I have sees this exact problem with a lot of the pix 501 boxes, and would be
intrested to know if cisco is going to do anything about it.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58975t=58946
--
FAQ, list archives, and
LMAO.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Peter van Oene
Sent: Tuesday, December 10, 2002 2:45 PM
To: [EMAIL PROTECTED]
Subject: Re: Hello (long response) [7:58824]
I brought these issues to my boss attention last wednesday and on thursay
he
good question ;-)... 'cause at that point I was testing my box as a pure
bridge (without IRB or CRB)...
I guess I'll have to replace the box.
Thanks for your answers.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58978t=58889
--
Hi,
i am looking for a switch which have to be set the port bandwidth (rate
limit) in kilobit order (for example 256K)
then i found a cisco 3550 catalyst series (you can set the port
bandwidth in 8K order)
now i am searching another reseller maybe hp,3com,huwaei etc..(our boss
want to compare
PIX doesn't support these 2 features. Actually I believe that altough Cisco
PIX firewalls' performance's are better than checkpoint, they have some
disadvantages. Besides the features you have mentioned also Pix lacks some
NAT properties, logging performance etc.
-Original Message-
From:
I'm guessing that the power is being lost for a split second causing
the reload but the power connecter always looks secure. The early
1600's had similiar problems but they changed the connector and they
seem much better now. Maybe I'm just lucky or more abusive. If you set
it up and never
Maybe a dumb question - but is there a certain software version for that
command (object group) - haven't seen it before
-Original Message-
From: Kevin O'Gilvie [mailto:[EMAIL PROTECTED]]
Sent: 10 December 2002 22:15
To: [EMAIL PROTECTED]
Subject: Re: Resricicting Certain Users -Pix 515
Hi all Mac users
I have a small problem with a network that I was asked to look at
there is 6 end user machines and 1 server all connected via a switch the
problem is that when connected to the switch network transfers to and from
the server are very slow i.e. 100meg file take approx 18
Hi there,
Yes I have cleared BCMSN and CIT. I do have a solid grounding in both but I
myself don't feel too good about BSCI (especially after IS-IS) so I think I
will try my luck with BCRAN. I have hands-on experience so I don't think
there should be much of a problem. Besides, I will study before
Hi All,
Few questions regarding the VPN Concentrator
1. what do I do for Redundancy, ( VPN Redundant Bundle)
2. Load balancing
3. Where to put the Concentrator ( prefer putting the VPN Concetrator behind
Firewall).What are issues I will have to consider if I put the concentrator
behind Firewall.
Hi,
I found that Microforum is the cheapest of all, and you can choose any
working day of the week to do the test !!!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=58983t=58898
--
FAQ, list archives, and subscription info:
Mine are fine.. running the newest IOS without any kind of *reload* issue.
Perhaps I'm just one of the lucky few ;)
MikeS
--
Tutorials - Whitepapers - Security - Wireless- News
Find me at www-dot-packetattack-dot-com
MADMAN wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi,
Amen to this statement.. as an *ex* boss of mine found out a few years ago
when I was the one interviewing him. I did give it an honest try and was
happy to find out that he did not have the skills we needed. I had actually
tried to get out of doing the interview due to intense personal disklike
I did this for a client against my better judgement and wrote it up as such.
DSL around here has not been stable enough and I've had a few cases where
the telco disconnected the DSL line without saying anything. When asked
about it, they replied they had not seen any traffic and *assumed* it was a
Dear All,
=20
I'm configuring TACACS+ with AS5300, but I can not understand the
meaning of TACACS+ or RADIUS Key, is it the enable secret password on
the AS5300?
=20
Regards,
Mamoon
[GroupStudy.com removed an attachment of type image/gif which had a name of
Blank Bkgrd.gif]
Message
A couple of things I've done..
1: enclosed rack..
2: Bose headset from ebay.. worth very penny and if you fly much, you will
wonder how you made it without them. I had a cheaper set but after 2 hours
my ears were sore from being squashed. I wore the Bose for a 14 hour flight
to/from France last
These are the MSN messanger voice, video, chat, and file transfer configs I
have on my pix. It works fine for me, I am doing NO NAT Though.
access-list 100 permit tcp any 255.255.255.192 1503
access-list 100 permit tcp any 255.255.255.192 h323
access-list 100 permit tcp any
Hello
When I run command sh ip bgp regexp _100$ on my bgp router I have
output which looks like this:
* 192.168.192.0/19 10.1.212.15 0200 0 100 i
* i 10.1.212.20 0200 0 100 i
* 192.168.198.16/30
10.1.212.15
Thanks everyone for your advices and input. Checkpoint license, maintenance
and
support are very expensive. We also host web services in-house and based on
my research and if I understand it correctly, Pix performance is excellent.
On a similarly related topic, I am studying for my Cisco CSS-1
my experience is that at least one end needs to be non natted for this to
work, and if one end is natted it should of course it should be the natted
end that originates the connection, specifying a public ip as the
destination.
Bri
On Wed, 11 Dec 2002, Aaron J. Pilcher wrote:
These
We're assuming that the console port is toast. Just in case there is some
life in it try the speed jumper on the motherboard. Watch the wrap:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186
a008009433b.shtml#band_reset
-Original Message-
From: R M
The below example would be for a group named 'colonial:
vpdn group colonial request dialout pppoe
vpdn group colonial localname USER_NAME
vpdn group colonial ppp authentication pap
vpdn username USER_NAME password *
HTH,
FW
- Original Message -
From: Mark W. Odette II
To:
Yeah,
Its starts at version 6.2.
Its great, drastically reduces your config lines..
From: Andrew Larkins
Reply-To: Andrew Larkins
To: [EMAIL PROTECTED]
Subject: RE: Resricicting Certain Users -Pix 515 UR [7:58861]
Date: Wed, 11 Dec 2002 16:32:13 GMT
Maybe a dumb question - but is there a
Having taken the original Remote Access exam and 640-605 with both books,
there is a difference. Since I passed the 605 exam with the certification
guide it can be done. It seemed to me the certification guide assumes you
know remote access and you just want to brush up. It didn't really put a lot
I just got a reply back from the engineer at Cisco that RMAed the
PIX. Yesterday he didn't know of any issues but he must have asked some
peers as I got a email today verifying that I'm not yet totally off me
rocker.
Here is what info I received:
It is a known issue. I will issue another RMA
I have implemented the same IDS on the PIX, however, I did not and would
not drop informational alarms. That why you are lose connectivity. Just
use the alarm option.
From: Kenny Smith
Date: 2002/12/10 Tue PM 10:18:16 EST
To: [EMAIL PROTECTED]
Subject: why lose connection after apply IDS
I have just finished a project like this. You can only do one or the
other you can't do redundant and load balancing all at once on the 3030.
If you want to be redundant where if one concentrator fails secondary
comes online and accepts request for it then you need to look into VRRP
so easy to do
On Wed, 11 Dec 2002, Mamoon Dawood wrote:
I'm configuring TACACS+ with AS5300, but I can not understand the
meaning of TACACS+ or RADIUS Key, is it the enable secret password on
the AS5300?
No, radius uses a key that you enter to provide for the encrypt/decrpt of
the
auth/acct packets. You
Hi,
A) No
B) No
Work arounds are to do this on a separate Cisco router - e.g. Border router
perhaps. Cisco routers have good QoS, and also have a rotary NAT feature
that load balances incoming packets sent to a global IP to multiple private
Ips. This feature however is very simple and is
Thank you Dave for the info I am not doing something wrong then. I am
going to see what they can do for me.
-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 11, 2002 4:03 PM
To: [EMAIL PROTECTED]
Subject: Re: 501 reloading [7:58946]
I just got a
Eric,
The PIX by itself cannot do any of the features you are asking about below.
You can throw in a Cisco router though to get those features. For the load
balancing, you will need Server Load Balancing (SLB), which is supported on
the 3631, 3725, 7100 and 7200 series routers.
HTH,
Larry
Responses in line
1. what do I do for Redundancy, ( VPN Redundant Bundle)
It runs VRRP for concentrator redundancy. For user sessions you
make a cluster using VCA under
Configuration | System | Load Balancing.
For redundancy on LAN to LAN tunnels its much harder..
They way the concentrator
Just read this article that outlines some of the issues with
auto-negotiation -
http://www.nwfusion.com/columnists/2002/1209tolly.html
We always use manual configuration on network devices, and typically on
computers. There are always exceptions but they are pretty rare.
-Kevin
autonegotiate on the switch.
Dave
Dwayne Saunders wrote:
Hi all Mac users
I have a small problem with a network that I was asked to look at
there is 6 end user machines and 1 server all connected via a switch the
problem is that when connected to the switch network transfers to
Dave,
That's really strange. Ive seen quite a few Pix 501s, and havent seen that
problem. Although a customer of ours was mentioning something to that
effect, and I really didnt put much thought into it. I'll have to keep my
eye out for that one. Thanks for the info Dave.
-Brad Ellis
If I recall correctly, G3 beige mini-towers and older hardware all came with
10MB NICs. Without checking Apple's online specs site, I don't know what
generation laptops started using 10/100 cards - somewhere in the G3
generation I'd guess. What PC hardware is running on this network?
I was setting up a few 3640 routers with build in CSU/DSU, instead of
doing the usual on the serial interface. ( I felt like playing around)
Config t
Int S2/0
Autodetect PPP
Bandwidth 154000
Then I got nothing on my Line Protocol.
Then I did an
Encapsulation PPP (on the S2/0
Well, I just passed it today with a score of 813.YEAH
!!. My first towards CCNP status.
The exam was straight forward, but some question are tricky and wordy.
The simulation is based, (for my exam) on what you are good at
configuring. I realized this after the exam.
Before
Thanks Priscilla,
Just theory for now. A colleague of mine is planning to use Jumbo
packets on Gigabit links through the switches and was considering using a
Fast Ethernet link as a backup. From your comments this is not going to
work, so we'll have to think of something else.
I'll, also,
Btma1 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Well, I just passed it today with a score of 813.YEAH
!!. My first towards CCNP status.
The exam was straight forward, but some question are tricky and wordy.
The simulation is based, (for my exam) on
Quoting The Long and Winding Road :
Btma1 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Well, I just passed it today with a score of
813.YEAH
!!. My first towards CCNP status.
The exam was straight forward, but some question are
tricky and wordy.
Do you even need to specify the source port? Why wouldn't you just do:
access-list 101 permit tcp any any eq telnet?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59015t=58750
--
FAQ, list archives, and subscription info:
Duct Tape solved this problem for me Lots of it.
Or immobilize the pix and the power cord.
-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 11, 2002 5:53 AM
To: [EMAIL PROTECTED]
Subject: Re: 501 reloading [7:58946]
I'm guessing that the power
Hello, Does anyone have a study strategy for the 3550 - in terms of
preparing for the CCIE Lab??I see lots of topics under:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12111ea1/3550scg/index.htm Is
there any that one should focus on or is one required to read and master
each and
Dwayne,
If you can check the network couters on your MAC - look for FCS error.
If you have any, then this is a classic duplex mismatch. Second thing you
can do is transfer a file to and from the workstation. I use FTP
and issue a get and then a put. Comparing the results will reveal a
mismatch
Use something like whatsup gold to monitor the DSL line. Have it send
traffic across the line every 60 seconds or so. We're doing like that with
our cable-modem backup connection and it's great! It does two things: 1)
puts occasional traffic across the line so the ISP doesnt think the line is
I know there is a document called PPPOE on 501 or 506 on Cisco site.
According to Cisco 515 doesn't support it, but others say they have it
working. The document said SOHO on it. Keep in mind it might help to
have the latest PIX image to support this. That can be downloaded with a
CCO account.
I am also preparing for the lab and it is my goal to get as much
configuration experience with the 3550 as possible. I know you said dont
say everything but the more prepared you are the better.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59019t=59000
JS,
Without knowing your available hardware, its hard to say what your best cost
options are. But, if you have a modular router like Cisco 3640, you can
buy a HSSI interface and plug your DS3 right into the router from your
carrier. Your ISP will provide the IP addressing and your local
I have just found that it is good practice to not allow the source port if
below 1024
Regards
D'Wayne Saunders
Data Network Administrator
-Original Message-
From: Aaron Laws [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 12 December 2002 8:35 AM
To: [EMAIL PROTECTED]
Subject: RE: extended
Minor comment - protocol 50 and 51, not port ...
Also - worth noting, using TCP for remote client VPN's is useful as well ...
like 443 since it will be permitted out from just about everywhere!
Thanks!
TJ
[EMAIL PROTECTED]
-Original Message-
From: Elijah Savage III [mailto:[EMAIL
important to keep in mind here, pix is a firewall, not a router. You want
a router, that'll be a separate thing.
Bri
On Wed, 11 Dec 2002, Larry Roberts wrote:
Eric,
The PIX by itself cannot do any of the features you are asking about below.
You can throw in a Cisco router though
12/11/20026:42pm Wednesday
Professionals, I never (thankfully) had to work with FDDI --- however ---
I was able to land two 4500's two Nortel ASN's real cheap for my home lab.
All 4 routers have dual ethernet, quad serial, MMF FDDI modules.
I also have a MMF FDDI NIC card for my NT
A) No
B) No
It appears that someone in mgmt. has made a layer 8 (political) decision to
migrate your firewall since the PIX does not support features you are
currently using and yet the decision has already been made.
At this point, I would recommend that you put together a brief presentation
Thank you Tj for the correction my brain was wondering when trying to
type this quickie up notice the reference to CCO LOL. I also found in
our deployment using tcp connection on the client version 3.6 was a lot
more reliable with cable modem providers for some reason I could not
nail it down why,
Dwayne Saunders wrote:
Hi all Mac users
I have a small problem with a network that I was asked to look
at
there is 6 end user machines and 1 server
What kind of server? If it's a Windows server, check out this terrific site
for cross-platform networks.
http://www.macwindows.com/
Wow--great link. i had only known of netformx until now.
thanks.
Patrick Matthews wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Try www.altimatech.com. they have everything and will do custom stencils
for
you. I downloaded thier standard package and it has over 300 Cisco
Well just print out another few hundred pages and you'll be there. The
Configuration guide is pretty good. I haven't attempted the lab yet but
would assume the following items are likely to be seen: trunking,
etherchannel, unicast routing, multicast routing, VTP, Vlan-maps,
fallback-bridging,
nettable_walker wrote:
12/11/20026:42pm Wednesday
Professionals, I never (thankfully) had to work with FDDI ---
however ---
I was able to land two 4500's two Nortel ASN's real cheap for
my home lab.
All 4 routers have dual ethernet, quad serial, MMF FDDI
modules.
I also have
Hi.. Greg. Thanks 4 your guide. By the way, Are you saying that we can
drop the attack alarm not the informational alarm?
From: Greg Owens
Reply-To: Greg Owens
To: [EMAIL PROTECTED]
Subject: Re: why lose connection after apply IDS on PIX [7:58960]
Date: Wed, 11 Dec 2002 13:56:41 GMT
I have
[EMAIL PROTECTED] wrote:
Duct Tape solved this problem for me Lots of it.
Hee hee. I bet this is more common than anyone would want to admit. :-) I
saw duct tape in a working (not lab) network room just recently. I couldn't
decide if I should be disgusted or impressed by the ingenuity. In
Thank you.
What I really need is a recomendation for hardware.
A linkbuilder ? or something else ?
I am guessing that is the only piece of euipment I still need (other than
MMF cable)
Thanks again,
Priscilla Oppenheimer wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
The Information in just for your information because those signature contain
some normal data traffic, so you want to configure the information alarm as
follow
ip audit name outside-info info action alarm
Greg Owens Jr
-Original Message-
From: Kenny Smith [mailto:[EMAIL PROTECTED]]
Binh,
Congrats. How did you fare on the IS-IS portion of the test? I am assuming
that Cisco is taking it easy on people with this protocol as of now.
thanks - jason
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=59032t=59012
--
The trick here is that you have to manually set both sides. You would
not believe the number of times that I've seen production networks with
auto-negotiation set on the PC and full duplex/speed 100 manually set on
the switch. That doesn't work one bit.
Frank Jimenez, CCIE #5738
[EMAIL
Hi,
I am planning to take the Wireless LAN exam for field
engineers next week. Anyone who has taken the test recently
could please provide the last min tips about no of
questions/ passing score/ areas to be concentrate.
Thanks in Advance,
Regards..Anil
I agree with Priscilla, the switch will drop the packets if it receives a
packet greater than the default mtu size (1500). I faced an issue with MTU
size when I configured MPLS. Although I was able to ping the other end, I
was not able run any application over the backbone. The problem was with
Hi.. Dear all,
When I use a port (connected to PC A) to monitor another port (connected to
PC B). When I ran netmon software on PC A to capture the traffic between PC
B with other PC. I found my PC B is extremely slow after being monitored.
Why? Will port span slow it down
Hi,Joseph,
My name's Yao Ning. I live in Houston now. I'm preparing CCIE Lab for
routingswitching. My scheduled date is Apr,26. I'm looking for someone
studying together. So I'm glad to see this message you posted.
If you're interested in passing the Lab with me, please touch me.
Best regards
Hi,
I have two 2514s that are giving problems with the console ports. One of
them does not give any output at all when you power it on and the other one
does not take any input at all. It starts fine, and then halts at the
initial config dialog. I am not able to give it a break either.
I have
Ivan why not make the min threshold and max threshold gap bigger? in your
design, ip precedence 5 only have a gap of 300 (700 1000). my opinion is
wred reacts fast whenever you reach and exceeds the maximum threshold. it
clips all of your packets whenever it reach that state. wred starts to clip
Hi,
I have two 2514s that are giving problems with the console ports. One of
them does not give any output at all when you power it on and the other one
does not take any input at all. It starts fine, and then halts at the
initial config dialog. I am not able to give it a break either.
I have
I am taking up my CCIE drake shortly. A couple of questions:
1) Is IGRP included for theory exam ?
2) Is IPX, Apple included for theory exam ?
3) How sufficient is the Cisco Press prep guide for CCIE ?
Appreciate your time.
_
you said you classified your voice traffic as prec 5. how about the other
packets? particularly for tcp? you said they put the other packets into the
default prec. it might have been the tcp packets where put into the default.
wred clips packets by weight, it means lower precedence packets will be
Hi folks,
My set up as follows
Host A-(in)PixA(out)Internet---(out)PixB(in)HostB
I have a VPN using Ipsec between Pix A and Pix B.Do I need to have a Static
(inside,outside)to hostB for hostA to connect or Pix B would default route
the packet to hostb.
nat 0 access-list 80
and one more thing, you should not do wred whenever you do VoIP. it might
not do you good because it will clipped VoIP packets and introduce delay.
what i think is best is you do low latency queing at you routers(make your
VoIP packets as priority packets and assign bandwidth to them, while
any whats on there questions are best answered by looking at
http://www.cisco.com/warp/public/625/ccie/certifications/rsblueprint.html
Bri
- Original Message -
From: ragavendran k rao
To:
Sent: Wednesday, December 11, 2002 9:46 PM
Subject: CCIE question... [7:59042]
I am taking
what about my third question ?
Original Message Follows
From: Brian
To: ragavendran k rao ,
Subject: Re: CCIE question... [7:59042]
Date: Wed, 11 Dec 2002 22:03:40 -0800
any whats on there questions are best answered by looking at
Hi,
Thanks your advice again.
I am just trying the method to provide Per-VC QoS based on IP header
information (in our case is IP precedence). From cisco documentation, I
found WRED, Set-CLP, WFQ/CBWFQ/LLQ will proivde IP-to-ATM CoS.
From your comment, you recommend use queueing method to do
Hi.. I have a switch port with high CRC and runts errors with no collision.
The duplex and speed are match for PC and port. Anything can do with that?
switch5sh int fas0/15
FastEthernet0/15 is up, line protocol is up
Hardware is Fast Ethernet, address is 00d0.790c.cccf (bia 00d0.790c.cccf)
80 matches
Mail list logo