifying things...you economists in the audience shouldn't send me emails pointing out the complexity I left out. Certain basic economic laws apply to all commerce transactions, including the exchange of money for skilled IT labor. The two laws that apply are: 1) The Law of Supply. This law states: a) that at higher prices, producers are willing to offer more products for sale than at lower prices. In terms of this discussion, this means that when companies are willing to pay higher salaries (PRICE), CCIEs (PRODUCERS) are willing to provide more services (PRODUCTS) than when salaries are low. b) states that the supply increases as prices increase and decreases as prices decrease. Means that more people will become CCIEs (producers) to cash in on the higher prices (SALARIES) and people will stop trying to work as CCIEs when the salaries drop. c) states that those already in business will try to increase productions as a way of increasing profits. This is very similar to, but subtly different than, part a. Whereas in part a, the producers will offer more services in terms of product offering, part c indicates that producers will try to work more hours to optimize income. 2) The Law of Demand. This law states: a) that people will buy more of a product at a lower price than at a higher price, if nothing changes. This means that companies will request more services, up to the point where the company no longer can make use of the services, at a lower price than at a higher price. b) that at a lower price, more people can afford to buy more goods and more of an item more frequently, than they can at a higher price. Again, this means that at a lower salary, companies can afford to buy more IT services more frequently than they can when salaries are high. c) that at lower prices, people tend to buy some goods as a substitute for others more expensive. This means that when the services of a CCNP are cheaper than those of a CCIE, and the services of the CCNP are sufficient, then companies will tend to only purchase (hire) the services of a CCNP. The equilibrium point, where supply equals demand is known as the Market Price. The market price will remain unchanged as long as supply and demand remains unchanged. If there is an increase in demand or a decrease in supply, the market price will increase. If the opposite occurs, that is, if demand decreases and supply increases, the market price will decrease. Now, when you apply these rules to the current CCIE certification / economic situation, several things become clear: 1) CCIE salaries have always been fairly high. This is due to the higher demand for CCIE services and the relatively low supply of CCIEs available. 2) There are many people who wish to cash in on the high salaries typically paid to CCIEs. However, there are barriers to entry (another economics term) for suppliers. Namely, the cost of the certification and the intelligence / experience required to pass the difficult examination. These barriers will prevent everyone who wishes to become a CCIE from actually attaining the certification. 3) One of the barriers for entry (CCIE test requirements) has recently been lowered. Namely, the move from a two day test to a one day test. Since twice the number of people can now take the exam as could previously take the exam in a given time period, the number of those passing in a given time period is going to increase. 4) Without an additional barrier to entry being erected, such as increased difficulty, one could reasonably expect that since twice the number of people are taking the exam per year, that twice the number of people will pass the exam per year. Around July 1999, the numbers were in the low 4300s. A year later, the number was less than 6100. By July 2001, the number was in the low 7700s. In other words, roughly 1600-1800 people were p
Re: RE: number of CCIE [7:70151]
I don't disagree with a single word :) "John Neiberger" cc: Sent by: Subject: Re: RE: number of CCIE [7:70151] [EMAIL PROTECTED] m 06/09/2003 04:03 PM Please respond to "John Neiberger" >>>> [EMAIL PROTECTED] 6/9/03 11:53:24 AM >>> >Agreed on all points. > >Out of curiosity, did anyone ever admit to wanting to trade a higher number >ie with a lower number? I don't think I ever saw anyone come right out and >say yes or no. > >I'm pretty much in lurk mode on this list, and so my opinions and such can >be taken for what they are worth, and I think that while this list is a >discussion area for certification prep I see a lot of material that looks >suspiciously like "I ran across this at work, help me". Not that that's >necessarily a bad thing, just pointing out that once the "what is the >passing score for xyz", "what books are best" and "what do I need to >study", not to mention the odd "I have all the answers, e-mail me" posts >get set aside, there are considerably more items that qualify as "off" >topic than on. A couple of years ago we all decided (well, Paul decided) that the professional list would no longer be a certification-only list, while the associates list is supposed to remain certification-related. It is perfectly acceptable to discuss just about any networking topic on the professional list. > >nrf provides numerous opportunities for interesting discussions that go >beyond the how many bits in a byte conversations. He seems to agitate some >people (some more than others) which in my book usually means he's hit on >something. I realize that by daring to criticize the ccie program in any >way offends some who have staked a good portion of blood, sweat and tears >on obtaining, or working on obtaining, their certification, but that >doesn't make some of his points any less valid. nrf is a source of agitation for some for a couple of different reasons. First, he chooses to remain fairly anonymous and pretty vague about his own certification history. I wish I had a dollar for every time someone tried to get him to admit whether he was a CCIE or not. He makes an excellent point regarding this. If we dispute what he is saying, we should argue the point, not the person. Second, he is brutally honest and oftentimes people take this the wrong way. I don't want to speak for him but he seems to call things like he sees them and he is obviously experienced enough in the industry to give his opinion quite a bit of weight. I've never seen him be anything but fair and honest, but this may seem brash to some. Regards, John > >Anyway, that's my $.02, as always if you're not interested in what I have >to say, ignore me or delete this message, please don't send me a 10 page >response telling me how I'm responsible for keeping the thread alive :) > > > > > > "Peter van >Oene" > >cc: > Sent by: Subject: Re: RE: number of >CCIE [7:70151] > >[EMAIL PROTECTED] > >.com > > > 06/09/2003 >09:22 > >AM > Please respond >to > "Peter van >Oene" > > > > > >At 09:34 PM 6/8/2003 +, garrett allen wrote: >>the intent of this list is to discuss preparation cisco exams, not >>opportunities in the various job markets. if your comments don't >>relate to the study blueprint in some meaninful way, please keep them >>to yourself. > >nice thread :-) for those whining about it, you can skip the messages you >know. > >ccie is a good challenge. got after it if you want. maybe it will help >you get a job, maybe it won't. jncie is pretty neat too :) > >my ie will expire in a cou
Re: RE: number of CCIE [7:70151]
>>>> [EMAIL PROTECTED] 6/9/03 11:53:24 AM >>> >Agreed on all points. > >Out of curiosity, did anyone ever admit to wanting to trade a higher number >ie with a lower number? I don't think I ever saw anyone come right out and >say yes or no. > >I'm pretty much in lurk mode on this list, and so my opinions and such can >be taken for what they are worth, and I think that while this list is a >discussion area for certification prep I see a lot of material that looks >suspiciously like "I ran across this at work, help me". Not that that's >necessarily a bad thing, just pointing out that once the "what is the >passing score for xyz", "what books are best" and "what do I need to >study", not to mention the odd "I have all the answers, e-mail me" posts >get set aside, there are considerably more items that qualify as "off" >topic than on. A couple of years ago we all decided (well, Paul decided) that the professional list would no longer be a certification-only list, while the associates list is supposed to remain certification-related. It is perfectly acceptable to discuss just about any networking topic on the professional list. > >nrf provides numerous opportunities for interesting discussions that go >beyond the how many bits in a byte conversations. He seems to agitate some >people (some more than others) which in my book usually means he's hit on >something. I realize that by daring to criticize the ccie program in any >way offends some who have staked a good portion of blood, sweat and tears >on obtaining, or working on obtaining, their certification, but that >doesn't make some of his points any less valid. nrf is a source of agitation for some for a couple of different reasons. First, he chooses to remain fairly anonymous and pretty vague about his own certification history. I wish I had a dollar for every time someone tried to get him to admit whether he was a CCIE or not. He makes an excellent point regarding this. If we dispute what he is saying, we should argue the point, not the person. Second, he is brutally honest and oftentimes people take this the wrong way. I don't want to speak for him but he seems to call things like he sees them and he is obviously experienced enough in the industry to give his opinion quite a bit of weight. I've never seen him be anything but fair and honest, but this may seem brash to some. Regards, John > >Anyway, that's my $.02, as always if you're not interested in what I have >to say, ignore me or delete this message, please don't send me a 10 page >response telling me how I'm responsible for keeping the thread alive :) > > > > > > "Peter van >Oene" > >cc: > Sent by: Subject: Re: RE: number of >CCIE [7:70151] > >[EMAIL PROTECTED] > >.com > > > 06/09/2003 >09:22 > >AM > Please respond >to > "Peter van >Oene" > > > > > >At 09:34 PM 6/8/2003 +, garrett allen wrote: >>the intent of this list is to discuss preparation cisco exams, not >>opportunities in the various job markets. if your comments don't >>relate to the study blueprint in some meaninful way, please keep them >>to yourself. > >nice thread :-) for those whining about it, you can skip the messages you >know. > >ccie is a good challenge. got after it if you want. maybe it will help >you get a job, maybe it won't. jncie is pretty neat too :) > >my ie will expire in a couple months and I could really care less. > >but please, feel free to continue debate subjective topics as you see fit. > >for what its worth, in my opinion, nrf has well earned the right to debate >whatever he wants on this list. > >pete Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70420&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
NRF, I am not here to convince you ether way. My aim was to demonstrate that myths that stem from biases based on purely subjective "data" are only damaging. Part and parcel of the discreditation exercise is the lesson that myths are easily concocted. I will no longer respond to this thread, as there have been requests for this to stop. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n rf Sent: Monday, June 09, 2003 2:03 AM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] Jack Nalbandian wrote: > > My friend NRF (what is your name anyhow?), > > Others have expressed concern, true, and most of them are > legitimate. You > mentioned that the MCSE was thought of as a means to get "easy > money" from a > relatively naive market faced with the new "IT" dimension. > > Expressing legitimate concern by citing facts has its value, > but I see that > you are indeed "peddling myths," but, so far (forgive me for > generalizing > due to limited exposure to your thoughts) you have been very > one-sided ad > biased in your "concerns." The "CCIE number" thread is based > on some > objective opinion of ONE person, you. You have also not > provided data to > back your "opinion," and doubt very much that you can provide > definitive > data on the matter. It is not one-sided at all. Again, answer the question - all other things being equal, would you prefer a lower or a higher number for yourself or not? Of course you prefer a lower number. I know I do. Pretty much everybody does. So actually, I would say that the majority is on my side. The only difference is that some people like me are willing to admit it, and others aren't. But in our hearts, we all know what the truth is. Again, if you don't believe me, go look in the mirror and ask yourself honestly would you take a lower number if Cisco offered it to you? Be honest with yourself. I think you know exactly what I'm talking about and that's about as definitive as you're ever going to get. > > Who are those "some people," those who (allegedly) "required > lower number > CCIE's" and what percentage of the global population of "HR > managers" do > they constitute? Do they, furthermore, qualify to judge either > way? How > "expertly" knowledgable are they of the CCIE certification > process? How > familiar are you? Once again with the ad-hominem attacks. Why do people insist on attacking my character and my motives rather than my actual points? First of all, I obviously don't think it's stupid that people who do hiring prefer the lower number. I think it's actually entirely logical. But fine, let's have it your way. Even if it was illogical, what does that prove? You ask how what makes these HR people qualified to judge? Simple. The mere fact that HR managers have jobs to give makes that person qualified to judge. Why? Simple - the golden rule. He who has the gold makes the rules. If you want a job, and they have the jobs to give, then they are the ones with the power. They are the ones who tell you what they are looking for, and if you refuse to play by their rules, then they won't give you the job, simple as that. Unfair? Maybe. But get over it. That's life. If you have your own company, then you can decide what criteria you will use to hire. But if you don't, then you have to dance to the tune of the piper. Let me put it to you another way. Surely we all know that many companies prefer that certain positions be filled by college graduates, despite the fact that those positions don't really require anything that you would learn in college. So you might then say that it's stupid that they do things this way. Yeah, but at the end of the day, so what? Since they are the ones who have the jobs, they get to decide what they want. Ranting and raving about how you think the requirement is stupid isn't going to change their minds. Do you seriously believe that you'll be able to go to these companies and use your power of persuasion to convince them that their own requirement is stupid? Of course not. You either have want they want, or you'll be passed by. The key, therefore, is if you want that job, you should get that thing that they want, even if you don't agree that it's necessary. Telling companies that you don't agree with their hiring practices doesn't help you in paying the rent. Sometimes you gotta put up with things you don't agree with in order to get something you want (like a job). That's life. You gotta be pragmatic here. I hate stopping at red lights at 3 AM when there's nobody around to crash into. But hey, if I
Re: RE: number of CCIE [7:70151]
Agreed on all points. Out of curiosity, did anyone ever admit to wanting to trade a higher number ie with a lower number? I don't think I ever saw anyone come right out and say yes or no. I'm pretty much in lurk mode on this list, and so my opinions and such can be taken for what they are worth, and I think that while this list is a discussion area for certification prep I see a lot of material that looks suspiciously like "I ran across this at work, help me". Not that that's necessarily a bad thing, just pointing out that once the "what is the passing score for xyz", "what books are best" and "what do I need to study", not to mention the odd "I have all the answers, e-mail me" posts get set aside, there are considerably more items that qualify as "off" topic than on. nrf provides numerous opportunities for interesting discussions that go beyond the how many bits in a byte conversations. He seems to agitate some people (some more than others) which in my book usually means he's hit on something. I realize that by daring to criticize the ccie program in any way offends some who have staked a good portion of blood, sweat and tears on obtaining, or working on obtaining, their certification, but that doesn't make some of his points any less valid. Anyway, that's my $.02, as always if you're not interested in what I have to say, ignore me or delete this message, please don't send me a 10 page response telling me how I'm responsible for keeping the thread alive :) "Peter van Oene" cc: Sent by: Subject: Re: RE: number of CCIE [7:70151] [EMAIL PROTECTED] .com 06/09/2003 09:22 AM Please respond to "Peter van Oene" At 09:34 PM 6/8/2003 +, garrett allen wrote: >the intent of this list is to discuss preparation cisco exams, not >opportunities in the various job markets. if your comments don't >relate to the study blueprint in some meaninful way, please keep them >to yourself. nice thread :-) for those whining about it, you can skip the messages you know. ccie is a good challenge. got after it if you want. maybe it will help you get a job, maybe it won't. jncie is pretty neat too :) my ie will expire in a couple months and I could really care less. but please, feel free to continue debate subjective topics as you see fit. for what its worth, in my opinion, nrf has well earned the right to debate whatever he wants on this list. pete >thanks. > >- Original Message - >From: n rf >Date: Sunday, June 8, 2003 4:14 pm >Subject: Re: RE: number of CCIE [7:70151] > > > garrett allen wrote: > > > > > > yawn. > > > > Bored? > > > > I don't want to be overly confrontational, but if you really > > thought this > > thread was so boring that you're yawning, then why did you bother > > to make a > > rebuttal to me in the first place? The fact that you did > > obviously means > > that you don't think it's THAT boring. > > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70411&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: number of CCIE [7:70151]
At 09:34 PM 6/8/2003 +, garrett allen wrote: >the intent of this list is to discuss preparation cisco exams, not >opportunities in the various job markets. if your comments don't >relate to the study blueprint in some meaninful way, please keep them >to yourself. nice thread :-) for those whining about it, you can skip the messages you know. ccie is a good challenge. got after it if you want. maybe it will help you get a job, maybe it won't. jncie is pretty neat too :) my ie will expire in a couple months and I could really care less. but please, feel free to continue debate subjective topics as you see fit. for what its worth, in my opinion, nrf has well earned the right to debate whatever he wants on this list. pete >thanks. > >- Original Message - >From: n rf >Date: Sunday, June 8, 2003 4:14 pm >Subject: Re: RE: number of CCIE [7:70151] > > > garrett allen wrote: > > > > > > yawn. > > > > Bored? > > > > I don't want to be overly confrontational, but if you really > > thought this > > thread was so boring that you're yawning, then why did you bother > > to make a > > rebuttal to me in the first place? The fact that you did > > obviously means > > that you don't think it's THAT boring. > > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70401&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: RE: RE: number of CCIE??? [7:70328]
Everybody has his or her own idea. I will appreaiciate if you can stop this from now on. I think this discussion is becoming too long and it seems it will never end.. If you would like to keep on discussing please unicast to those people that u like. Regards Devvv - Original Message - From: "n rf" To: Sent: Monday, June 09, 2003 11:03 AM Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] > Jack Nalbandian wrote: > > > > My friend NRF (what is your name anyhow?), > > > > Others have expressed concern, true, and most of them are > > legitimate. You > > mentioned that the MCSE was thought of as a means to get "easy > > money" from a > > relatively naive market faced with the new "IT" dimension. > > > > Expressing legitimate concern by citing facts has its value, > > but I see that > > you are indeed "peddling myths," but, so far (forgive me for > > generalizing > > due to limited exposure to your thoughts) you have been very > > one-sided ad > > biased in your "concerns." The "CCIE number" thread is based > > on some > > objective opinion of ONE person, you. You have also not > > provided data to > > back your "opinion," and doubt very much that you can provide > > definitive > > data on the matter. > > It is not one-sided at all. Again, answer the question - all other things > being equal, would you prefer a lower or a higher number for yourself or > not? Of course you prefer a lower number. I know I do. Pretty much > everybody does. So actually, I would say that the majority is on my side. > The only difference is that some people like me are willing to admit it, and > others aren't. But in our hearts, we all know what the truth is. Again, if > you don't believe me, go look in the mirror and ask yourself honestly would > you take a lower number if Cisco offered it to you? Be honest with > yourself. I think you know exactly what I'm talking about and that's about > as definitive as you're ever going to get. > > > > > Who are those "some people," those who (allegedly) "required > > lower number > > CCIE's" and what percentage of the global population of "HR > > managers" do > > they constitute? Do they, furthermore, qualify to judge either > > way? How > > "expertly" knowledgable are they of the CCIE certification > > process? How > > familiar are you? > > Once again with the ad-hominem attacks. Why do people insist on attacking > my character and my motives rather than my actual points? > > First of all, I obviously don't think it's stupid that people who do hiring > prefer the lower number. I think it's actually entirely logical. > > But fine, let's have it your way. Even if it was illogical, what does that > prove? You ask how what makes these HR people qualified to judge? Simple. > The mere fact that HR managers have jobs to give makes that person qualified > to judge. Why? Simple - the golden rule. He who has the gold makes the > rules. If you want a job, and they have the jobs to give, then they are the > ones with the power. They are the ones who tell you what they are looking > for, and if you refuse to play by their rules, then they won't give you the > job, simple as that. Unfair? Maybe. But get over it. That's life. If > you have your own company, then you can decide what criteria you will use to > hire. But if you don't, then you have to dance to the tune of the piper. > > Let me put it to you another way. Surely we all know that many companies > prefer that certain positions be filled by college graduates, despite the > fact that those positions don't really require anything that you would learn > in college. So you might then say that it's stupid that they do things this > way. Yeah, but at the end of the day, so what? Since they are the ones who > have the jobs, they get to decide what they want. Ranting and raving about > how you think the requirement is stupid isn't going to change their minds. > Do you seriously believe that you'll be able to go to these companies and > use your power of persuasion to convince them that their own requirement is > stupid? Of course not. You either have want they want, or you'll be > passed by. The key, therefore, is if you want that job, you should get that > thing that they want, even if you don't agree that it's necessary. Telling > companies that you don't agree with their hiring practices doesn't help you > in paying the rent. Sometimes you gotta put up with thi
RE: RE: RE: RE: number of CCIE??? [7:70328]
Jack Nalbandian wrote: > > My friend NRF (what is your name anyhow?), > > Others have expressed concern, true, and most of them are > legitimate. You > mentioned that the MCSE was thought of as a means to get "easy > money" from a > relatively naive market faced with the new "IT" dimension. > > Expressing legitimate concern by citing facts has its value, > but I see that > you are indeed "peddling myths," but, so far (forgive me for > generalizing > due to limited exposure to your thoughts) you have been very > one-sided ad > biased in your "concerns." The "CCIE number" thread is based > on some > objective opinion of ONE person, you. You have also not > provided data to > back your "opinion," and doubt very much that you can provide > definitive > data on the matter. It is not one-sided at all. Again, answer the question - all other things being equal, would you prefer a lower or a higher number for yourself or not? Of course you prefer a lower number. I know I do. Pretty much everybody does. So actually, I would say that the majority is on my side. The only difference is that some people like me are willing to admit it, and others aren't. But in our hearts, we all know what the truth is. Again, if you don't believe me, go look in the mirror and ask yourself honestly would you take a lower number if Cisco offered it to you? Be honest with yourself. I think you know exactly what I'm talking about and that's about as definitive as you're ever going to get. > > Who are those "some people," those who (allegedly) "required > lower number > CCIE's" and what percentage of the global population of "HR > managers" do > they constitute? Do they, furthermore, qualify to judge either > way? How > "expertly" knowledgable are they of the CCIE certification > process? How > familiar are you? Once again with the ad-hominem attacks. Why do people insist on attacking my character and my motives rather than my actual points? First of all, I obviously don't think it's stupid that people who do hiring prefer the lower number. I think it's actually entirely logical. But fine, let's have it your way. Even if it was illogical, what does that prove? You ask how what makes these HR people qualified to judge? Simple. The mere fact that HR managers have jobs to give makes that person qualified to judge. Why? Simple - the golden rule. He who has the gold makes the rules. If you want a job, and they have the jobs to give, then they are the ones with the power. They are the ones who tell you what they are looking for, and if you refuse to play by their rules, then they won't give you the job, simple as that. Unfair? Maybe. But get over it. That's life. If you have your own company, then you can decide what criteria you will use to hire. But if you don't, then you have to dance to the tune of the piper. Let me put it to you another way. Surely we all know that many companies prefer that certain positions be filled by college graduates, despite the fact that those positions don't really require anything that you would learn in college. So you might then say that it's stupid that they do things this way. Yeah, but at the end of the day, so what? Since they are the ones who have the jobs, they get to decide what they want. Ranting and raving about how you think the requirement is stupid isn't going to change their minds. Do you seriously believe that you'll be able to go to these companies and use your power of persuasion to convince them that their own requirement is stupid? Of course not. You either have want they want, or you'll be passed by. The key, therefore, is if you want that job, you should get that thing that they want, even if you don't agree that it's necessary. Telling companies that you don't agree with their hiring practices doesn't help you in paying the rent. Sometimes you gotta put up with things you don't agree with in order to get something you want (like a job). That's life. You gotta be pragmatic here. I hate stopping at red lights at 3 AM when there's nobody around to crash into. But hey, if I run one and get pulled over, am I really going to win an argument with the cop over how I shouldn't need to obey the light because there's nobody around? Of course not. He's gonna hand me a ticket and I'm going to be out $300, end of story. I stop at red lights at 3AM simply because I don't want to get a ticket. I think it's stupid that I would get one because there's nobody around to crash into, but that's neither here nor there. In the final analysis, I don't want a ticket, so I don't run those lights. In the final analysis, people go to college because they want to get those jobs for which a company says that a degree is necessary. In the final analysis, people desire a lower number because some HR guys/recruiters say that they prefer them. Whether you personally agree that things should be this way is not the issue. If you want the thing that people are
RE: RE: RE: RE: number of CCIE??? [7:70328]
My friend NRF (what is your name anyhow?), Others have expressed concern, true, and most of them are legitimate. You mentioned that the MCSE was thought of as a means to get "easy money" from a relatively naive market faced with the new "IT" dimension. Expressing legitimate concern by citing facts has its value, but I see that you are indeed "peddling myths," but, so far (forgive me for generalizing due to limited exposure to your thoughts) you have been very one-sided ad biased in your "concerns." The "CCIE number" thread is based on some objective opinion of ONE person, you. You have also not provided data to back your "opinion," and doubt very much that you can provide definitive data on the matter. Who are those "some people," those who (allegedly) "required lower number CCIE's" and what percentage of the global population of "HR managers" do they constitute? Do they, furthermore, qualify to judge either way? How "expertly" knowledgable are they of the CCIE certification process? How familiar are you? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n rf Sent: Sunday, June 08, 2003 11:26 AM To: [EMAIL PROTECTED] Subject: RE: RE: RE: RE: number of CCIE??? [7:70328] Jack Nalbandian wrote: > > This constant blare of prejudicial bias in favor of "college > ed" and to the > definite disfavor of "certification" seems to come most > intensely from your > address. The undertext is always the same: "Go to college." Woah, now there's something that completely came out of left field. When in any of my posts on this particular thread did I ever tell anybody to favor college over certification? I agre that in the past I have often advocated the benefits of college over certification, but not in this particular topic. And believe me, I think everybody on this board knows that I don't hold back, so if I wanted to talk about college, believe me, I would have talked about it, and done so explicitly. I've been described by many adjectives, some positive and some negative, but I don't think I've ever been described as 'subtle'. I don't believe in undertexts, I don't believe in subterfuge, and I don't believe in stealth. If something is on my mind, believe me, I'm going to say it. > > Is there a career-oriented quasi-political interest element at > play here > somewhere? Do you have a vested interest in recruiting people > into college > programs? Since you opened the door, I could very easily turn around and ask you whether you have a vested interest in cert programs? > > I am just asking speculative and rhetorical questions with the > hope of > shedding some light on this mysterious phenomenon of one-sided > expression of > "concern for the (alleged) degradation of" in this case > certification > programs. > > The CCIE itself, once dubbed the "doctorate of networking" is > now under > attack, and there have been numerous posts, only by NRF, > dedicated to this > topic. It is as though there is a one man crusade in progress > here. Only by me? Really? So nobody else has ever expressed any concerns about certs? Is that right? If I look back, I see that this whole thread was started by somebody else. I also see some rather back-handed statements about certs by people like Chuck (the road goes ever on). Howard Berkowitz is clearly no fan of certs either. > > 1. If CCIE or any other sort of education is suffering from > "degradation and > devaluation" due to the "oversaturation of test-related > information" on the > Internet, then the same argument can be made to the detriment > of the > University. Why else would you have entire "net > anti-plagiarist policing" > firms offering their services to universities to guard against > "copy and > paste" term papers? Oh you're right. But colleges have one very powerful thing going for them - the use of relative scoring, which serves as the ultimate leveling tool. Basically, there is no 'set' score that you need to get admitted to a college - you win admission by basically beating out the other candidates.So if all candidates happen to all improve due to PrincetonReview SAT prep courses or whatever, it doesn't really threaten the integrity of the program because colleges are still going to take the top candidates, whatever the term "top" happens to mean at that time. The use of relative scoring provides inherent stability to the integrity of the program. I believe that the CCIE should use something similar. But I digress... > > 2. Any such argument that attempts to "emphasize the value of &g
Re: RE: number of CCIE [7:70151]
garrett allen wrote: > > the intent of this list is to discuss preparation cisco exams, > not > opportunities in the various job markets. if your comments > don't > relate to the study blueprint in some meaninful way, please > keep them > to yourself. First of all, keep in mind that I didn't start this thread, Lamy Alexandre did. But I don't see you getting on his case, why not? You don't like the thread, take it up with the person who actually started it. Second of all, I've never seen you say anything about all the other threads that also have nothing to do with preparation with cisco exams. For example, right now I see some guy talking about 'religious wars', and I see another guy asking whether people are getting "naughty" emails from the group. It's not obvious to me that these posts have anything to do with Cisco certification, yet I don't see you telling those guys to keep their posts to themselves, why not? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70366&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: number of CCIE [7:70151]
the intent of this list is to discuss preparation cisco exams, not opportunities in the various job markets. if your comments don't relate to the study blueprint in some meaninful way, please keep them to yourself. thanks. - Original Message - From: n rf Date: Sunday, June 8, 2003 4:14 pm Subject: Re: RE: number of CCIE [7:70151] > garrett allen wrote: > > > > yawn. > > Bored? > > I don't want to be overly confrontational, but if you really > thought this > thread was so boring that you're yawning, then why did you bother > to make a > rebuttal to me in the first place? The fact that you did > obviously means > that you don't think it's THAT boring. > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70360&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: number of CCIE [7:70151]
garrett allen wrote: > > yawn. Bored? I don't want to be overly confrontational, but if you really thought this thread was so boring that you're yawning, then why did you bother to make a rebuttal to me in the first place? The fact that you did obviously means that you don't think it's THAT boring. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70356&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
Jack Nalbandian wrote: > > This constant blare of prejudicial bias in favor of "college > ed" and to the > definite disfavor of "certification" seems to come most > intensely from your > address. The undertext is always the same: "Go to college." Woah, now there's something that completely came out of left field. When in any of my posts on this particular thread did I ever tell anybody to favor college over certification? I agre that in the past I have often advocated the benefits of college over certification, but not in this particular topic. And believe me, I think everybody on this board knows that I don't hold back, so if I wanted to talk about college, believe me, I would have talked about it, and done so explicitly. I've been described by many adjectives, some positive and some negative, but I don't think I've ever been described as 'subtle'. I don't believe in undertexts, I don't believe in subterfuge, and I don't believe in stealth. If something is on my mind, believe me, I'm going to say it. > > Is there a career-oriented quasi-political interest element at > play here > somewhere? Do you have a vested interest in recruiting people > into college > programs? Since you opened the door, I could very easily turn around and ask you whether you have a vested interest in cert programs? > > I am just asking speculative and rhetorical questions with the > hope of > shedding some light on this mysterious phenomenon of one-sided > expression of > "concern for the (alleged) degradation of" in this case > certification > programs. > > The CCIE itself, once dubbed the "doctorate of networking" is > now under > attack, and there have been numerous posts, only by NRF, > dedicated to this > topic. It is as though there is a one man crusade in progress > here. Only by me? Really? So nobody else has ever expressed any concerns about certs? Is that right? If I look back, I see that this whole thread was started by somebody else. I also see some rather back-handed statements about certs by people like Chuck (the road goes ever on). Howard Berkowitz is clearly no fan of certs either. > > 1. If CCIE or any other sort of education is suffering from > "degradation and > devaluation" due to the "oversaturation of test-related > information" on the > Internet, then the same argument can be made to the detriment > of the > University. Why else would you have entire "net > anti-plagiarist policing" > firms offering their services to universities to guard against > "copy and > paste" term papers? Oh you're right. But colleges have one very powerful thing going for them - the use of relative scoring, which serves as the ultimate leveling tool. Basically, there is no 'set' score that you need to get admitted to a college - you win admission by basically beating out the other candidates.So if all candidates happen to all improve due to PrincetonReview SAT prep courses or whatever, it doesn't really threaten the integrity of the program because colleges are still going to take the top candidates, whatever the term "top" happens to mean at that time. The use of relative scoring provides inherent stability to the integrity of the program. I believe that the CCIE should use something similar. But I digress... > > 2. Any such argument that attempts to "emphasize the value of > college > education" at the expense of the certification tracks offered > by MS, Cisco, > or anyone else is doomed to be subjected to equally potent > counter-arguments. The sad fact is that the Internet itself, > ironically, > has opened the door to billions of pages of information (thus, > the "info > highway"), a good portion of which will have its various > corrupting effects. > Any insistence on the superiority of one program over the other > due to some > "integrity" benchmark will only yield endless cycles of > worhtless arguments. And again, relative scoring could fix all of that. Think about this. The 'E' in CCIE stands for expert. But what does it really mean to be an expert? Think about how you use the term 'expert' in your daily life. It means to be above average in that particular field, as defined by whatever 'average' is at that particular time. Therefore the term 'expert' is inherently relative to the standards of the time. Therefore, if all of a sudden, people got substantially more educated about IP networking, then that doesn't mean that everybody suddenly becomes an expert. To be an expert in this world would mean that you would REALLY have to know a lot about IP networking. Therefore it doesn't really matter if everybody has more access to information. At the end of the day, some people will always know more than others, and it is those people who are properly defined as experts under the relative definition of the term. > > I for one am still going through the pains of recertification, > and I will do > so joyfully (nope, without cheat sheets or "practice tests"). > But, the good >
Re: RE: 40% Ping Success [7:70327]
what kind of circuit is it and is the success rate the same regardless of the destination address pinged? - Original Message - From: Nathan Date: Sunday, June 8, 2003 7:09 am Subject: RE: 40% Ping Success [7:70327] > Well, the only route my router sees is the directly connected router's > IP. This is due to the fact that we haven't gotten BGP up yet. Also, > from what I know, the serial link is the only link sending out > packets. > -Original Message- > From: [EMAIL PROTECTED] [EMAIL PROTECTED] On Behalf Of > Devrim Yener KUCUK > Sent: Sunday, June 08, 2003 2:15 AM > To: [EMAIL PROTECTED] > Subject: Re: 40% Ping Success [7:70327] > > > please verify where the packets are lost...(which layer...?) > > Like any routing issue..2 packets may be sent from one link and 3 > may be > from other.. or physical layer issue (like packet loss... ) cle > countersand check sh int ser ..., sh controller.. which outputs > are increasing > > regards > > de > > > - Original Message - > From: "Nathan" > To: > Sent: Sunday, June 08, 2003 10:01 AM > Subject: 40% Ping Success [7:70327] > > > > Ok guys here's an interesting issue. Once we got the internet > circuit > > up, the ping was only 40% successful. Why would that be? > > > > Here's the setup: > > > > 3700 -> CSU/DSU -> DMARK -> SBC -> Service Provider. > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70344&t=70327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: RE: RE: number of CCIE??? [7:70328]
This constant blare of prejudicial bias in favor of "college ed" and to the definite disfavor of "certification" seems to come most intensely from your address. The undertext is always the same: "Go to college." Is there a career-oriented quasi-political interest element at play here somewhere? Do you have a vested interest in recruiting people into college programs? I am just asking speculative and rhetorical questions with the hope of shedding some light on this mysterious phenomenon of one-sided expression of "concern for the (alleged) degradation of" in this case certification programs. The CCIE itself, once dubbed the "doctorate of networking" is now under attack, and there have been numerous posts, only by NRF, dedicated to this topic. It is as though there is a one man crusade in progress here. 1. If CCIE or any other sort of education is suffering from "degradation and devaluation" due to the "oversaturation of test-related information" on the Internet, then the same argument can be made to the detriment of the University. Why else would you have entire "net anti-plagiarist policing" firms offering their services to universities to guard against "copy and paste" term papers? 2. Any such argument that attempts to "emphasize the value of college education" at the expense of the certification tracks offered by MS, Cisco, or anyone else is doomed to be subjected to equally potent counter-arguments. The sad fact is that the Internet itself, ironically, has opened the door to billions of pages of information (thus, the "info highway"), a good portion of which will have its various corrupting effects. Any insistence on the superiority of one program over the other due to some "integrity" benchmark will only yield endless cycles of worhtless arguments. I for one am still going through the pains of recertification, and I will do so joyfully (nope, without cheat sheets or "practice tests"). But, the good news is that I am also enrolling for CS degree (actually IT managment) next fall!---:) p.s. The CCIEs that I have had the privilege of working with in the field have proven themselves to be experts time and time again. They are still very valuable in the marketplace. Myths are the only thing that can taint that. As far as I have seen, judging by the failure rate among quite competent colleagues of mine, the lab is still the lab. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of n rf Sent: Saturday, June 07, 2003 9:10 AM To: [EMAIL PROTECTED] Subject: Re: RE: number of CCIE [7:70151] garrett allen wrote: > > you make an a priori argument that lower is better. is a lower > number > cpa better than a higher numbered one? You got me wrong. I didn't say that lower is better at all times. Read my entire post again. I said that more rigorous equates to prestige. This is why I included my example of what would happen if Cisco decided to change the CCIE exam to become extremely rigorous - then eventually people would prize "high-number" CCIE's who passed the more rigorous version. The fact is, prestige follows rigor. If something is more rigorous, then it becomes rigorous and vice versa. This is why graduating from MIT is more prestigious than graduating from Podunk Community College. But the fact is, the CCIE on the whole has probably gotten more rigorous (i.e. chopping the test from 2 days to 1, eliminating the dedicated troubleshooting section, more bootcamps/braindumps, more cheating, etc. etc.) which is why it has become less prestigious. >actually, probably the > inverse > is true as the more recent the certification the more recent > the > material covered. this is balanced against with age comes > opportunities and experiences. Unfortunately, the free market disagrees with you. The fact is, a growing number of recruiters, headhunters, and HR people are starting to give preference to lower-number CCIE's. Go check out the groupstudy.jobs forum. Yet I have never heard of any recruiter giving preference to higher-number CCIE. It's always one-way, and that's my point. > > threads like this are like discussing the maximum number of > angels > dancing on the head of a pin. i vote we kill the thread before > it > spawn. > > later. > > > > > > - Original Message - > From: n rf > Date: Thursday, June 5, 2003 5:16 pm > Subject: RE: number of CCIE [7:70151] > > > Well, there are still less than 10,000 CCIE's. So the > population > > hasn'taccelerated THAT dramatically. > > > > Having said that, I will say that the CCIE has most likely > gotten > less > > rigorous and therefore less valuable over time. I know this > is > > going to &
Re: RE: number of CCIE [7:70151]
yawn. - Original Message - From: n rf Date: Saturday, June 7, 2003 12:09 pm Subject: Re: RE: number of CCIE [7:70151] > garrett allen wrote: > > > > you make an a priori argument that lower is better. is a lower > > number > > cpa better than a higher numbered one? > > You got me wrong. I didn't say that lower is better at all times. > Read my > entire post again. > > I said that more rigorous equates to prestige. This is why I > included my > example of what would happen if Cisco decided to change the CCIE > exam to > become extremely rigorous - then eventually people would prize > "high-number" > CCIE's who passed the more rigorous version. The fact is, > prestige follows > rigor. If something is more rigorous, then it becomes rigorous > and vice > versa. This is why graduating from MIT is more prestigious than > graduatingfrom Podunk Community College. But the fact is, the > CCIE on the whole has > probably gotten more rigorous (i.e. chopping the test from 2 days > to 1, > eliminating the dedicated troubleshooting section, more > bootcamps/braindumps, more cheating, etc. etc.) which is why it > has become > less prestigious. > > > >actually, probably the > > inverse > > is true as the more recent the certification the more recent > > the > > material covered. this is balanced against with age comes > > opportunities and experiences. > > Unfortunately, the free market disagrees with you. The fact is, a > growingnumber of recruiters, headhunters, and HR people are > starting to give > preference to lower-number CCIE's. Go check out the > groupstudy.jobs forum. > Yet I have never heard of any recruiter giving preference to > higher-number > CCIE. It's always one-way, and that's my point. > > > > > > threads like this are like discussing the maximum number of > > angels > > dancing on the head of a pin. i vote we kill the thread before > > it > > spawn. > > > > later. > > > > > > > > > > > > - Original Message - > > From: n rf > > Date: Thursday, June 5, 2003 5:16 pm > > Subject: RE: number of CCIE [7:70151] > > > > > Well, there are still less than 10,000 CCIE's. So the > > population > > > hasn'taccelerated THAT dramatically. > > > > > > Having said that, I will say that the CCIE has most likely > > gotten > > less > > > rigorous and therefore less valuable over time. I know this > > is > > > going to > > > greatly annoy some people when I say this, but the truth is, > > the > > > averagequality of the later (read: high-number) CCIE's is > > probably > > > lower than the > > > average quality of the higher (read: lower-number) CCIE's. > > > > > > Before any of you high-number CCIE's decides to flame me, ask > > > yourself if > > > you were given the opportunity to trade your number for a > > lower > > > number,would you do it? For example, if you are CCIE #11,000 > > and > > > you could trade > > > that number for CCIE #1100, would you take it? Be honest > > with > > > yourself. > > > I'm sure you would concede that you would. By the same token > > we > > > also know > > > that no low-number CCIE would willingly trade his number for > > a > > > higher one. > > > The movement is therefore all "one-way". If all CCIE's were > > > really "created > > > equal" then nobody would really care one way or another which > > > number they > > > had. Therefore the CCIE community realizes that all CCIE's > > are not > > > createdequal and that intuitively that the lower number is > > more > > > desirable and the > > > higher number is less desirable (otherwise, why does > > everybody > > > want a lower > > > number?). Simply put, the test is not as rigorous as it was > > in > > > the past, > > > which is why lower numbers are preferred. > > > > > > Or, I'll put it to you another way. Let's say that starting > > at > > > #12,000Cisco makes the test ridiculously hard, putting in all > > > kinds of funky > > > technologies, and making the pass rate less than 1% or some > > other > > > god-awful > > > number. What would happen? Simple. Word would get around > > that > &g
Re: RE: number of CCIE [7:70151]
garrett allen wrote: > > you make an a priori argument that lower is better. is a lower > number > cpa better than a higher numbered one? You got me wrong. I didn't say that lower is better at all times. Read my entire post again. I said that more rigorous equates to prestige. This is why I included my example of what would happen if Cisco decided to change the CCIE exam to become extremely rigorous - then eventually people would prize "high-number" CCIE's who passed the more rigorous version. The fact is, prestige follows rigor. If something is more rigorous, then it becomes rigorous and vice versa. This is why graduating from MIT is more prestigious than graduating from Podunk Community College. But the fact is, the CCIE on the whole has probably gotten more rigorous (i.e. chopping the test from 2 days to 1, eliminating the dedicated troubleshooting section, more bootcamps/braindumps, more cheating, etc. etc.) which is why it has become less prestigious. >actually, probably the > inverse > is true as the more recent the certification the more recent > the > material covered. this is balanced against with age comes > opportunities and experiences. Unfortunately, the free market disagrees with you. The fact is, a growing number of recruiters, headhunters, and HR people are starting to give preference to lower-number CCIE's. Go check out the groupstudy.jobs forum. Yet I have never heard of any recruiter giving preference to higher-number CCIE. It's always one-way, and that's my point. > > threads like this are like discussing the maximum number of > angels > dancing on the head of a pin. i vote we kill the thread before > it > spawn. > > later. > > > > > > - Original Message - > From: n rf > Date: Thursday, June 5, 2003 5:16 pm > Subject: RE: number of CCIE [7:70151] > > > Well, there are still less than 10,000 CCIE's. So the > population > > hasn'taccelerated THAT dramatically. > > > > Having said that, I will say that the CCIE has most likely > gotten > less > > rigorous and therefore less valuable over time. I know this > is > > going to > > greatly annoy some people when I say this, but the truth is, > the > > averagequality of the later (read: high-number) CCIE's is > probably > > lower than the > > average quality of the higher (read: lower-number) CCIE's. > > > > Before any of you high-number CCIE's decides to flame me, ask > > yourself if > > you were given the opportunity to trade your number for a > lower > > number,would you do it? For example, if you are CCIE #11,000 > and > > you could trade > > that number for CCIE #1100, would you take it? Be honest > with > > yourself. > > I'm sure you would concede that you would. By the same token > we > > also know > > that no low-number CCIE would willingly trade his number for > a > > higher one. > > The movement is therefore all "one-way". If all CCIE's were > > really "created > > equal" then nobody would really care one way or another which > > number they > > had. Therefore the CCIE community realizes that all CCIE's > are not > > createdequal and that intuitively that the lower number is > more > > desirable and the > > higher number is less desirable (otherwise, why does > everybody > > want a lower > > number?). Simply put, the test is not as rigorous as it was > in > > the past, > > which is why lower numbers are preferred. > > > > Or, I'll put it to you another way. Let's say that starting > at > > #12,000Cisco makes the test ridiculously hard, putting in all > > kinds of funky > > technologies, and making the pass rate less than 1% or some > other > > god-awful > > number. What would happen? Simple. Word would get around > that > > the "new" > > CCIE was super-rigorous and therefore very prestigious to > pass. > > Eventually,numbers greater than #12000 would be coveted, and > > everybody would want to > > trade in their number for one greater than #12000. > Recruiters and > > HR people > > would start giving preference to CCIE's with numbers greater > than > > #12000. > > The point is that when rigor increases, prestige and > desirability > > tends to > > follow. When rigor declines, so does prestige and > desirability. > > > > > > And what is the cause of this decline in rigor? Well, you > alluded to > > several factors. While it is still rather controversial > exactly > > how the > > switch from 2 days to 1 day impacted the program, it is > widely > > conceded that > > it probably didn't help. Nor does having all these > braindumps all > > over the > > Internet, and not just for the written, but the lab as well. > The > > CCIE has > > certain arcane logistical rules that people have figured out > how > > to 'game' - > > for example, for example, some people who live near test > sites > > just attempt > > the lab every month over and over again. Finally, there is > the > > consensusthat the CCIE program has simply not kept up with > the > > growing amount of > > study ma
Re: RE: number of CCIE [7:70151]
you make an a priori argument that lower is better. is a lower number cpa better than a higher numbered one? actually, probably the inverse is true as the more recent the certification the more recent the material covered. this is balanced against with age comes opportunities and experiences. threads like this are like discussing the maximum number of angels dancing on the head of a pin. i vote we kill the thread before it spawn. later. - Original Message - From: n rf Date: Thursday, June 5, 2003 5:16 pm Subject: RE: number of CCIE [7:70151] > Well, there are still less than 10,000 CCIE's. So the population > hasn'taccelerated THAT dramatically. > > Having said that, I will say that the CCIE has most likely gotten less > rigorous and therefore less valuable over time. I know this is > going to > greatly annoy some people when I say this, but the truth is, the > averagequality of the later (read: high-number) CCIE's is probably > lower than the > average quality of the higher (read: lower-number) CCIE's. > > Before any of you high-number CCIE's decides to flame me, ask > yourself if > you were given the opportunity to trade your number for a lower > number,would you do it? For example, if you are CCIE #11,000 and > you could trade > that number for CCIE #1100, would you take it? Be honest with > yourself. > I'm sure you would concede that you would. By the same token we > also know > that no low-number CCIE would willingly trade his number for a > higher one. > The movement is therefore all "one-way". If all CCIE's were > really "created > equal" then nobody would really care one way or another which > number they > had. Therefore the CCIE community realizes that all CCIE's are not > createdequal and that intuitively that the lower number is more > desirable and the > higher number is less desirable (otherwise, why does everybody > want a lower > number?). Simply put, the test is not as rigorous as it was in > the past, > which is why lower numbers are preferred. > > Or, I'll put it to you another way. Let's say that starting at > #12,000Cisco makes the test ridiculously hard, putting in all > kinds of funky > technologies, and making the pass rate less than 1% or some other > god-awful > number. What would happen? Simple. Word would get around that > the "new" > CCIE was super-rigorous and therefore very prestigious to pass. > Eventually,numbers greater than #12000 would be coveted, and > everybody would want to > trade in their number for one greater than #12000. Recruiters and > HR people > would start giving preference to CCIE's with numbers greater than > #12000. > The point is that when rigor increases, prestige and desirability > tends to > follow. When rigor declines, so does prestige and desirability. > > > And what is the cause of this decline in rigor? Well, you alluded to > several factors. While it is still rather controversial exactly > how the > switch from 2 days to 1 day impacted the program, it is widely > conceded that > it probably didn't help. Nor does having all these braindumps all > over the > Internet, and not just for the written, but the lab as well. The > CCIE has > certain arcane logistical rules that people have figured out how > to 'game' - > for example, for example, some people who live near test sites > just attempt > the lab every month over and over again. Finally, there is the > consensusthat the CCIE program has simply not kept up with the > growing amount of > study material, bootcamps, lab-guides, and so forth. We all know > there's an > entire cottage industry devoted just to helping people to pass the > lab, and > while there's nothing wrong with that per se, it does mean that > Cisco needs > to keep pace to maintain test rigor. To offer a parallel > situation, when > the MCSE bootcamps started to proliferate, the value of the MCSE > plummetedbecause Microsoft did not properly maintain the rigor of > the cert. > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70228&t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: NOOOO!!!! [7:70103]
This reminds me of the sort of swapping that is a solution to the problem of upgrading IOS on a 2500-series router without the newer bootroms. You upgrade the IOS in a 2500 with the good bootroms, and then swap the flash sticks with the router that lacks the proper bootroms. The sort of common sense that permitted you to think of a solution like this on your own is often more valuable than genius. Tom Larus, CCIE #10,014 wrote in message news:[EMAIL PROTECTED] > You ARE a genius. I'm really glad you didn't have to commit suicide. > > > > From: "Lamy Alexandre" > > Date: 2003/06/03 Tue PM 10:25:50 EDT > > To: [EMAIL PROTECTED] > > Subject: RE: N [7:70103] > > > > I am a genius, > > > > I copied the rsp-boot on the simm flash on my 2611 > > > > I put the simm flash 2600 on my 7505 > > > > I put the simm flash 7505 on my 2600 > > > > I downloaded a IOS on rommon on my 2600 > > > > > > pppfff, is not documented solutionCisco says to ship in RMA > > > > > > I dont going suicide... ;-p Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70132&t=70103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: NOOOO!!!! [7:70103]
You ARE a genius. I'm really glad you didn't have to commit suicide. > > From: "Lamy Alexandre" > Date: 2003/06/03 Tue PM 10:25:50 EDT > To: [EMAIL PROTECTED] > Subject: RE: N [7:70103] > > I am a genius, > > I copied the rsp-boot on the simm flash on my 2611 > > I put the simm flash 2600 on my 7505 > > I put the simm flash 7505 on my 2600 > > I downloaded a IOS on rommon on my 2600 > > > pppfff, is not documented solutionCisco says to ship in RMA > > > I dont going suicide... ;-p Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70122&t=70103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: question on operational efficiency of vpn's [7:69739]
thanks for the feedback. to add a little more insight, bandwidth is more expensive in de than in the u.s., so we are using adsl. our de facilities use adsl with t-1 speeds for downloads but only 160kbps for uploads. the de site in question is hosting an ftp server that u.s. users access to get data files and copy them back to the states. they are several hundred megs in size and can take 4-8 hours to complete, depending on what else is going on. it appears to be the single largest consumer of wan uplink bandwidth. there are complaints of the amount of time required to complete an ftp but the folks do understand the math ... i suggested international overnite delivery as an option as there is a point where a tape is actually faster. the question was somewhat rhetorical. no right or wrong answer but i was interested in hearing different operational perspectives. cheers! - Original Message - From: Priscilla Oppenheimer Date: Thursday, May 29, 2003 12:57 pm Subject: RE: question on operational efficiency of vpn's [7:69739] > Good questions. I wish some others would pipe in so you would get > a bigger > sample space, but I'll pipe in since nobody else did yet! > > What do the rest of you think? The exec summary is that we're > wondering how > common it is to adjust host MTU to avoid fragmentation with VPN > and IPSec. > > See below. > > garrett allen wrote: > > > > just finished an 8 city (3 u.s./5 e.u.) vpn deployment. we > > were in a > > bit of a rush and now that we have finished the initial > > deployment we > > have the luxury of time to think things through a little more > > clearly. one oversight that we made in our haste to deploy we > > just > > confirmed - the overhead associated with ipsec is causing > > packet > > fragmentation for packets exiting one location and destined for > > another over the vpn tunnels. i don't have the traces in front > > of me > > but we did run a trace on an ftp session and confirmed it. on > > an ftp > > session between vpn locations you see the following pattern of > > packets > > received on the destination network: > > packet 1 - 1460 bytes > > packet 2 - 120 bytes > > packet 3 - 1460 bytes > > packet 4 - 120 bytes > > &c. > > > > they probably started life as 1500 bytes, the ipsec overhead > > forced a > > fragment, which appears as the second, smaller packet. the > > solution > > is to make all host mtu's slightly smaller, say 1460. this > > avoids > > fragmentation and results in an actual wan bandwidth savings of > > something like 3-5%, although it appears counter intuitive. > > the > > question i have is this - is it worth it to adjust each hosts > > mtu and > > take on that task? > > What would your goal be if you were to adjust each host's MTU? > Would it > matter much if utilization on the WAN links was reduced by 3-5%? > Are you > approaching a high utilization on the WAN links already? > > How much does throughput get affected by the fragmentation? Do you > have some > measurements before and after? I think the throughput would be > less due to > the fragmentation, but maybe not enough less to matter. How about the > response time? Although response time doesn't matter too much with a > non-interactive application, it could matter it if went way up > (which it > probably didn't though). > > Here's the most important question: Have the users noticed? Are they > complaining? If no, don't wory about it. And if yes, then are the > complaintsreally because of the fragmentation or more because of > the overhead inherent > in IPSec? > > You say you tested with FTP. Is that the application the users use > the most? > You should definitely test with their own applications. You may > find that > their favorite applications don't have the problem anyway. For > example, a > lot of HTTP implementations don't fill a 1500-byte packet anyway. > They use > shorter packets because the user's perceived performance is better if > smaller chunks of data appear on the screen quickly, rather than > waiting for > 1500 bytes at a time. > > > what are considered operational best > > practices - > > optimize wan or lan packet sizes and throughput. take on more > > server > > administration or ... given the recent thread on the death of > > design > > maybe the issue is moot? > > Maybe if you ghost the images and there's an easy way to make the > change on > every host it might be worth it, but you have to consider whether the > benefits are worth the cost. Design is all about making tradeoffs > and it's > not dead. > > Perhaps you will decide not to make any optimization, but the fact > that you > are considering it and the tradeoffs with manageability, and making > before-and-after measurements, etc. means that you are doing > design work. > > Also, think back on the project. Didn't you do some design work before > implementing an 8 city (3 u.s./5 e.u.) VPN solution? It sounds > like you were > in a
Re: Re: BGP Load Balance [7:69611]
BGP load balancing can be done using BGP peering on loopback address .And you have to add static routes in your routing table for loopback ip address and mention next-hop as serial links ip addresses/serial interface example: nei loopbackip remote-as asnumber nei loopbackip ebgp-multihop number and then ip route loopback ip 255.255.255.255 serialx ip route loopback ip 255.255.255.255 serialy hope this will help you Ramesh "Brian W." wrote: The way I've seen 2 paths used is by peering with a loopback interface and using neighbor peerip ebgp-multihop in the config. Brian - Original Message - From: "Azhar Teza" To: Sent: Tuesday, May 27, 2003 3:16 PM Subject: BGP Load Balance [7:69611] > If BGP route has two equal paths to the same destination, can it do load > balance by installing the command? maximum-paths 2 > > ___ > Join Excite! - http://www.excite.com > The most personalized portal on the Web! Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to http://airsahara.indiatimes.com and Bid Now ! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69671&t=69611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: PAT AFTER NAT...IS IT POSSIBLE??? [7:66672]
This is what I have run into in the past and I was almost certain that it was not possible. I set it up in the lab here with various configs and had the same result. As far as I was told in the last routing update I attended at our local cisco office, the SE's there confirmed that the PIX can be defined with a NAT Pool of addresses and then have the same pool statement entered only this time specifying the same address (ie. PAT) as an overload. They confirmed that the IOS router code does not function like this and that you would have to statically NAT those addresses that you wanted 1:1 on and then have a blanket PAT (overload) statement in to cover the rest. In the case of the original question with wanting to NAT 128 clients 1:1 and then have PAT for the rest, this would require a lot of configuration and to guarantee that 1:1 would occur (or to at least keep track of it) you would require static IPs on the clients wishing to 1:1 NAT. Hope I'm not flying way offline here but I believe this is the only way possible with an IOS router. Cheers > I've found that you cannot do this, at least not when you do nat to a pool > of addresses. You have to do static nat, then overload the rest. I tried > adding overload to the end of my existing nat statment with the pool, it > started PATing the addresses from the beginning. Instead of using the 1:1 > from the pool, then pating anything beyond that. > > ""Lee Carter"" wrote in message > news:[EMAIL PROTECTED] > > Yes you can just take your nat statement (ip nat inside source list 1...) > > and add the word overload on the end of the command. > > > > You will use a 1:1 NAT for the first set of users. Once your IP's are used > > up you will use PAT. It is important to note that some issues arise with > PAT > > versus NAT like IPSEC or DLSW. > > > > just an fyi. -- Composed with Newz Crawler 1.3 http://www.newzcrawler.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66712&t=66672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: PAT AFTER NAT...IS IT POSSIBLE??? [7:66672]
I knew this was possible on the pix, but have never configured it on an IOS router. It would be really appreciated if someone wouldn't mind posting a sample config as I cannot locate one on cisco's site or the netpro forum specific to IOS routers with both NAT and PAT configured like outlined in this post. Thanks. > Yes you can just take your nat statement (ip nat inside source list 1...) > and add the word overload on the end of the command. > > You will use a 1:1 NAT for the first set of users. Once your IP's are used > up you will use PAT. It is important to note that some issues arise with PAT > versus NAT like IPSEC or DLSW. > > just an fyi. -- Composed with Newz Crawler 1.3 http://www.newzcrawler.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66694&t=66672 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: it started out as a really good idea ... [7:64638]
mirable dictu! secret is in the standby track command. lost 9 pings and then picked up just like nothing happened. can pull any of the 4 links now an it works just like in the movies. thanks all. - Original Message - From: garrett allen Date: Friday, March 7, 2003 6:57 am Subject: Re: RE: it started out as a really good idea ... [7:64638] > must ... find... coffee > > just catching back up as dc awakens. the default gateways used by > the > pc's are the virtual router addresses, a different one for each > (i.e. > pc1 uses virtual router 1 and pc2 uses virtual router 2). the pc > arp > caches correctly reflect the virtual mac address (cisco generated > 0c...)which are different than the router interfaces bia's. > the > virtual macs do move and the different interfaces do seem to stop > and > start their role as the active interface. > > looking over the traces last nite didn't yield much more. i have > a > couple things to try and i did find a tac article that holds some > hope > using standby use-bia. we'll see. > > thanks for all your thoughts and help. i'll get this to work or > i'll > revert to plan b, 2 tin cans and ... > > - Original Message - > From: Priscilla Oppenheimer > Date: Thursday, March 6, 2003 5:14 pm > Subject: RE: it started out as a really good idea ... [7:64638] > > > What did you use a default gateway on the PCs?? > > > > Priscilla > > > > garrett allen wrote: > > > > > > i have a need for a high availability solution for a default > > > gateway > > > configuration. just finished the ccdp and thought it might be > > > interesting to try hsrp on a pair of 2514's. put some of that > > > theory > > > to work. instead of highly resiliant i've managed to configure > > > it for > > > mass failure. arg.., not exactly what i had in mind. now, any > > > time i > > > take down 1 of the 4 links, the connect between 2 remote hosts > > > dies. > > > this is in a lab (production is not a lab, production is not a > > > lab...) > > > so it is a mystery i would like to solve, but it is not > > > critical. > > > > > > here is the basic config (hope it makes it): > > > > > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > > > | | > > > |- e0 router 2, e1 | > > > > > > the routers act as a default gateway between the internal > > > network > > > (represented by pc host 1) and the external world (represented > > > by pc > > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > > each side > > > of the divide. i want to run hsrp on both sets of router > > > interfaces so > > > that in the event a router or an interface fails, the traffic > > > impact is > > > minimized. in the real world pc host 2 will be a firewall and > > > there > > > will be other hosts off that segment as well > > > > > > looks easy. sounds plausible. read the cisco docs. looks > > > like it > > > should work. minimal incantations before tickling the > > > keyboard. key > > > in the configs and it fires up nicely. do the show standby > > > thingee and > > > all looks cool. can ping the 2 stations end to end. most > > > excellent. > > > put a router in debug mode. when i pull one of the 4 router > > > cables the > > > router goes through a state change but no bits make it to the > > > far end. > > > not even the shiney ones. bitstream courtesy of ping. > > > > > > maybe i misunderstood what hsrp was suppose to do. the configs > > > are > > > below, along with the show standby results. both are 2514's (2 > > > aui's) > > > and both are running 12.2(1d). probably forgot to put the > > > interface in > > > mumble mode or something equally easy. no laughter, please. > > > > > > thanks in advance. > > > > > > router 1 > > > interface Ethernet0 > > > ip address 10.3.255.2 255.255.0.0 > > > no ip route-cache > > > no ip mroute-cache > > > standby 1 priority 200 preempt > > > standby 1 ip 10.3.0.2 > > > ! > > > interface Ethernet1 > > > ip address 10.4.254.2 255.255.0.0 > > > no ip route-cache > > > no ip mroute-cache > > &g
Re: RE: it started out as a really good idea ... [7:64638]
must ... find... coffee just catching back up as dc awakens. the default gateways used by the pc's are the virtual router addresses, a different one for each (i.e. pc1 uses virtual router 1 and pc2 uses virtual router 2). the pc arp caches correctly reflect the virtual mac address (cisco generated 0c...)which are different than the router interfaces bia's. the virtual macs do move and the different interfaces do seem to stop and start their role as the active interface. looking over the traces last nite didn't yield much more. i have a couple things to try and i did find a tac article that holds some hope using standby use-bia. we'll see. thanks for all your thoughts and help. i'll get this to work or i'll revert to plan b, 2 tin cans and ... - Original Message - From: Priscilla Oppenheimer Date: Thursday, March 6, 2003 5:14 pm Subject: RE: it started out as a really good idea ... [7:64638] > What did you use a default gateway on the PCs?? > > Priscilla > > garrett allen wrote: > > > > i have a need for a high availability solution for a default > > gateway > > configuration. just finished the ccdp and thought it might be > > interesting to try hsrp on a pair of 2514's. put some of that > > theory > > to work. instead of highly resiliant i've managed to configure > > it for > > mass failure. arg.., not exactly what i had in mind. now, any > > time i > > take down 1 of the 4 links, the connect between 2 remote hosts > > dies. > > this is in a lab (production is not a lab, production is not a > > lab...) > > so it is a mystery i would like to solve, but it is not > > critical. > > > > here is the basic config (hope it makes it): > > > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > > | | > > |- e0 router 2, e1 | > > > > the routers act as a default gateway between the internal > > network > > (represented by pc host 1) and the external world (represented > > by pc > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > each side > > of the divide. i want to run hsrp on both sets of router > > interfaces so > > that in the event a router or an interface fails, the traffic > > impact is > > minimized. in the real world pc host 2 will be a firewall and > > there > > will be other hosts off that segment as well > > > > looks easy. sounds plausible. read the cisco docs. looks > > like it > > should work. minimal incantations before tickling the > > keyboard. key > > in the configs and it fires up nicely. do the show standby > > thingee and > > all looks cool. can ping the 2 stations end to end. most > > excellent. > > put a router in debug mode. when i pull one of the 4 router > > cables the > > router goes through a state change but no bits make it to the > > far end. > > not even the shiney ones. bitstream courtesy of ping. > > > > maybe i misunderstood what hsrp was suppose to do. the configs > > are > > below, along with the show standby results. both are 2514's (2 > > aui's) > > and both are running 12.2(1d). probably forgot to put the > > interface in > > mumble mode or something equally easy. no laughter, please. > > > > thanks in advance. > > > > router 1 > > interface Ethernet0 > > ip address 10.3.255.2 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 1 priority 200 preempt > > standby 1 ip 10.3.0.2 > > ! > > interface Ethernet1 > > ip address 10.4.254.2 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 2 priority 200 preempt > > standby 2 ip 10.4.254.10 > > > > > > router 2 > > interface Ethernet0 > > ip address 10.3.255.1 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 1 priority 225 preempt > > standby 1 ip 10.3.0.2 > > ! > > interface Ethernet1 > > ip address 10.4.254.1 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 2 priority 150 preempt > > standby 2 ip 10.4.254.10 > > > > results of show standby > > Router1#show standby > > Ethernet0 - Group 1 > > Local state is Standby, priority 200, may preempt > > Hellotime 3 holdtime 10 > > Next hello sent in 00:00:00.940 > > Hot standby IP address is 10.3.0.2 configured > > Active router is 10.3.255.1 expires in 00:00:09, priority 225 > > Standby router is local > > 20 state changes, last state change 00:22:34 > > Ethernet1 - Group 2 > > Local state is Active, priority 200, may preempt > > Hellotime 3 holdtime 10 > > Next hello sent in 00:00:01.676 > > Hot standby IP address is 10.4.254.10 configured > > Active router is local > > Standby router is 10.4.254.1 expires in 00:00:08 > > Standby virtual mac address is .0c07.ac02 > > 17 state changes, last state change 00:23:26 > > Router1# > > > > Router2#show standby > > Ethernet0 - Group 1 > > Local state is Active, priority 225, may preempt > > Hellotime 3 holdtime 10 > > Next hello sent in 00:00:01.01
Re: RE: it started out as a really good idea [7:64636]
never any offense in the search for truth, just truth. the pc's are configured with the virtual router as the default gateway. i checked the arp cache on the pc's (w2k) with arp -a before i unplugged, during the unplug time, and afterwards. the mac address remained the same, which is to say the 0c... virtual mac address that cisco uses. it is different than the bia on the interfaces and when doing a show interfaces you can see which interface has the virtual mac address since its hardware address is different than its bia. i read through a tac article last nite that may hold a clue. it suggests using the bia as the virtual mac address via the "standby use- bia". it stipulated that even though the pc uses the virtual mac address return packets will bear the bia of the router as the source mac. it is a function of the lower end cisco gear and how many mac addresses they can have. these are 2514's. i haven't fully thought through the ramifications of this but have found in practice that asymmetry usually leads to bad juju, so changing the mac may help by making things consistent. it did caution that some end stations may not play well when the mac changes, but a gratuitous arp was sent. so we'll see today. i hesitated to post the traces as they were rather large. i will do so later today with fresh traces unless someone objects about the noise volume. if so i can send offline to whomsoever is interested. i've never worked with hsrp so i am interested in getting it resolved and understanding the why's of unsuccessful and successful operation. like i said in the beginning, it seemed like a really good idea... cheers for now (off to the salt mines ...) garrett - Original Message - From: Troy Leliard Date: Friday, March 7, 2003 4:46 am Subject: RE: it started out as a really good idea [7:64636] > Looks like you have it configured correctly, and that they are forming > "adjacencies". At the risk of offending, but always best to start > right at > the beginning, the gateway on your hosts are set to the HSRP > address correct? > > When you unplug any of the 4 cables, you can no longer ping the > either side > of the host. Perhaps give us a debug standby during one of these > events ? > > > garrett allen wrote: > > > > i have a need for a high availability solution for a default > > gateway > > configuration. just finished the ccdp and thought it might be > > interesting to try hsrp on a pair of 2514's. put some of that > > theory > > to work. instead of highly resiliant i've managed to configure > > it for > > mass failure. arg.., not exactly what i had in mind. now, any > > time i > > take down 1 of the 4 links, the connect between 2 remote hosts > > dies. > > this is in a lab (production is not a lab, production is not a > > lab...) > > so it is a mystery i would like to solve, but it is not > > critical. > > > > here is the basic config (hope it makes it): > > > > pc host 1 -+- e0 router 1, e1 +- pc host 2 > > | | > > |- e0 router 2, e1 | > > > > the routers act as a default gateway between the internal > > network > > (represented by pc host 1) and the external world (represented > > by pc > > host 2). i have used 10.3 and 10.4 /16 as the addresses for > > each side > > of the divide. i want to run hsrp on both sets of router > > interfaces so > > that in the event a router or an interface fails, the traffic > > impact is > > minimized. in the real world pc host 2 will be a firewall and > > there > > will be other hosts off that segment as well > > > > looks easy. sounds plausible. read the cisco docs. looks > > like it > > should work. minimal incantations before tickling the > > keyboard. key > > in the configs and it fires up nicely. do the show standby > > thingee and > > all looks cool. can ping the 2 stations end to end. most > > excellent. > > put a router in debug mode. when i pull one of the 4 router > > cables the > > router goes through a state change but no bits make it to the > > far end. > > not even the shiney ones. bitstream courtesy of ping. > > > > maybe i misunderstood what hsrp was suppose to do. the configs > > are > > below, along with the show standby results. both are 2514's (2 > > aui's) > > and both are running 12.2(1d). probably forgot to put the > > interface in > > mumble mode or something equally easy. no laughter, please. > > > > thanks in advance. > > > > router 1 > > interface Ethernet0 > > ip address 10.3.255.2 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 1 priority 200 preempt > > standby 1 ip 10.3.0.2 > > ! > > interface Ethernet1 > > ip address 10.4.254.2 255.255.0.0 > > no ip route-cache > > no ip mroute-cache > > standby 2 priority 200 preempt > > standby 2 ip 10.4.254.10 > > > > > > router 2 > > interface Ethernet0 > > ip address 10.3.255.1 255.255.0.0 > >
Re: RE: VPN Client behind PIX [7:64358]
I found this info under the 3.6 client Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the NAT/Firewall device may be closed due to the VPN Client's keepalive implementation, called DPD (Dead Peer Detection). When a Client is idle, it does not send a keepalive until it sends data and gets no response. To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the following parameter and setting to the [Main] section of any *.pcf (profile configuration file) for the affected connection profile. ForceKeepAlives=1 This parameter enables IKE and ESP keepalives for the connection at approximately 20 second intervals. For more information, see "Connection Profile Configuration Parameters" in the VPN Client Administrator > > From: "Kevin O'Gilvie" > Date: 2003/03/05 Wed PM 11:16:52 EST > To: [EMAIL PROTECTED] > Subject: RE: VPN Client behind PIX [7:64358] > > I couldnt have said it better myself!! > > >From: "brett spunt" > >To: "'Kevin O'Gilvie'" , > >Subject: RE: VPN Client behind PIX [7:64358] > >Date: Wed, 5 Mar 2003 19:17:26 -0800 > > > >It's not possible, and here's why. The pix Vpn only supports IPSEC over > >UDP. Ipsec over UDP is NOT supported when sitting behind a stateful > >firewall (such as the pix). You need to use Ipsec over TCP if using the > >vpn client sitting behind a pix, or like stated before, you could create > >a "site to site" VPN, setting up to peer with the pix at your work. The > >reason a concentrator will work, is it's supports ipsec over tcp > >connections, in addition to standard ipsec, and ipsec over UDP.. > > > >HTH, > > > >Brett Michael Spunt > >CCNP,CIPT,MCSE > >Computer Network Innovations > >[EMAIL PROTECTED] > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > >Kevin O'Gilvie > >Sent: Tuesday, March 04, 2003 7:23 PM > >To: [EMAIL PROTECTED] > >Subject: Re: VPN Client behind PIX [7:64358] > > > >I am assuming he is behind a cable modem or dsl. > >If so, even cisco says this is not possible. > >If someone has this working pleas advise.. > > > > > > >From: "Greg Owens" > > >Reply-To: "Greg Owens" > > >To: [EMAIL PROTECTED] > > >Subject: Re: VPN Client behind PIX [7:64358] > > >Date: Tue, 4 Mar 2003 19:09:16 GMT > > > > > >You just need to open the ports you are using, ie 500, 47 1 > > > > > > > > From: "Steve Smith" > > > > Date: 2003/03/04 Tue AM 11:15:21 EST > > > > To: [EMAIL PROTECTED] > > > > Subject: VPN Client behind PIX [7:64358] > > > > > > > > OK gang here is the scenario. We have a PIX at work running VPN. I > >have > > > > a 515 at home. Before I put the 515 at home in I could use the VPN > > > > client to connect to work. Now I can not. I remember a year or so > >back > > > > reading a Cisco article about this and that you had to use a certain > >IP > > > > range on the remote (my house) network. Does anyone know anything > >about > > > > this? Any suggestions? > > > > > > > > Thanks! > > > > > > > > Steve Smith > > > > Enterprise Engineer > > > > 901-758-8179 ext. 108 > > > > TEKSELL > > > > [EMAIL PROTECTED] > > >Greg Owens > > >202-398-2552 > >_ > >Protect your PC - get McAfee.com VirusScan Online > >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > _ > Tired of spam? Get advanced junk mail protection with MSN 8. > http://join.msn.com/?page=features/junkmail Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64604&t=64358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: VPN Client behind PIX [7:64358]
I found this info under 3.6 client Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the NAT/Firewall device may be closed due to the VPN Client's keepalive implementation, called DPD (Dead Peer Detection). When a Client is idle, it does not send a keepalive until it sends data and gets no response. To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the following parameter and setting to the [Main] section of any *.pcf (profile configuration file) for the affected connection profile. ForceKeepAlives=1 This parameter enables IKE and ESP keepalives for the connection at approximately 20 second intervals. For more information, see "Connection Profile Configuration Parameters" in the VPN Client Administrator > > From: "Kevin O'Gilvie" > Date: 2003/03/05 Wed PM 11:16:52 EST > To: [EMAIL PROTECTED] > Subject: RE: VPN Client behind PIX [7:64358] > > I couldnt have said it better myself!! > > >From: "brett spunt" > >To: "'Kevin O'Gilvie'" , > >Subject: RE: VPN Client behind PIX [7:64358] > >Date: Wed, 5 Mar 2003 19:17:26 -0800 > > > >It's not possible, and here's why. The pix Vpn only supports IPSEC over > >UDP. Ipsec over UDP is NOT supported when sitting behind a stateful > >firewall (such as the pix). You need to use Ipsec over TCP if using the > >vpn client sitting behind a pix, or like stated before, you could create > >a "site to site" VPN, setting up to peer with the pix at your work. The > >reason a concentrator will work, is it's supports ipsec over tcp > >connections, in addition to standard ipsec, and ipsec over UDP.. > > > >HTH, > > > >Brett Michael Spunt > >CCNP,CIPT,MCSE > >Computer Network Innovations > >[EMAIL PROTECTED] > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > >Kevin O'Gilvie > >Sent: Tuesday, March 04, 2003 7:23 PM > >To: [EMAIL PROTECTED] > >Subject: Re: VPN Client behind PIX [7:64358] > > > >I am assuming he is behind a cable modem or dsl. > >If so, even cisco says this is not possible. > >If someone has this working pleas advise.. > > > > > > >From: "Greg Owens" > > >Reply-To: "Greg Owens" > > >To: [EMAIL PROTECTED] > > >Subject: Re: VPN Client behind PIX [7:64358] > > >Date: Tue, 4 Mar 2003 19:09:16 GMT > > > > > >You just need to open the ports you are using, ie 500, 47 1 > > > > > > > > From: "Steve Smith" > > > > Date: 2003/03/04 Tue AM 11:15:21 EST > > > > To: [EMAIL PROTECTED] > > > > Subject: VPN Client behind PIX [7:64358] > > > > > > > > OK gang here is the scenario. We have a PIX at work running VPN. I > >have > > > > a 515 at home. Before I put the 515 at home in I could use the VPN > > > > client to connect to work. Now I can not. I remember a year or so > >back > > > > reading a Cisco article about this and that you had to use a certain > >IP > > > > range on the remote (my house) network. Does anyone know anything > >about > > > > this? Any suggestions? > > > > > > > > Thanks! > > > > > > > > Steve Smith > > > > Enterprise Engineer > > > > 901-758-8179 ext. 108 > > > > TEKSELL > > > > [EMAIL PROTECTED] > > >Greg Owens > > >202-398-2552 > >_ > >Protect your PC - get McAfee.com VirusScan Online > >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > _ > Tired of spam? Get advanced junk mail protection with MSN 8. > http://join.msn.com/?page=features/junkmail Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64602&t=64358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: VPN Client behind PIX [7:64358]
I found this info under the 3.6 client Allowing the VPN Client to Work Through ESP-Aware NAT/Firewalls When using the VPN Client behind an ESP-aware NAT/Firewall, the port on the NAT/Firewall device may be closed due to the VPN Client's keepalive implementation, called DPD (Dead Peer Detection). When a Client is idle, it does not send a keepalive until it sends data and gets no response. To allow the VPN Client to work through ESP-aware NAT/Firewalls, add the following parameter and setting to the [Main] section of any *.pcf (profile configuration file) for the affected connection profile. ForceKeepAlives=1 This parameter enables IKE and ESP keepalives for the connection at approximately 20 second intervals. For more information, see "Connection Profile Configuration Parameters" in the VPN Client Administrator > > From: "Kevin O'Gilvie" > Date: 2003/03/05 Wed PM 11:16:52 EST > To: [EMAIL PROTECTED] > Subject: RE: VPN Client behind PIX [7:64358] > > I couldnt have said it better myself!! > > >From: "brett spunt" > >To: "'Kevin O'Gilvie'" , > >Subject: RE: VPN Client behind PIX [7:64358] > >Date: Wed, 5 Mar 2003 19:17:26 -0800 > > > >It's not possible, and here's why. The pix Vpn only supports IPSEC over > >UDP. Ipsec over UDP is NOT supported when sitting behind a stateful > >firewall (such as the pix). You need to use Ipsec over TCP if using the > >vpn client sitting behind a pix, or like stated before, you could create > >a "site to site" VPN, setting up to peer with the pix at your work. The > >reason a concentrator will work, is it's supports ipsec over tcp > >connections, in addition to standard ipsec, and ipsec over UDP.. > > > >HTH, > > > >Brett Michael Spunt > >CCNP,CIPT,MCSE > >Computer Network Innovations > >[EMAIL PROTECTED] > > > >-Original Message- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > >Kevin O'Gilvie > >Sent: Tuesday, March 04, 2003 7:23 PM > >To: [EMAIL PROTECTED] > >Subject: Re: VPN Client behind PIX [7:64358] > > > >I am assuming he is behind a cable modem or dsl. > >If so, even cisco says this is not possible. > >If someone has this working pleas advise.. > > > > > > >From: "Greg Owens" > > >Reply-To: "Greg Owens" > > >To: [EMAIL PROTECTED] > > >Subject: Re: VPN Client behind PIX [7:64358] > > >Date: Tue, 4 Mar 2003 19:09:16 GMT > > > > > >You just need to open the ports you are using, ie 500, 47 1 > > > > > > > > From: "Steve Smith" > > > > Date: 2003/03/04 Tue AM 11:15:21 EST > > > > To: [EMAIL PROTECTED] > > > > Subject: VPN Client behind PIX [7:64358] > > > > > > > > OK gang here is the scenario. We have a PIX at work running VPN. I > >have > > > > a 515 at home. Before I put the 515 at home in I could use the VPN > > > > client to connect to work. Now I can not. I remember a year or so > >back > > > > reading a Cisco article about this and that you had to use a certain > >IP > > > > range on the remote (my house) network. Does anyone know anything > >about > > > > this? Any suggestions? > > > > > > > > Thanks! > > > > > > > > Steve Smith > > > > Enterprise Engineer > > > > 901-758-8179 ext. 108 > > > > TEKSELL > > > > [EMAIL PROTECTED] > > >Greg Owens > > >202-398-2552 > >_ > >Protect your PC - get McAfee.com VirusScan Online > >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > _ > Tired of spam? Get advanced junk mail protection with MSN 8. > http://join.msn.com/?page=features/junkmail Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=64603&t=64358 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Traffic thru PIX [7:63347]
access-group "name" in interface "if_name" I garantee this will do it for you. > > From: "Albert Lu" > Date: 2003/02/20 Thu AM 10:10:09 EST > To: [EMAIL PROTECTED] > Subject: RE: Traffic thru PIX [7:63347] > > Hi, > > You say you can't ping through pix. I imagine you mean from a PC on the > inside network to the internet address on the outside network. Did you check > your xlate table if it's doing the translation? (ie. show xlate). I also > notice that you have a VPN, make sure that the address you ping isn't in the > subnet that you define for the VPN nat0 and for interesting traffic. > > Looking at your ping results, it looks like you can ping hosts in the inside > and outside interfaces. So you just have to figure out why your pix is > stopping your traffic. > > Albert > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tunji Suleiman > Sent: Thursday, February 20, 2003 4:27 PM > To: [EMAIL PROTECTED] > Subject: Traffic thru PIX [7:63347] > > > Hello All, > > Can someone pls tell me how I can allow pings and other traffic thru the > PIX? I've added both access-list and conduits for testing. Can ping from pix > to a test PC on LAN, to Internet router and to UUNet DNS but not from test > PC thru PIX as per below: > > PIX# wr t > Building configuration... > : Saved > : > PIX Version 6.1(2) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > enable password J470/UhJVN.5DRKT encrypted > passwd J470/UhJVN.5DRKT encrypted > hostname PIX > domain-name pixdomain.com > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol rtsp 554 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > name 10.250.77.3 testpc > name 66.120.182.121 gateway > access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.250.0.0 255.255.0.0 > access-list nat0 permit ip 10.250.77.0 255.255.255.0 10.249.0.0 255.255.0.0 > access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.250.4.0 > 255.255.255 > .0 > access-list oxfordhub permit ip 10.250.77.0 255.255.255.0 10.249.48.0 > 255.255.24 > 0.0 > access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.250.3.0 > 255.255.255 > .0 > access-list ipalcohub permit ip 10.250.77.0 255.255.255.0 10.249.32.0 > 255.255.24 > 0.0 > access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.250.0.0 > 255.255.255.0 > access-list arlhub permit ip 10.250.77.0 255.255.255.0 10.249.64.0 > 255.255.240.0 > > access-list arlington permit ip 10.250.77.0 255.255.255.0 10.250.2.0 > 255.255.255 > .0 > access-list arlington permit ip 10.250.77.0 255.255.255.0 10.249.16.0 > 255.255.24 > 0.0 > access-list richmond permit ip 10.250.77.0 255.255.255.0 10.250.75.0 > 255.255.255 > .0 > access-list aclout permit icmp any any > pager lines 24 > logging console debugging > interface ethernet0 auto > interface ethernet1 auto > mtu outside 1500 > mtu inside 1500 > ip address outside 66.120.182.122 255.255.255.248 > ip address inside 10.250.77.1 255.255.255.0 > ip audit info action alarm > ip audit attack action alarm > pdm history enable > arp timeout 14400 > global (outside) 1 66.120.182.123 netmask 255.255.255.248 > nat (inside) 0 access-list nat0 > nat (inside) 1 0.0.0.0 0.0.0.0 0 0 > access-group aclout in interface outside > conduit permit icmp any any > conduit permit tcp any any > route outside 0.0.0.0 0.0.0.0 gateway 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 si > p 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > http server enable > http 10.250.78.3 255.255.255.255 inside > http 10.250.77.2 255.255.255.255 inside > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > sysopt connection permit-ipsec > no sysopt route dnat > crypto ipsec transform-set strong3 esp-3des esp-sha-hmac > crypto map cmap 1 ipsec-isakmp > crypto map cmap 1 match address oxfordhub > crypto map cmap 1 set peer 217.33.153.3 > crypto map cmap 1 set transform-set strong3 > crypto map cmap 2 ipsec-isakmp > crypto map cmap 2 match address ipalcohub > crypto map cmap 2 set peer 216.37.39.66 > crypto map cmap 2 set transform-set strong3 > crypto map cmap 3 ipsec-isakmp > crypto map cmap 3 match address arlhub > crypto map cmap 3 set peer 206.154.225.2 > crypto map cmap 3 set transform-set strong3 > crypto map cmap 4 ipsec-isakmp > crypto map cmap 4 match address arlington > crypto map cmap 4 set peer 65.204.31.2 > crypto map cmap 4 set transform-set strong3 > crypto map cmap 5 ipsec-isakmp > crypto map cmap 5 match address richmond > crypto map cmap 5 set peer 195.172.96.66 > crypto map cmap 5 set transform-set strong3 > crypto map cmap interface outside > isakmp enable outside > isakmp key address 217.33.1
Re: Re: Snort versus Cisco IDS [7:62939]
There are also some very nice prebuilt Snort sensors with a GUI from the following vendors. www.sourcefire.com www.silicondefense.com www.packetalarm.com I have had the opportunity to evaluate and configure products from all three, and they have done an excellent job of bringing Snort to the masses. Basically, the sensors have a hardened OS (Linux or Solaris) with a creamy GUI wrapped around itand of course, Snort in all its glory. And, no, I don't get a commission from any of the above... HTH, Charles ""Craig Columbus"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Having installed and worked with both products, I think that Cisco's > offering is more comprehensive, but Snort is highly reliable and much > cheaper. > It doesn't have some of the features of the Cisco product (dynamic > shunning), but for most small to medium sized businesses (like the kind I > work with daily), Snort is more than sufficient given the cost. > On average, I can install a Snort sensor on dedicated hardware and FreeBSD > for approximately $1000. A single Cisco 4210 sensor install costs me about > $5600. If I need to scale to Gbit capability, I can install a Snort sensor > for approx. $5000, compared to $18K for a Cisco 4250. > > In summary, they're both decent products. If you need a comprehensive > system for large enterprise, then Cisco certainly has the edge over > Snort...at least until you start talking about hardware-based, customized > snort like that from Silicon Defense. If you just need a solid IDS for > small business and don't want to spend a ton of cash, then Snort is a great > alternative and is usually my first recommendation. > > > At 05:06 AM 2/13/2003 +, you wrote: > >Someone told me in an authoritative voice today that Cisco doesn't recommend > >their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a > >big part of SAFE? > > > >Of course, the person who said this doesn't understand that Cisco is a huge, > >chaotic organism, and that saying Cisco does something based on what one > >person does, doesn't make sense. > > > >But I'm just curious, what do you all recommend for intrusion detection? How > >do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > >complicated, requiring appliances or IDS cards in a switch and a console: > > > >Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that > >runs on UNIX (Solaris and HP-UX) > > > >Cisco Secure Policy Manager (v2.2+)Windows NT-based package > > > >Thanks. > > > >Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62971&t=62939 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: question(routing) [7:62490]
I know what WCCP is for. I just want to find out why it is there in the config. It may have some relation to the problem. "Andrew Larkins" wrote: WCCP is for web caching - it is used in conjunction with a Cisco content engine to pass all HTTP requests (an others) to a cache engine without the users physically having a proxy configured -Original Message- From: Keyur Lavingia [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 16:15 To: [EMAIL PROTECTED] Subject: Re: question(routing) [7:62490] Hi, I notice some wccp commands in your config. Can you please tell me where u are using it and for what ? Thanks, Keyur. "kaushalender" wrote: Hello group, Kindly resolve my confussion.I have cisco 2610 router.We r running static routing with our service provider .Now what is happening that suddely my http request stoped going out means there was no browsing on lan and customer I was able to telnet every website on port 80 that means i able to reach website till apllication layer from my pc .Now how can i find out what is killing my http request in my network . and my service provider is saying that from my side huge amount of routing loops is coming but i have put whole announced network on ethernet. This is the conf .PLz help me sh run >Building configuration... > >Current configuration : 4962 bytes >! >version 12.2 >service timestamps debug datetime msec localtime show-timezone >service timestamps log datetime msec localtime show-timezone >service password-encryption >! >hostname Rainbow >! >logging buffered 1 debugging >no logging console >aaa new-model >aaa authentication login default local group radius >aaa authorization exec default local group radius >enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 >enable password 7 000D0016457B525F56 >! >username rainbow password 7 095E4F0017071805 > >clock timezone GMT 5 >clock summer-time GMT recurring >ip subnet-zero >no ip source-route >ip wccp version 1 >ip flow-cache timeout inactive 300 >ip flow-cache timeout active 1 >ip cef >! >! >ip name-server 202.78.168.6 >ip name-server 202.78.168.14 > >p name-server 202.54.15.1 >! >! >class-map match-any http-hacks > match protocol http url "*.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" > match protocol http url "*readme.eml*" >! >! >policy-map mark-inbound-http-hacks > class http-hacks > set ip dscp 1 >! > >! >interface Ethernet0/0 > ip address 202.78.164.3 255.255.252.0 secondary > ip address 202.54.194.65 255.255.255.224 secondary > ip address 202.78.168.26 255.255.248.0 > ip access-group 115 in > ip access-group 115 out > no ip proxy-arp > rate-limit input access-group 121 48000 52000 52000 conform-action >transmit exceed-action drop > rate-limit input access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > rate-limit output access-group 110 64000 64000 64000 conform-action >transmit exceed-action drop > rate-limit output access-group 121 296000 30 30 conform-action >transmit exceed-action drop > rate-limit output access-group 122 32000 32000 32000 conform-action >transmit exceed-action drop > no ip mroute-cache > full-duplex > service-policy input mark-inbound-http-hacks >service-policy output mark-inbound-http-hacks > no cdp enable >interface Serial0/0 > bandwidth 512 > no ip address > no ip mroute-cache > shutdown > no fair-queue >! >interface Serial0/1 > bandwidth 512 > no ip address > no ip route-cache > no ip mroute-cache > shutdown >! >interface Serial0/2 > no ip address > shutdown >! >interface Serial0/3 > description "OASIS LINK" >ip address 216.252.243.5 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 64000 128000 128000 conform-action transmit >exceed-action drop > rate-limit output 64000 128000 128000 conform-action transmit >exceed-action drop > encapsulation ppp >! >interface Serial1/0 > description Shapura Link > ip address 216.252.243.1 255.255.255.252 > ip access-group 107 in > ip access-group 107 out > rate-limit input 32000 32768 32768 conform-action transmit >exceed-action drop > >interface Serial1/1 > description DOIT LINK > bandwidth 128 > ip address 216.252.243.17 255.255.255.252 >rate-limit input 32000 65536 65536 conform-action transmit exceed-action >drop > rate-limit output 32000 65536 65536 conform-action transmit >exceed-action drop > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >! >nterface Serial1/2 > no ip address > shutdown >! >interface Serial1/3 > description vsnl link > ip address 202.54.192.66 255.255.255.252 > ip access-group 115 in > ip access-group 115 out > encapsulation ppp > service-policy input mark-inbound-http-hacks > service-policy output mark-inbound-http-hacks >!p flow-export source Ethernet0/0 >ip flow-export version 5 peer-as >ip flow-export destination 202.78.168.2 2055 >ip classless >ip route 0.0.0.0 0.0.0.0 202.54.192.65 >ip route 202.78.160.0
RE: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60888]
Thank you for all that responded to this. Found out that I had to influence the route using the bandwidth and delay properties to change the primary route to MPLS instead of the frame relay link. Cheers, Jamie -Original Message- From: Amar KHELIFI [mailto:[EMAIL PROTECTED]] Sent: January 11, 2003 3:15 PM To: [EMAIL PROTECTED] Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60840] > Sorry, but i lacked to enphasis some important points that affect the ((bandwith)) command, it is true that the bandwith command affectes > only igrp and eigrp route selection, and that it has nothing to do with the > actual clock, that is left to the ((clock rate)) command. > it is, how ever a good practice in large environments to coordone the > bandwith used for specific interfaces throughout the hall network that way > the interface type can be predictable in any hope your viewing the routing > table @, but you don't have to bother yourself with if you just have a hub > and spoke topologie that is not very large, and even though in which case > you would implement stubing as it is the most scalable solution in that > scenario. > > excuse the lack of info in the previous message > > Best Regards, > Amar > CCNA, CCNP > > - Original Message - > From: "Amar KHELIFI" > To: > Sent: Saturday, January 11, 2003 9:30 PM > Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link > [7:60840] > > > > > > the BW of the tunnel should not be over that of the T1, assuming all > traffic > > will use the tuunel interface to get to the other site > > the best way if you are only paasing traffic for a particular network, is > to > > messure the bw used to reach the net by using ip accounting or netflow if > > you the necessaey ios and hw, and calculate it based on the monitored time > > to have an average which you will use to split the bandwith between the > > Physical and logical interfaces. > > Hope this helps > > Best Regards > > Amar > > CCNA CCNP > > PS i don't know why i can't send messages to the group > > - Original Message - > > From: > > Newsgroups: groupstudy.cisco > > Sent: Friday, January 10, 2003 8:53 PM > > Subject: Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link > > [7:60840] > > > > > > > Thank you for the response. Another peice of the puzzle is that I > believe > > > there are two way to influence the EIGRP Table. I could increase the > > > 10.x.x.x tunnel bandwidth or I could advertise the 64.200.x.x network in > to > > > the EIGRP metric. Presently the 64.200.x.x network is not advertised in > > the > > > eigrp table, only the 10.x.x.x is. I believe this is a situation of two > > way > > > to 'skin' the cat. Just wondering what way is preferred over the other. > > > > > > To further convolude the situation I have another engineer here that > > believe > > > the delay should be manipulated instead of the bandwidth. > > > > > > Any suggestions are appreciated. > > > > > > Cheers, > > > > > > Jamie > > > > > > - Original Message - > > > From: "Georgescu, Aurelian" > > > Date: Friday, January 10, 2003 11:21 am > > > Subject: RE: : Influencing EIGRP to use GRE tunnels over Serial link > > > [7:60834] > > > > > > > You have to put a "bandwidth" statement under the tunnel > > > > interfaces as well, > > > > with a higher value than FR. > > > > > > > > Aurelian Georgescu > > > > > > > > > > > > -Original Message- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > > Sent: Friday, January 10, 2003 2:00 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: : Influencing EIGRP to use GRE tunnels over Serial link > > > > [7:60834] > > > > Hello all, > > > > > > > > I have a question. I have gre tunnels going through MPLS running > > > > 1.544mbps,running EIGRP. The secondary links are Frame Relay > > > > links running at 256kbps > > > > per link. Presently EIGRP has calculated the best link to be the > > > > SprintLink as there are bandwidth statements in the frame relay > > > > subinterface on > > > > the remote site: > > > > > > > > Remote Site In Tampa: > > > > interface Serial0/0.2 point-to-point > > > > description &qu
Re: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60840]
Thank you for the response. Another peice of the puzzle is that I believe there are two way to influence the EIGRP Table. I could increase the 10.x.x.x tunnel bandwidth or I could advertise the 64.200.x.x network into the EIGRP metric. Presently the 64.200.x.x network is not advertised in the eigrp table, only the 10.x.x.x is. I believe this is a situation of two way to 'skin' the cat. Just wondering what way is preferred over the other. To further convolude the situation I have another engineer here that believe the delay should be manipulated instead of the bandwidth. Any suggestions are appreciated. Cheers, Jamie - Original Message - From: "Georgescu, Aurelian" Date: Friday, January 10, 2003 11:21 am Subject: RE: : Influencing EIGRP to use GRE tunnels over Serial link [7:60834] > You have to put a "bandwidth" statement under the tunnel > interfaces as well, > with a higher value than FR. > > Aurelian Georgescu > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 10, 2003 2:00 PM > To: [EMAIL PROTECTED] > Subject: : Influencing EIGRP to use GRE tunnels over Serial link > [7:60834] > Hello all, > > I have a question. I have gre tunnels going through MPLS running > 1.544mbps,running EIGRP. The secondary links are Frame Relay > links running at 256kbps > per link. Presently EIGRP has calculated the best link to be the > SprintLink as there are bandwidth statements in the frame relay > subinterface on > the remote site: > > Remote Site In Tampa: > interface Serial0/0.2 point-to-point > description "Connect to Seattle" > bandwidth 256 > ip address 192.168.228.253 255.255.255.0 > no ip mroute-cache > no cdp enable > frame-relay interface-dlci 41 > > interface Tunnel1 > description "Tampa Tunnel to Seattle" > ip address 10.0.48.6 255.255.255.252 > tunnel source Serial0/1 > tunnel destination 64.200.134.18 > ! > The Tamp Site connects with Seattle Hub with these configs: > > interface Tunnel1 > description "Seattle Tunnel to Tampa" > ip address 10.0.48.5 255.255.255.252 > tunnel source Serial2/0 > tunnel destination 64.200.118.162 > end > > interface Serial0/0.8 point-to-point > description "Seattle to Tampa" > bandwidth 256 > ip address 192.168.228.254 255.255.255.0 > no ip route-cache > no ip mroute-cache > no cdp enable > frame-relay interface-dlci 39 > > I believe the best way to influence EIGRP would be to add a bandwidth > statement to the tunnel or the interface to which the tunnel is > applied to. > > One other question. T1 1.544mbps would be 193000 in the bandwidth > statement?.. believe so ..but having a brain fart right now. > > Thank you for your help. > > Cheers, > > Jamie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60840&t=60840 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Bridging Question?can it be hub too [7:60546]
Simmi Singla wrote: > > Hi all, > Can I make the router as hub too ,suppose my requirement is > like that what ever data comes on one port should come on > other,Can we configure span on router as we do on switch. No, you can't turn your router into a hub, although there are some multi-port modules you can add to a router that are hub modules. Those ports aren't routed. They are in a hub that is built-into a router. I suppose if you shut down all the other interfaces (the "real" routed interfaces) you would have turned your router into a hub. :-) Doing SPAN on a router wouldn't turn it into a hub. A hub doesn't understand frames, packets, data. It just forwards bits. A hub is a multi-port repeater. SPAN is smarter than that. It understands frames. It's also a switch technology. I don't think you can use it on a router, unless Cisco has added that recently. SPAN exists because switches replaced hubs, making it hard for protocol analysts to see what was happening. Priscilla > Regards > mlehr wrote: > > > > I have studied for and successfully tested CCNA & CCNP and now > > I am studying > > for the CCIE written exam. At this point in my studies, I am > > reading up on > > the subject of Bridging. I fully understand the concept of > > bridging when it > > comes to switches, but I am perplexed as to why a router would > > need to > > perform a bridging function. Obviously bridging capabilities > > are built into > > the routers IOS but what need would prompted anyone to use > this > > feature. In > > the other studies Bridging was not a covered subject so this > is > > new > > territory for me. > > > > > > > > Help! > > > > Mike L. > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60650&t=60546 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: campus LAN Design w/DHCP Server [7:59724]
Thanks Scott! It does bode well, despite the weird Dest Unreachable (Port Unreachable) from the server. Thanks again. Priscilla s vermill wrote: > > Priscilla, > > Well, its been an interesting project. Unfortunately, the > DHCP server app that I wound up trying (Vicomsoft) was so buggy > that I couldnt keep it from crashing. Even when it was > running, it was highly, highly unstable. Granted, it was a > demo, but I would think a demo would have basic functionality. > > Furthermore, I couldnt get into the console port of the > 2900XL. Tried everything. The darned port is fried. > > So here is what I came up with: > > >2621 > | > | | > Foundry Networks switch > | | > | | | | > DHCP Serv DHCP Client > > > The 2621, with 64M of memory and 8M of flash, is running > 12.1-18 IP Plus. I dont know much about the Foundry switch. > It was straight out of the box just yesterday. I configured it > with a dot1q trunk to the router, an access port in vlan 100 > (192.168.1.0/24), and an access port in vlan 200 > (192.168.2.0/24). The server (192.168.1.100) was attached to > VLAN 100 and the client (192.168.2.?) to vlan 200. The router > subinterfaces were the .1 address. Subinterface F0/0.2 had an > IP helper address of 192.168.1.100. > > On a couple of occasions I moved the client to vlan 100. The > server did actually work two or three times with a local > client. It never once worked with a non-local client. The > good news is that the DHCP Discovery crossed the vlans via the > 2621 and looked to be in pretty good shape: > > Frame 44 (343 bytes on wire, 343 bytes captured) > Arrival Time: Dec 21, 2002 18:01:21.694951000 > Time delta from previous packet: 0.721309000 seconds > Time relative to first packet: 40.720429000 seconds > Frame Number: 44 > Packet Length: 343 bytes > Capture Length: 343 bytes > Ethernet II, Src: 00:02:fd:1d:c0:20, Dst: 00:08:74:03:77:b5 > Destination: 00:08:74:03:77:b5 (Dell_Com_03:77:b5) > Source: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20) > Type: IP (0x0800) > Internet Protocol, Src Addr: 192.168.2.1 (192.168.2.1), Dst > Addr: 192.168.1.100 (192.168.1.100) > Version: 4 > Header length: 20 bytes > Differentiated Services Field: 0x00 (DSCP 0x00: Default; > ECN: 0x00) > 00.. = Differentiated Services Codepoint: Default > (0x00) > ..0. = ECN-Capable Transport (ECT): 0 > ...0 = ECN-CE: 0 > Total Length: 329 > Identification: 0x0061 > Flags: 0x00 > .0.. = Don't fragment: Not set > ..0. = More fragments: Not set > Fragment offset: 0 > Time to live: 255 > Protocol: UDP (0x11) > Header checksum: 0x358d (correct) > Source: 192.168.2.1 (192.168.2.1) > Destination: 192.168.1.100 (192.168.1.100) > User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps > (67) > Source port: bootps (67) > Destination port: bootps (67) > Length: 309 > Checksum: 0xde84 (correct) > Bootstrap Protocol > Message type: Boot Request (1) > Hardware type: Ethernet > Hardware address length: 6 > Hops: 1 > Transaction ID: 0xcb4d080c > Seconds elapsed: 17250 > Bootp flags: 0x8000 (Broadcast) > 1... = Broadcast flag: Broadcast > .000 = Reserved flags: 0x > Client IP address: 0.0.0.0 (0.0.0.0) > Your (client) IP address: 0.0.0.0 (0.0.0.0) > Next server IP address: 0.0.0.0 (0.0.0.0) > Relay agent IP address: 192.168.2.1 (192.168.2.1) > Client hardware address: 00:06:5b:e4:d3:97 > Server host name not given > Boot file name not given > Magic cookie: (OK) > Option 53: DHCP Message Type = DHCP Discover > Unknown Option Code: 251 (1 bytes) > Option 61: Client identifier > Hardware type: Ethernet > Client hardware address: 00:06:5b:e4:d3:97 > Option 50: Requested IP Address = 192.168.1.2 > Option 12: Host Name = "laprmccarverGFE" > Option 60: Vendor class identifier = "MSFT 5.0" > Option 55: Parameter Request List > 1 = Subnet Mask > 15 = Domain Name > 3 = Router > > Notice the relay agent address of 192.168.2.1. That bodes > well. However, for some reason, this was the response: > > Frame 45 (70 bytes on wire, 70 bytes captured) > Arrival Time: Dec 21, 2002 18:01:21.69501 > Time delta from previous packet: 0.59000 seconds > Time relative to first packet: 40.720488000 seconds > Frame Number: 45 > Packet Length: 70 bytes > Capture Length: 70 bytes > Ethernet II, Src: 00:08:74:03:77:b5, Dst: 00:02:fd:1d:c0:20 > Destination: 00:02:fd:1d:c0:20 (Cisco_1d:c0:20) > Source: 00:08:74:03:77:b5 (
Re: RE: CCIE Vs. BS or MS dergree [7:59481]
This forum is not a purely techincal forum and thats where you're wrong. The group is groupstusy.cisco if you hadn't notice and its primary focus its studying for Cisco certification. CCIE is a certification. So I believe a discussion on peoples' opinions whether a going for a CCIE or MS, MBA would be a better for their situation and is a great question for the group. I think it provides the group with more useful and helpful information than a question like "My customer needs a VPN setup. I have no experience in this so please send me the configs so I can set it up and collect my consulting fee." or "I need to recover a password on my cisco 2500 series router. I'm to lazy to go to Cisco's site and type password recovery 2500, so could some one in the group go to Cisco's site find it for me and send me the link." If you want only a technical discussion try comp.dcom.sys.cisco . ""Mr piyush shah"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear friends > It has been quite long that I have been hearing > whether CCIE is superior or MS. I thing it is high > time we should wrap the topic.I dont understand > ,whether why this forum for ? It should b a purely > technical. For a typically type of questioning like > this, there are resposes which lasts for weeks but > there are some questions for whom nobody seems to be > bothered ? > There was a queation which was thrown on this on > TACACS ACS whether What could the issue that I am > able to authenticate and not authorisation ,not a > single person on this site bothered to answered ,not > even Priscilla . > Which sounds to be very starnge. There are so many > people who r new to networking tech ,hence comes with > some querry which might b stupid to some of our > colleages but pls ensure that u were also like them > during your initial phase ,hence try to rectify the > querry rather than spending your precious time on > stupid questions like " ccie is superior or MS , what > is the salary of CCIE ? " > I hope the message is clear to everybody > Regards > > PIYUSH > > > > > Note: forwarded message attached. > > > Missed your favourite TV serial last night? Try the new, Yahoo! TV. >visit http://in.tv.yahoo.com > X-Apparently-To: [EMAIL PROTECTED] via web8002.mail.in.yahoo.com; > 20 Dec 2002 07:36:38 +0500 (IST) > Return-Path: > X-Track: 1: 100 > Return-Path: > Received: from groupstudy.com (66.220.63.9) by mta102.in.mail.yahoo.com > with SMTP; 20 Dec 2002 07:34:44 +0500 (IST) > Received: from localhost (mail@localhost) by groupstudy.com > (8.9.3/8.9.3) with SMTP id CAA32069; Fri, 20 Dec 2002 02:04:32 GMT > Received: by groupstudy.com (bulk_mailer v1.13); Fri, 20 Dec 2002 > 01:26:50 + > Received: (from listserver@localhost) by groupstudy.com (8.9.3/8.9.3) id > BAA23691 GroupStudy Mailer; Fri, 20 Dec 2002 01:26:48 GMT > Received: (from nobody@localhost) by groupstudy.com (8.9.3/8.9.3) id > BAA23686 GroupStudy Mailer; Fri, 20 Dec 2002 01:26:48 GMT > Date: Fri, 20 Dec 2002 01:26:48 GMT > From: "Charlie Wehner" > X-GroupStudy-Version: 3.1.1a > X-GroupStudy: Network Technical > To: [EMAIL PROTECTED] > Subject: RE: CCIE Vs. BS or MS dergree [7:59481] > Sender: [EMAIL PROTECTED] > Reply-To: "Charlie Wehner" > Precedence: bulk > Content-Length: 925 > > What's more difficult? > > a) Memorizing configuration scenerios and commands on a Cisco router > > b) Understanding Calculus, Differential Equations, Numerical Analysis, > Chemistry, Physics and Electrical Engineering well enough to create a > "meaningful" experiment. > > One of my friends is working on his masters in Physics right now. What he's > working on makes the CCIE look like a walk through the park. > > Seriously, what if the recommended reading list for the CCIE exam looked > like this: > > Physics I and II > Calculus I,II,III > Differential Equations > Mechanics > Circuit Analysis I and II > Linear Systems > Thermodynamics > Quantum Mechanics > Optics Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59613&t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Good book(s)... [7:59534]
I hear ya'! One other word to mention: Gnutella. Not very safe, but much to pick and choose from, if you're careful. -Original Message- From: B.J. Wilson [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 11:48 AM To: [EMAIL PROTECTED] Subject: Re: RE: Good book(s)... [7:59534] > I think I'm keeping Amazon in business! Funny, I'm taking the opposite tack: I've pretty much stopped buying Cisco Press books, and have just started printing out PDFs from CCO. Anytime I want to learn something new, I start by doing a search for whatever it is, followed by "configuration guide pdf" in the search box. Usually something useful comes up. Then I just print it out on the company printer (duplex, of course), punch holes in it, and stick it in a three-ring binder - voila, instant study books. BJ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59540&t=59534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Good book(s)... [7:59534]
> I think I'm keeping Amazon in business! Funny, I'm taking the opposite tack: I've pretty much stopped buying Cisco Press books, and have just started printing out PDFs from CCO. Anytime I want to learn something new, I start by doing a search for whatever it is, followed by "configuration guide pdf" in the search box. Usually something useful comes up. Then I just print it out on the company printer (duplex, of course), punch holes in it, and stick it in a three-ring binder - voila, instant study books. BJ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59534&t=59534 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Hello (long response) [7:58824]
Hi all, I fully agree with Mark. No doubt being a CCIE is a bench mark, and not a small one, and you can not expect anyone to know everything. Multi-skill sets are required yes, but then speaking about or treating people in that fashion is totally un-acceptable. Just my 2 C. Regards, Vikram "Mark W. Odette II" wrote: Man, talk about being just past adult-hood, but way short of being classified as an adult- much less a professional. Just a touch of advice: Never EVER Gloat about terminating people, much less talk about it in a public forum... for all you know, those CCIE's you allegedly fired could be on this list too... and I'm sure their building the warm fuzzy about exacting some sort of revenge on your smart-elecky little @$$.. You were just about to crawl into a hole "poor me" two weeks ago about possibly being unemployed, but yet now you revel in the unemployment of others because you're on a power trip! Puleeez. You and your manager both need to get a Clue! Oh yeah, and what was the name of that consulting firm you said you now work for again?? I just would like to know so that I can steer clear of your company... Just so you know, you most probably have a "Kick me HARD" sticker stuck on your back... watch those corners... and get your scooter fixed- it has an obnoxiously squeaky wheel. -Original Message- From: adrian jones [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 3:17 PM To: [EMAIL PROTECTED] Subject: Re: Hello (long response) [7:58824] Elping, Please do NOT make any statements regarding CheckPoint Firewall without knowing all the facts. I've been working with both Checkpoint and Pix firewalls. I even build a few "franken" pix firewalls so that I can learn as much as I can about Cisco Pix firewalls. The "franken" pix firewall actually help me landed my current job that pays 100k/year. Both CheckPoint and Pix firewalls have its strength and weaknesses. I agree that Cisco TAC is much superior than CheckPoint support. The "no text configuration" that you refer to in CheckPoint, you must be refered to running CheckPoint on Winblows platforms. NEVER RUN FIREWALL ON A GENERAL PURPOSE OPERATING SYSTEM. If you worry about cost, check out CheckPoint SecurePlatform. If you are "unix" literate, does the term "tcpdump" mean anything to you? That's how you troubleshoot my friend. Now if you are talking about cost, Cisco Pix will beat CheckPoint by a long shot in term of performance for your $. However, for a small/medium business, Checkpoint does come with a lot of features such as URL filtering (native), http load balancing, etc which Pix doesn't have (without 3rd party products). For enterprise environment, CheckPoint does come with ClusterXL (aka, load-sharing or Active/Active Firewall), which again, Pix doesn't support. Last but not least, CheckPoint does have a very nice Management piece called "provider-1" that Cisco Pix doesn't have. I do have to say that the price for CP products is totally "outrageous"; however, CP is a good product. In terms of hardware product, you can run CheckPoint on Nokia Platforms which is very stable and proven product. New version of Nokia firewalls do come with Flash instead of hard-drive so that the reliability is very high. Nokia is a big partner with CP. You can get CP support if you purchase Nokia firewalls from Nokia. Nokia TAC is just as good as Cisco TAC. I've completed my first week at my new job as a Security Engineer and I am amazed at the # of Cisco Certified folks at my company that are completely incompetent and downright clueless at what they can do. We are a consulting company and being in the consulting business, you are forced to know pretty much about everything. I have a couple of CCIEs in the office came to me and ask me how to restart sendmail and postfix (we are a linux shop) in linux. Another CCIE asked me how to use "nmap" in unix. The last one is down right funny, one CCIE asked how to start Apache in Solaris. It just seems to me like R&S are all they know and nothing else. We also do R&S here but at these times, demands for those have not been that great. Therefore, we have to branch into other things such as Security (PIX, CheckPoint, Wireless, IDS, etc...) I brought these issues to my boss attention last wednesday and on thursay he ordered me to 'clean' house. The first thing I did was to send "pink" slips to all 4 CCIEs in the group and told them that they are fired because they don't know anything other than R&S. They were making $130k/year and sucking almost all of our budget. My advice to everyone out there is to keeping learning other things in addition to the R&S. The market for CCIEs is not as good as it used to be. You better know other things especially Unix and Firewalls than just merely R&S. There will be lot of good peopel competing for the same jobs and the only way you can show the potential employers that you are better than the other guy is by showing them that
Re: Re: VLSM Question [7:58569]
""B.J. Wilson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > You sure about that, Chuck? ;-) CL: well. yeah I understand the subnet zero argument. It's been too long since I studied anything from a CCNA level. CL: to be truthful, I have never bothered with the 2n-2 issue in real world or in my CCIE studies. ip subnet-zero renders that irrelevant. CL: If I don't pass my lab next time, I am facing a CCNP/DP recert, so I guess I should keep that in mind ;-> > > 2^n-2 = 8 ! a total of 8 subnets needed ! > 2^n = 10 ! add 2 to both sides ! > n = 4 ! 2^4-2 = 14 ! > > 128 64 32 16 8 4 2 1 > 1 1 1 1 0 0 0 0 > > = 240, or answer A in the original post. > > BJ > > > > ---Original Message--- > From: The Long and Winding Road > Sent: 12/05/02 09:48 AM > To: [EMAIL PROTECTED] > Subject: Re: VLSM Question [7:58569] > > > you sure about that, Tom? > > > 172.100..0 > 255.255.1110.0 > subnet bits = 1.0 > 172.100.0.0 through 172.100.31.0 for /24's > > these would be SUMMARIZED using the 224 mask in the third octet. > > if you only want eight /24's, then the answer is > > 172.100..0 > 255.255.1000.0 > subnet bits = 111 eight subnets of /24 > summarized as 172.100.0.0/21 ( 248 ) > > > > -- > TANSTAAFL > "there ain't no such thing as a free lunch" > > > > > ""Tom Lisa"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > If the test prep you are using is for the CCNA exam then "C" is the > > correct > > "Cisco" answer (the use of Class B/Class C terminology makes me think > > this is the case). This is because Cisco still insists, at the CCNA > > level, on > > computing subnets using the formula 2^n-2. This assumes that subnet > > zero and the all ones subnet are unusable. Therefore you have to create > > 16 subnets, resulting in 14 "usable" to get the required 8 subnets. > > > > In the "real" world, 255.255.224.0 is correct. > > BTW, what is the VLSM question here? > > > > HTH, > > Prof. Tom Lisa, CCAI > > Community College of Southern Nevada > > Cisco ATC/Regional Networking Academy > > "Cunctando restituit rem" > > > > Richard Burdette wrote: > > > > A prep test I am using has a question for which I disagree with the > > answer. > > Here is the question > > > > If I had a Class B address, what subnet mask would I use if I wanted > > to > > split it into 8 class C addresses? > > > > a.255.255.240.0 > > b.255.255.255.0 > > c.255.255.248.0 > > d.255.255.254.0 > > > > The answer from the test is c. > > > > I think the answer is not even listed; 255.255.224.0 because to add > > eight > > additional subnets we need 2^3=8 bits of subnet which equates to 224 > > of > > mask. Am I right or wrong? > > > > Rich > > > > > > > > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58626&t=58569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: VLSM Question [7:58569]
You sure about that, Chuck? ;-) 2^n-2 = 8 ! a total of 8 subnets needed ! 2^n = 10 ! add 2 to both sides ! n = 4 ! 2^4-2 = 14 ! 128 64 32 16 8 4 2 1 1 1 1 1 0 0 0 0 = 240, or answer A in the original post. BJ ---Original Message--- From: The Long and Winding Road Sent: 12/05/02 09:48 AM To: [EMAIL PROTECTED] Subject: Re: VLSM Question [7:58569] > you sure about that, Tom? 172.100..0 255.255.1110.0 subnet bits = 1.0 172.100.0.0 through 172.100.31.0 for /24's these would be SUMMARIZED using the 224 mask in the third octet. if you only want eight /24's, then the answer is 172.100..0 255.255.1000.0 subnet bits = 111 eight subnets of /24 summarized as 172.100.0.0/21 ( 248 ) -- TANSTAAFL "there ain't no such thing as a free lunch" ""Tom Lisa"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If the test prep you are using is for the CCNA exam then "C" is the > correct > "Cisco" answer (the use of Class B/Class C terminology makes me think > this is the case). This is because Cisco still insists, at the CCNA > level, on > computing subnets using the formula 2^n-2. This assumes that subnet > zero and the all ones subnet are unusable. Therefore you have to create > 16 subnets, resulting in 14 "usable" to get the required 8 subnets. > > In the "real" world, 255.255.224.0 is correct. > BTW, what is the VLSM question here? > > HTH, > Prof. Tom Lisa, CCAI > Community College of Southern Nevada > Cisco ATC/Regional Networking Academy > "Cunctando restituit rem" > > Richard Burdette wrote: > > A prep test I am using has a question for which I disagree with the > answer. > Here is the question > > If I had a Class B address, what subnet mask would I use if I wanted > to > split it into 8 class C addresses? > > a.255.255.240.0 > b.255.255.255.0 > c.255.255.248.0 > d.255.255.254.0 > > The answer from the test is c. > > I think the answer is not even listed; 255.255.224.0 because to add > eight > additional subnets we need 2^3=8 bits of subnet which equates to 224 > of > mask. Am I right or wrong? > > Rich > > > > > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58621&t=58569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: access lists + static routing [7:58543]
Thanks, I understand now! Here it is: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuratio n_guide_chapter09186a00800d9816.html ""B.J. Wilson"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Guys, a reminder: you cannot begin a post to the mail list with an URL. > Type a line of text first, then paste the URL. The filters are designed to > look for an URL at the top of the post, to filter out spam. > > BJ > > > ---Original Message--- > From: Charlie > Sent: 12/04/02 10:24 AM > To: [EMAIL PROTECTED] > Subject: Re: access lists + static routing [7:58543] > > > n_guide_chapter09186a00800d9816.html > > This would be helpfull. I found it by searching the key words "configurring > access lists". > > > ""Geert Loonbeek"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello > > I'm looking for a good and free of charge study guide on access lists/ > > static routing. I'd like to take the 640-607 cisco CCNA exam. > > > > Is there anybody who has some info on these topics. > > > > Thanks > > > > Geert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58553&t=58543 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: access lists + static routing [7:58543]
Guys, a reminder: you cannot begin a post to the mail list with an URL. Type a line of text first, then paste the URL. The filters are designed to look for an URL at the top of the post, to filter out spam. BJ ---Original Message--- From: Charlie Sent: 12/04/02 10:24 AM To: [EMAIL PROTECTED] Subject: Re: access lists + static routing [7:58543] > n_guide_chapter09186a00800d9816.html This would be helpfull. I found it by searching the key words "configurring access lists". ""Geert Loonbeek"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hello > I'm looking for a good and free of charge study guide on access lists/ > static routing. I'd like to take the 640-607 cisco CCNA exam. > > Is there anybody who has some info on these topics. > > Thanks > > Geert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58550&t=58543 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: CCIE written [7:58400]
I've noticed however that the lab itself isn't booked heavily (I could be wrong) If the pool isn't full, turn on the hose and fill it up. Training down your qualification requirements accomplishes that as far as I see it. On Tue, 2002-12-03 at 16:19, Bernard wrote: > Priscilla, > > "more doable" & "less scary" refers to the same exam (new format) at > different passing scores. > I did not mean to compare the new format and the old format. > > The new CCIE written exam with 58% as the passing score is "more doable" > & "less scary" than the same new CCIE written exam with 70% as the > passing score. > > Rgds, > > Bernard > > > > > > This exam is much more doable now. It is not as scary as it > > > used to be > > > at 70%. > > > > Isn't your logic backwards if you say that the exam is more doable and > > less > > scary now? > > > > To maintain the same ratio of passing people versus non-passing > people, > > they > > reduced the passing score because the exam is harder to pass than it > used > > to > > be. > > > > At least that is what I would assume, or am I confused? > > > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58488&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: CCIE written [7:58400]
Priscilla, "more doable" & "less scary" refers to the same exam (new format) at different passing scores. I did not mean to compare the new format and the old format. The new CCIE written exam with 58% as the passing score is "more doable" & "less scary" than the same new CCIE written exam with 70% as the passing score. Rgds, Bernard > > This exam is much more doable now. It is not as scary as it > > used to be > > at 70%. > > Isn't your logic backwards if you say that the exam is more doable and > less > scary now? > > To maintain the same ratio of passing people versus non-passing people, > they > reduced the passing score because the exam is harder to pass than it used > to > be. > > At least that is what I would assume, or am I confused? > > Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58486&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: CCIE written [7:58400]
i can attest to that...i passed w/o a prob 3 yrs ago & failed on the new written...its a night & day difference...when they lower the pass mark from 70% to 58%, it should make you think! -Original Message- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 11:25 AM To: [EMAIL PROTECTED] Subject: Re: RE: CCIE written [7:58400] B.J. Wilson wrote: > > I would think that this would be a bad thing, for two reasons: > one, the number of people who put "CCIE Written" on their > resumes will increase, and the availability of lab dates will > decrease. I don't think the lower passing score means more people pass. The test is harder than it used to be. > > US$0.02, > > BJ > > > ---Original Message--- > From: Bernard > Sent: 12/03/02 11:29 AM > To: [EMAIL PROTECTED] > Subject: RE: CCIE written [7:58400] > > > Cisco is using a sliding scale based on overall failure rate > of the > exam. As of 10/19, you needed a 58% to pass, not the 70% . The > required % to pass will change over time, again based on > failure rate. > This exam is much more doable now. It is not as scary as it > used to be > at 70%. Isn't your logic backwards if you say that the exam is more doable and less scary now? To maintain the same ratio of passing people versus non-passing people, they reduced the passing score because the exam is harder to pass than it used to be. At least that is what I would assume, or am I confused? Priscilla > > Bernard > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 03, 2002 3:30 AM > > To: [EMAIL PROTECTED] > > Subject: Re: CCIE written [7:58400] > > > > From my experience the passing score were 70% Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58484&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: CCIE written [7:58400]
B.J. Wilson wrote: > > I would think that this would be a bad thing, for two reasons: > one, the number of people who put "CCIE Written" on their > resumes will increase, and the availability of lab dates will > decrease. I don't think the lower passing score means more people pass. The test is harder than it used to be. > > US$0.02, > > BJ > > > ---Original Message--- > From: Bernard > Sent: 12/03/02 11:29 AM > To: [EMAIL PROTECTED] > Subject: RE: CCIE written [7:58400] > > > Cisco is using a sliding scale based on overall failure rate > of the > exam. As of 10/19, you needed a 58% to pass, not the 70% . The > required % to pass will change over time, again based on > failure rate. > This exam is much more doable now. It is not as scary as it > used to be > at 70%. Isn't your logic backwards if you say that the exam is more doable and less scary now? To maintain the same ratio of passing people versus non-passing people, they reduced the passing score because the exam is harder to pass than it used to be. At least that is what I would assume, or am I confused? Priscilla > > Bernard > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, December 03, 2002 3:30 AM > > To: [EMAIL PROTECTED] > > Subject: Re: CCIE written [7:58400] > > > > From my experience the passing score were 70% > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58478&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: CCIE written [7:58400]
They better not be putting CCIE written, see point 2 below... I posted this in a thread on the jobs@groupstudy list - straight from the source: Discussion Thread Response (Marisol) 11/21/2002 08:50 AM Dear Bill: Thank you for your patience. 1) When using the logos for business cards or signatures, it is preferred that you use the highest certification as those familiar with Cisco certifications will know the order of certifications. 2) Signature lines, cover letters, or resumes can not reference that an individual is a CCIE candidate. Only CCIE certified individuals should reference their certification as they have already completed it. 3) Trademark violations are escalated to our legal team and are strictly enforced. In addition to the loss of Cisco certifications, legal actions can also be taken when this happens. If you have any further questions, click on the hyperlink below to update, review or generate a support request. Be sure to bookmark the www.cisco.com/go/certsupport site for all of your future Cisco Training and Career Certification inquires. -Original Message- From: B.J. Wilson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 03, 2002 10:40 AM To: [EMAIL PROTECTED] Subject: Re: RE: CCIE written [7:58400] I would think that this would be a bad thing, for two reasons: one, the number of people who put "CCIE Written" on their resumes will increase, and the availability of lab dates will decrease. US$0.02, BJ ---Original Message--- From: Bernard Sent: 12/03/02 11:29 AM To: [EMAIL PROTECTED] Subject: RE: CCIE written [7:58400] > Cisco is using a sliding scale based on overall failure rate of the exam. As of 10/19, you needed a 58% to pass, not the 70% . The required % to pass will change over time, again based on failure rate. This exam is much more doable now. It is not as scary as it used to be at 70%. Bernard > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 03, 2002 3:30 AM > To: [EMAIL PROTECTED] > Subject: Re: CCIE written [7:58400] > > From my experience the passing score were 70% Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58459&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: CCIE written [7:58400]
I would think that this would be a bad thing, for two reasons: one, the number of people who put "CCIE Written" on their resumes will increase, and the availability of lab dates will decrease. US$0.02, BJ ---Original Message--- From: Bernard Sent: 12/03/02 11:29 AM To: [EMAIL PROTECTED] Subject: RE: CCIE written [7:58400] > Cisco is using a sliding scale based on overall failure rate of the exam. As of 10/19, you needed a 58% to pass, not the 70% . The required % to pass will change over time, again based on failure rate. This exam is much more doable now. It is not as scary as it used to be at 70%. Bernard > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 03, 2002 3:30 AM > To: [EMAIL PROTECTED] > Subject: Re: CCIE written [7:58400] > > From my experience the passing score were 70% Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58451&t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Regarding Router rental business? [7:58422]
> Guys, the spelling is getting terrible. Even painful to read. Agreed. The three R's are *not* "readin', routin', and 'rithmetic." ;-) BJ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58442&t=58422 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Test for MCast...Any?? [7:58269]
BJ, That's a great idea actually. I've never tested it and I don't have a PC to try it on right now, but I think it's very likely to compile on Cygwin. Like I said, I can't try it, but if you do please let me know. On Mon, 2002-12-02 at 08:50, B.J. Wilson wrote: > Mike - > > By any chance have you tested running your program on a Windows PC using > Cygwin? I'm not a Linux person (yet...), and I figured this might be a > passable way for PC-based users to use MINT. > > BJ > > > ---Original Message--- > From: Mike Bernico > Sent: 12/02/02 09:30 AM > To: [EMAIL PROTECTED] > Subject: Re: Test for MCast...Any?? [7:58269] > > > If you'd just like to send some test multicast traffic and see if your > receiving it elsewhere, you can try my multicast testing program at > http://mc-mint.sourceforge.net It's free under the GPL. I very much > doubt it will run under windows though, you probably would want to use > Linux with it. In my lab I used two old 300 MHz PCs to generate > traffic with it and I've been able to fill some pretty big pipes. > > Mike > > > On Thu, 2002-11-28 at 21:18, Cisco Nuts wrote: > > Hello,Is there a way to test/practise MCast configs. on the Internet? > > I > > have a cable-modem connected to a 2514 router and would like to > > configure > > MCast on it as well as my Lab routers behind that for PIM-SM. I have a > > laptop connected as a client to one of the routers. How can I verify > > that > > MCast is working on the laptop? I mean, is there a freeware/shareware > > application that I can install on my laptop to test (since I cannot > > obviously have IP/TV client on my laptop).Or is there any other way to > > do > > it in the Lab routers themselves.Any basic configs/examples provided > > is > > greatfully appreciated.Thank you for your help.Sincerely,CN > > > > > > > > MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58403&t=58269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Test for MCast...Any?? [7:58269]
Mike - By any chance have you tested running your program on a Windows PC using Cygwin? I'm not a Linux person (yet...), and I figured this might be a passable way for PC-based users to use MINT. BJ ---Original Message--- From: Mike Bernico Sent: 12/02/02 09:30 AM To: [EMAIL PROTECTED] Subject: Re: Test for MCast...Any?? [7:58269] > If you'd just like to send some test multicast traffic and see if your receiving it elsewhere, you can try my multicast testing program at http://mc-mint.sourceforge.net It's free under the GPL. I very much doubt it will run under windows though, you probably would want to use Linux with it. In my lab I used two old 300 MHz PCs to generate traffic with it and I've been able to fill some pretty big pipes. Mike On Thu, 2002-11-28 at 21:18, Cisco Nuts wrote: > Hello,Is there a way to test/practise MCast configs. on the Internet? > I > have a cable-modem connected to a 2514 router and would like to > configure > MCast on it as well as my Lab routers behind that for PIM-SM. I have a > laptop connected as a client to one of the routers. How can I verify > that > MCast is working on the laptop? I mean, is there a freeware/shareware > application that I can install on my laptop to test (since I cannot > obviously have IP/TV client on my laptop).Or is there any other way to > do > it in the Lab routers themselves.Any basic configs/examples provided > is > greatfully appreciated.Thank you for your help.Sincerely,CN > > > > MSN 8 with e-mail virus protection service: 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58396&t=58269 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Re[2]: off topic: Win2K 802.1q support? [7:57979]
It has nothing to do with N.O.S; it has to do with what the MANUFACTURER of the NIC produces for DRIVERS on a given platform! ... and as far as I know, if it is supported on *nix, it definitely is supported on M$. The CHIPSET of the NIC depicts what type of VLAN support is provided- NOT THE O.S.! The same is true for the ASICs in the Routers and Switches, which is why some Routers and Switches only support ISL and others support both. -Mark -Original Message- From: thinkworker [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 30, 2002 2:05 AM To: Mark W. Odette II Subject: Re[2]: off topic: Win2K 802.1q support? [7:57979] In fact I can make VLAN with Intel Pro10/100 with my FreeBSD box. That is why I am so corious M$ do not support it. On Mon, 25 Nov 2002 20:03:41 GMT "Mark W. Odette II" wrote: > .. Actually, the Intel Pro/100+ NIC with the 82559 Controller chip > supports 802.1q VLAN-aware communications. > > I believe the original poster was asking about what specific Intel NICs > support 802.1q VLAN management at the workstation. > > In any case, check out the following link, and look for drivers from > there. > > http://www.intel.com/network/connectivity/products/pro100mgmt.htm > > > -Mark > BTW- Some Intel NICs appear to only support ISL encapsulation, while > others look like they only support .1q encapsulation. Be sure to look > closely! > > -Original Message- > From: puro prasad [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 25, 2002 1:17 PM > To: [EMAIL PROTECTED] > Subject: RE: off topic: Win2K 802.1q support? [7:57979] > > Hi, > VLANs are NOT created on the PC. U need to create them on a switch. > if ur connecting the win2k box to an access port on the switch, no > special > lan card is required. What u have should work. > 802.1q is a trunking protocol which will allow a trunk to carry more > than > one VLANs. Theres nothing like 802.1q VLAN. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58346&t=57979 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Block MSN Messenger COMPLETE [7:58304]
Sorry my 11th finger seemed to hit send. >From several lists, but not tested thouroughly http://www.groupstudy.com/archives/cisco/200206/msg00480.html Block Kazaa Kazaa connects to other peers running Kazaa, on port 1214. So, the best way to block Kazaa downloads is to reject incoming and outgoing data packets-both TCP and UDP packets-on this port. Block Gnutella clients The P2P apps, which use the Gnutella network connect to peers on ports 6346 and 6347. AOL instant messenger can be blocked by filtering out the following I.P. addresses: But BLOCK internal DNS server AOL's DNS first BLOCK out from /32 to 205.188.0.0/16 port = 53 aim.aol.com login.oscar.aol.com 64.12.161.153bucp1-vip-m.blue.aol.com 64.12.161.185bucp2-vip-m.blue.aol.com 152.163.214.75 bucp-r01.blue.aol.com 152.163.214.76 bucp-r02.blue.aol.com 152.163.214.108bucp-r03.blue.aol.com 152.163.242.24 152.163.241.120 152.163.241.128 152.163.241.96 205.188.1.56 205.188.3.160 205.188.3.176 205.188.4.106 205.188.5.204 205.188.5.208 205.188.7.164 205.188.7.168 205.188.7.172 205.188.7.176 205.188.147.114 205.188.147.113 205.188.147.114 205.188.148.180 205.188.148.181 AOL Instant Messenger - Ok, I have been able to block this one with pretty solid results. I had to pretty much block 1 class C's worth of addresses in the 64 region of AOL's address range, but have not heard any complaints thus far. The program is pretty damn smart about getting around rules in your firewall. It will try and use FTP, TELNET, HTTP, FINGER, NETBIOS over IP, APPLETALK over IP, 1080 (SOCKS), 1024, Lotus Notes (TCP 1352) and a few others. I pretty much locked the subnet down but AIM was somehow getting through. I finally figured out that my CheckPoint firewall was allowing DNS traffic outbound in my rule base above rule 1. I had to go to the Properties section and disable the implicit access to DNS (TCP/UDP 53). Once I did that, it killed AIM altogether. DNS name of login.oscar.aol.com which is used to login to aol instant messenger. block yahoo messenger msg.sc5.yahoo.com msg.yahoo.com msg.edit.yahoo.com messenger.yahoo.com http.pager.yahoo.com cs.yahoo.com Default Port: 5050 216.136.175.145 216.136.224.213 216.136.224.214 216.136.225.11 216.136.225.12 216.136.225.35 216.136.225.36 216.136.225.83 216.136.225.84 216.136.226.117 216.136.226.118 216.136.131.93 216.136.175.142 216.136.175.143 216.136.175.144 access-list 101 deny ip 10.1.4.0 0.0.0.255 216.136.0.0 0.0.255.255 access-list 101 deny ip 10.1.4.0 0.0.0.255 66.163.0.0 0.0.255.255 access-list 101 deny ip 10.1.4.0 0.0.0.255 64.58.0.0 0.0.255.255 Test first. MSN gateway.messenger.hotmail.com Messenger uses port 1863, but if you block it then it can automatically switch to port 80. 1. Add the following registry key into client machines either through login script or similar: HKLM\SOFTWARE\Policies\Microsoft\Messenger\Client\PreventRun=1 This will prevent Messenger from running, whether or not it is installed. Because this key isn't modified during a Messenger install/re-install/upgrade, and isn't removed if the software is uninstalled, this should work for you. Nov. 9, and there were multiple login servers, where in the past there was only one. By Nov. 29, it appeared that there were login servers at addresses 64.4.13.17 64.4.13.170 through 64.4.13.190. Microsoft may be adding even more in the future. I was still able to block MSN Messenger with just default filter exceptions and the Access Rule listed above, but should a new version of MSN Messenger come out that is able to slip by the proxy rules, try redirecting an entire subnet. Redirecting subnet 64.4.13.160 (255.255.255.224) will prevent traffic from reaching all addresses from 64.4.13.161 through 64.4.13.191. (Changing that subnet to 64.4.13.128 and the subnet mask to 255.255.255.128 would expand the blocking to 64.4.13.129 through 64.4.13.255). Block ICQ/AIM traffic block out from any to any port = 5190 block in from any to any port = 5190 web.icq.com ads.icq.com login.icq.com cb.icq.com icq.mirabilis.com http.proxy.icq.com Work in progress. (from several posts) Martijn Jansen -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] Namens Mears, Rob Verzonden: dinsdag 19 november 2002 18:28 Aan: [EMAIL PROTECTED] Onderwerp: RE: RE: Block MSN Messenger [7:57595] Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -Original Message- From: vikramjskeer [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to
RE: RE: Block MSN Messenger [7:57595]
AOL instant messenger can be blocked by filtering out the following I.P. addresses: 205.188.3.160. 205.188.3.176, 205.188.5.204, 205.188.5.208, 205.188.7.164, 205.188.7.168, 205.188.7.172 205.188.7.176, and DNS name of login.oscar.aol.com which is used to login to aol instant messenger. block yahoo messenger msg.sc5.yahoo.com msg.yahoo.com MSN gateway.messenger.hotmail.com This should resolve most of your messenger blocking issues. If you need anything else, let me know. -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Namens Mears, Rob Verzonden: dinsdag 19 november 2002 18:28 Aan: [EMAIL PROTECTED] Onderwerp: RE: RE: Block MSN Messenger [7:57595] Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -Original Message- From: vikramjskeer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram "Lidiya White" wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. ""Ahed Naimi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All; > > Is there any way to block MSN Messenger by using the access-list statements > on an IOS Cisco router. > > Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58302&t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: CCIP MCast and Qos Exam......How tough?? [7:58161]
is there a good book out for this test > > From: "Mike Bernico" > Date: 2002/11/27 Wed AM 10:17:28 EST > To: [EMAIL PROTECTED] > Subject: RE: CCIP MCast and Qos Exam..How tough?? [7:58161] > > I've taken it. I believed I passed it first try although I recall it was > difficult because of it's huge scope. It's not nearly as hard as the > Optical test, it's pretty much on par with the MPLS test. I would say that > it gets fairly detailed in both QoS and Multicast. I would know more than > just an overview. I definitely recall it being very theory oriented. If > you follow the outline I'm sure you'll be fine. > > Good Luck! > > > > --- > Mike Bernico [EMAIL PROTECTED] > Illinois Century Network http://www.illinois.net > (217) 557-6555 > > > > -Original Message- > > From: Cisco Nuts [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, November 26, 2002 8:38 PM > > To: [EMAIL PROTECTED] > > Subject: CCIP MCast and Qos Exam..How tough?? [7:58161] > > > > > > Hello, Has anyone taken the CCIP Mcast and Qos exam? Need to know how > > tough it is going to be. Do they drill you in the intricacies > > of PIM-SM, > > DM, Diffserv using DSCP, NBar etc. Now, I have been told my some that > > since this exam is like 2 exams combined into one, the exam questions > > are going to be more general and just need a real good overview of all > > the Qos and MCast topics. Is this any true? Please advise.Thank > > you.Sincerely, CN > > > > -- > > -- > > > > Protect your PC - Click here for McAfee.com VirusScan Online Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58194&t=58161 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Cisco 3005 VPN concentrator issues. [7:57495]
What is the limitation of a PIX with a VPN Accerator card? > > From: "lounelson" > Date: 2002/11/21 Thu PM 08:59:22 EST > To: [EMAIL PROTECTED] > Subject: RE: Cisco 3005 VPN concentrator issues. [7:57495] > > I note you said 200 users > The 3005 is limited to 100 simultaneous user > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/prod_models_compar > ison.html > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > Umar Ahmed > Sent: Friday, November 15, 2002 3:00 AM > To: [EMAIL PROTECTED] > Subject: Cisco 3005 VPN concentrator issues. [7:57495] > > Hi all, > > Ive got a customer who has a 3005 concentrator connected to our network. > He > has setup a vpn connection which he accesses from home over the public > internet. The problem he and the other 200 users are having is that they > are > loosing connectivity to the box intermittently throughtout the day. When > he > has loss of service, I can ping the vpn box directly connected to my > network, whats even more strange, is that I can ping other customer > hosts on > the same subnet . Any ideas ?? > > Regards, > > Umar. Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57888&t=57495 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Re: Fw: New CCIE Written Exam [7:57341]
Boson is a good resource, especially test #1 and moreso #3 -Original Message- From: kavita geha [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 1:16 AM To: [EMAIL PROTECTED] Subject: RE: RE: Re: Fw: New CCIE Written Exam [7:57341] I am planning to give CCIE R&S. Can anyone please send me some question bank which can help me for the exam. Rgds Kavita Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57778&t=57341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Re: Fw: New CCIE Written Exam [7:57341]
You can get practice questions from sites like boson, certificationzone etc. regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57763&t=57341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Re: Fw: New CCIE Written Exam [7:57341]
I am planning to give CCIE R&S. Can anyone please send me some question bank which can help me for the exam. Rgds Kavita Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57758&t=57341 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: Block MSN Messenger [7:57595]
Yes and I have done it all via the PIX Where you run into problems is when they use port 80. Rob Rob H Mears III, CCNP, MCSE, NNCDS, NNCSS, CNE, A+ LAN Engineer and Technical Mercenary Valor Telecom 469.420.2656 -Original Message- From: vikramjskeer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: Re: RE: Block MSN Messenger [7:57595] Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram "Lidiya White" wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. ""Ahed Naimi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All; > > Is there any way to block MSN Messenger by using the access-list statements > on an IOS Cisco router. > > Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57717&t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: Block MSN Messenger [7:57595]
Hi All, Very rightly said that these messengers use so many servers and so many ports that it's kind of impossible to block them all. But you can very easily do it, right on the OS level. I know about the Win2K that you can set up some system policies with which you can directly block these exes themselves. Hope it helps: Regards, Vikram "Lidiya White" wrote: Try to block the login servers: http://acronymsonline.com/im_ips.htm -- Lidiya White -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Josh Green Sent: Monday, November 18, 2002 10:16 AM To: [EMAIL PROTECTED] Subject: RE: Block MSN Messenger [7:57595] It is possible, however Messenger uses so many different ports on so many different servers that it's not worth your time. -Original Message- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: Re: Block MSN Messenger [7:57595] no. don't waste your time. ""Ahed Naimi"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear All; > > Is there any way to block MSN Messenger by using the access-list statements > on an IOS Cisco router. > > Thanks All. Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone service with clear voice at rates far less than the normal ISD rates. Go to http://www.valufon.indiatimes.com. Choose your plan. BUY NOW. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57714&t=57595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]