It's been delayed time and again, but I've finally found the time to push
through the docs and configuration notes needed to get our ASN up and
running with our upstream providers.
So, this morning we began announcing ASN 18506 and our netblocks out
Sprintlink with no problems. I had them turn o
The v3 client won't work with the PIX 5.x software. PIX 6.x will support
the v3 client. For now, I rolled back to the Win2k 2.5 beta once I found
that out. Rumor has it that the v3 client will also work with upcoming IOS
releases.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
L
Whenever a router is purchased, IOS must also be purchased, even if it's the
$15 IP-only IOS. You should have the original IOS available if it was
legally licensed (it usually ships a in white box), and comes on CD or
sometimes floppies.
Worst case, spend $15 and purchase IP-only IOS
--
Jason R
cool public BGP looking glass routers:
route-views.oregon-ix.net
route-server.cerf.net
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""J Roysdon"" <[EMA
Which would solve the problem: e0 is down, s0.1 is set for ip unnumbered e0,
so s0.1 is effectively down. Unless you only can have two interfaces on a
router, never point an ip unnumbered interface at another interface that can
go down unless you have a reason for it to go down when the numbered
The names and numbers are correct, but as someone else pointed out a few
posts back, it's not a port number, but a protocol number.
Protocols:
6TCP
17UDP
47GRE (PPTP requirement)
50ESP
51AH
Just to delve a little further about security protocols, ISAKMP does use
TCP/500, and
Are you sure all interfaces are 'no shutdown' ? You can assign even the
same ip address to multiple interfaces if they're shutdown.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.
I'd be curious to see such a thing.
I just installed Zebra on my linux server so I can give people IOS-like
access to a BGP router. telnet://r2.artoo.net:2605 with a password of
'bgp'. The interface is very close to IOS and has nearly all the
BGP-related commands. I just wish it had traceroute
es my problem. How do I get each router to
> synchronize so
> it
> > > will allow it into the routing table?
> > >
> > > Two cool public BGP looking glass routers:
> > > route-views.oregon-ix.net
> > > route-server.cerf.net
> > &g
Simple CCO search of 'router ssh' found:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
t/121t1/sshv1.htm
"Secure Shell Version 1 Support
...
Supported Platforms
a.. Cisco 1700 series
b.. Cisco 2600 series
c.. Cisco 3600 series
d.. Cisco 7200 series
Simple CCO search on "2507" found:
http://www.cisco.com/warp/public/cc/pd/rt/2500/prodlit/2505_pa.htm
It's basically a 2501 (1 ethernet, 2 serial), but the ethernet interface is
connected to an integrated 8-port hub.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAI
I know Cisco has some way that they can tell just from the serial number.
I've never really tried, but I bet if you compared 2-3 2500 serial numbers
you'd get a good idea (probably something like QYY for quarter & year made).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List emai
Perhaps you had an older version of TTSSH. I can't confirm that TTSSH will
work with Cisco's SSH implementation (but it is what they recommend on their
site):
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn524.h
tm
"
Obtaining an SSH Client
The following sites let you down
o.net/
""J Roysdon"" <[EMAIL PROTECTED]> wrote in message
9a99bb$5hp$[EMAIL PROTECTED]">news:9a99bb$5hp$[EMAIL PROTECTED]...
> Perhaps you had an older version of TTSSH. I can't confirm that TTSSH
will
> work with Cisco's SSH implementation
ous, why did you not go with the entire I-net route table?
>
> -Scott
>
> ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message
> 9a975p$ua8$[EMAIL PROTECTED]">news:9a975p$ua8$[EMAIL PROTECTED]...
> > It was indeed as synchronization problem. My u
;
> Just to add to what you've stated:
>
> GRE uses control port 1723.
>
> -Scott M. Trieste
>
>
> ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message
> 9a96ge$rt5$[EMAIL PROTECTED]">news:9a96ge$rt5$[EMAIL PROTECTED]...
>
The new Windows 2000 VPN Concentrator v3 client is out, but won't be
supported on the PIX until the v6 software is released (and some newer
version of IOS to support it on routers). Before dropping money to upgrade
the PIX, I'd suggest looking at the Cisco Concentrator line which is geared
specif
So since the entire global routing tables will never fit into any IGP (and
why would you want to?), if you've got two iBGP neighbors with external
links to different ISPs, if you ever want them to use the routes learned via
iBGP, you must turn off synchronization. Am I mistaken here, or are we
mi
You're not supposed to directly manually edit device ACLs managed by CSPM,
but rather use the PRE and POST areas to add additional commands. You can
also comment up your own commands in this section using !comment (but it
won't be stored in the PIX/router, but at this point you need to do it all
I was just complaining about that to my CAM the other day. That, and I hate
how sometimes an image won't be listed under the most specific model type.
For instance, the IPSEC version for an 827 isn't listed under 827, but 820.
I think the same problem applies to the 1750s being listed under 1700.
Why do the hard work? Point MRTG at it and let it graph it all for you.
Here are some examples:
http://artoo.net/mrtg/
Download from:
http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jaso
Also, assign an IP to the RSM and set the logging to the console as
disabled. Then telnet to the RSM IP and turn on terminal monitor. This way
you hammer your IP session and not the console session, and should be able
to either get in with another telnet session or worst case via the session
com
Yeah, but not a hardware/software/feature matrix :/
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""Kevin Wigle"" <[EMAIL PROTECTED]> wrote in message
01f701c0bba6$f1393f80
As long as you have reachability, you can do it. Mind you tftp is udp based
and subject to getting trampled on, but it works.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
http://www.firewallking.com/phpnuke/html/layout.php
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""SumitRanjan"" <[EMAIL PROTECTED]> wrote in message
00a101c0bc13$b4ac86e0
Regarding your problem, Gary, just get on the phone with that ISPs tech
support and don't let the engineer off the line until they've removed the
filter. I had to battle an engineer at UUNET to get him to double-check
their filters as my Sprint blocks weren't getting seen through their AS.
When h
It all has to do with where you (or the person making the comments) are
coming from. Someone without certs won't value them at all. Someone with a
number of certs will usually place a high value on the certs.
Of course, experience is everything. We've a guy at our office with his
MCSE+DBA who
I believe you have to first upgrade to 5.1.x before you can go to 5.3. Be
sure you back up your config and have a copy of 4.4 around so that you can
downgrade easily. A lot has changed since 4.4 and 5.x. For instance, you
can't have two default gateways (or two routes to the same networks on tw
Other than installing PERL (piece of cake with ActivePERL on NT, or using an
RPM on RH Linux), where do you really touch PERL with MRTG? Yeah, you can
customize the scripts, but I've never needed to even look at them.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMA
Newer bootroms also support tftp from rommon mode as well, so long as the
rom supports the interface you want to use. Since it won't support the FE,
I wonder if it'll support a serial interface (1536K from a T1 interface is
much faster than 115K from a console if you have to do a large number of
Is IP space that hard to get in Pakistan? I'd never sign up with an ISP
using NAT. ARIN's /19 blocks work out to about US$832/year for a Class C,
but then that's 255 addresses you can be charging, say, US$10/month for
(which you'll sell more accounts then you have modems/addresses for anyway),
w
Depends on how long the SOA says to cache it. RFCs state that only a
minimum of 2 days has to be supports (so even if someone sets 1 hour, many
DNS admins won't honor it).
C:\>nslookup -q=soa artoo.net
Server: c3p0.internal.artoo.net
Address: 192.168.45.14
artoo.net
primary name serve
http://www.cisco.com/cgi-bin/front.x/wwtraining/colt/ColtLogin.pl
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""Nigel Taylor"" <[EMAIL PROTECTED]> wrote in message
[EMAIL
Nope, but there are some folks working on Linux drivers for them. I've got
a stack of more than 100 flash cards that I'd love to be able to use between
laptops if the driver was out there (make copying files >1.44mb easier than
dragging out a ZIP drive).
--
Jason Roysdon, CCNP+Security/CCDP, MCS
Would an ACL blocking 224.0.0.0 be appropriate? Is there a better way?
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""Tony van Ree"" wrote in message
[EMAIL PROTECTED]">
Congrats!
Most people don't realize that Routing is much harder than they think it's
going to be. It's a test on routing protocols, not routed protocols. Just
be sure you've read up on the exam outline (maybe pull down the outline from
the previous version of the test, as it breaks down differe
However, one thing to consider is that CIR at any given point doesn't mean
that you have that end-to-end CIR. Of course, without at least having the
port speed at your given CIR, you'll never go faster, but having the local
FR switch's CIR from 'show frame map' is useful.
Consider this:
PFI-LIV-
But it is required to hold the CCNP certification. So if you take all 4
CCNP tests and haven't passed the CCNA test, you hold no Cisco Networking
certs until you first pass the CCNA, at which point you'll be a CCNP. Seems
silly to do that, might as well get a cert in the first place since you'll
How much DRAM does the router have, and what is that IOS image's
requirement? That's my guess as to the problem.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
"John Chang" wrote in message
[EMAIL PROTECTED]">news
Use GRE to tunnel the IPX. Better thing to do is make them upgrade to
NetWare 5 and just use IP.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Valeri Marinski"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL P
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""perryb"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello folks,
>
> I am familiar with policy maps to provide priority to RTP flows and
control
Free primary and/or secondary DNS services.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Sam"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> You are required to have two different DNS servers
I've an interesting, well, I don't know what to call it, so I'll just state
it.
I know two Cisco SE CCIE's that recently passed the lab (within the last
year). Both are knowledgeable, but nowhere near what I'd expect, and very
lacking in areas I know well (just stuff I deal with all the time).
Here's a fun link explaining ip helper:
http://routergod.com/trinity/
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Muhammed Khalilullah"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Actually
I took the Beta on Friday the 15th, and the current CID on Monday the 18th
as I just couldn't wait for results and wanted my raise ASAP. Anyway, looks
like I passed the Beta (no idea of score yet, but I don't care at this
point).
Results from Galton
Exam #640-520 Dec 15 2000 P
CID 3.0 #640-02
Frame-relay traffic shaping
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Stephen Skinner"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> OK..
>
> it appears i was wrong on this Bandwidth thing
Speaking of online courses, I direct folks that have basic computer
knowledge and want a place to start getting more technical about TCP/IP and
the ins-and-outs of the internet to this free site. It's a bit dated now
(April '97), but still a great start for free and about the level of the
course
I use a CRON job and shell script to save logs from each night for a weeks'
worth, keep Sunday for the last 5 weeks, and the 1st & 15th of each month
for the past 6 months. It's just interesting to me to see the changes that
occur from time to time (usually things get "closer" and have less hops
Not only that, but not one of the requirements is Cisco related. Some
recruiters are little more than buzzword search spammers.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Mask Of Zorro"" wrote in message
[EM
Use MAPS RBL and/or ORBS. You'll probably end up blocking some legitimate
stuff than spam, however (read their disclaimers and how each works).
http://www.orbs.org/
http://www.mail-abuse.org/
I like SpamCop for reporting spammers that actually get through to my work
and/or personal email.
http:/
You mean books. Why not start with the CCIE R&S Qualification Exam
(Written) Recommended Reading List?
http://www.cisco.com/warp/public/625/ccie/certifications/routing.html#34
The Blueprint would also make for a good starting place for your book
purchasing/online studying:
http://www.cisco.com/
If 3 must be true, I'd say start with getting rid of the ones that aren't:
Routing is enabled by default (may not have always been true, but as of
12.x)
The command to enable routing is 'ip routing'
That leaves you with three left. Of course, the exam could be wrong. a,c,e
sound correct though,
I can't any reason why it wouldn't work. The only thing I would mention is
that older IOS using EIGRP doesn't allow you to specify a mask with the
network command, and wouldn't allow you to be granular with your networks if
you don't want to specify all of them to be known in EIGRP. If you want
Check some online job posting places and just see what's going for what
salary.
http://www.dice.com/
Location and its market demand is going to influence things heavily as well,
so you should also consult a salary/cost-of-living calculator if it looks
like you might be moving.
http://www.homefair
IL PROTECTED]">news:[EMAIL PROTECTED]...
> what is CIR?
>
> "Jason J. Roysdon" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > However, one thing to consider is that CIR at any given point doesn't
mean
> > that you have that end
ip nat inside source static udp 192.168.1.254 23 63.1.1.1 23
Works just fine on my 1605R. You could also redirect to the same port on
multiple inside devices by using different outside ports (same as with the
Linksys and no doubt the Netgear):
ip nat inside source static udp 192.168.1.254 23 63
I'm looking at a cable in my lab, CAB-HD60MMX-5, which is a nice short cable
(5ft) and is DTE 60 pin on one side and DCE 60 pin on the other. It's got
the Cisco blue and the housing looks just like my other Cisco back-to-back
cable which is actually a DCE-to-v.35 & v.35-to-DTE cable (the only thi
I don't know that they do, but the Linksys does support port redirection.
Just point the standard telnet port (23) at your inside router. Once on one
inside router you can telnet around to others inside, or you can also point
other ports from the outside to inside port 23. The biggest limitation
ipaddress port' from the command line/run (telnet ipaddress:port from the
command line fails to work properly and just reports that it cannot
connect). I suggest getting TeraTerm for a much better telnet/serial
program. You can change the telnet:// URL to launch it instead of the
Windows telnet.
Yes, but remember that just changing the port is very weak security that any
portscanner will be able to find:
Start - Settings - Control Panel - Administrative Tools - Telnet Server
Administrator:
Microsoft (R) Windows 2000 (TM) (Build 2195)
Telnet Server Admin (Build 5.00.99201.1)
Select one o
he interface of the
> forwarded helper-address packets? Then match up the correct scope with
the
> router interface ip address?
>
>
>
>
> ""Jason J. Roysdon"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Here'
That's got to be one of the lamest things I've ever heard. I'd tell
accounting to stick it, and that unless they want to learn how to make
routers work and figure out the correct parts, that perfectly legitimate
third-party serial cables are no different than the Cisco blue & logo'd
cables other
While we're posting configs, I figure I might as well share my latest for an
827 that's temporarily taking the place of my 1605R (the 827 is awaiting
install, but works great and seems to have much less latency than going
through the usual Alcatel ADSL modem and then to 1605R ethernet). Plus, the
I would recommend "Internet Routing Architectures," by Sam Halabi to anyone
planning to delve into BGP.
Quoting from the BGP Bible itself, Page 104, "Instead, the provider can give
the customer an AS number from the private pool of ASs (64512-65535)... as
described in RFC 2270." RFC 2270 actuall
P server will check the IP address of the
> interface on which you have configured the IP Helper
> address command. So make pools on the DHCP server
> accordingly. eg: Router's interface 192.168.1.1/16
> Server' pool 192.168.0.1-192.168.255.254 wil work.
>
> Muhammad Khalilu
To my knowledge, one place alone assigns them, and that's the ARIN. US$500
up front and US$30/year afterwards, plus you have to show justification
(mutlihoming with two ISPs will do):
http://arin.net/regserv.html
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL P
You can go to Cisco's site and use their "Find a partner/reseller" link if
you like:
http://www.cisco.com/public/crs/locator/
As you already have the part number, it should be a piece of cake for them
to order it for you. If you'd like, I can direct you to my company's
ordering number, but you m
I'm pretty sure it is not possible. I've even heard that once you go from
4.x to 5.x you cannot go back (even if you have the older software on disk
or whatever). Something about changes to the way it handles the flash.
I've downgraded from different 5.x versions with no problem, but we just
kee
The PIX doesn't support NTP (either to poll from or server). You'll want to
have your external router polling a few outside sources, and have it provide
clock for the inside. NTP uses udp/123, so if you right a tight firewall
that's what you have to open up to that outside router. Also, lower e
Cat6Ks, Cisco's current flagship switch, of course ;-)
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Thank you very much, appreciate all the help. I
Good advice and a great way to sell SmartNet contracts and maintenance
contracts to keep those switch's CatIOS updated.
Also, I hear that Win2K can cause the same problem, but comes with spanning
tree disabled by default (which is the real problem, I believe).
--
Jason Roysdon, CCNP+Security/CCD
Oh, and also the public NTP server list is handy. Use stratum 2 servers
since the Cisco box isn't ever going to be accurate enough to need stratum
1.
http://www.eecis.udel.edu/~mills/ntp/servers.htm
Also, never copy the 'ntp clock-period ' command. That is set
automatically by the route
Give us a 'show ip route' from reach router. We'll be comparing the
weights/metrics, so you can get a jump on it if you like.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""SH Wesson"" wrote in message
[EMAIL PR
I hear this and other TR questions oddly still comprise a large section of
the test, so be prepared.
It's what I spent this weekend starting to learn about. Bleh, I hate
old/dead technology that no one I know uses. I'm just glad it's off the
lab.
I think it's time to purchase or find a good To
Testing to see if URLs in the subject get truncated. The subject should
read:
Test post with CCO URL - http://www.cisco.com
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Message Posted at:
http://www.groupstudy.
rying to work out way some issues as
to
> why routers don't route IP. So I think (d) would be approriate.
>
> Why would a router "learn about a static route". So (c) goes out the
window.
>
> Maybe I have a twisted view?
>
> Teunis,
> Hobart, Tasmania
> A
The average sampling can be changed on a per-interface basis with the load
command. I usually change ports I'm testing to 'load 30' so I can easily
see after 30 seconds of generated traffic how a link is performing. 10
minute sampling would just be 'load 600.'
One of our the groups gurus can an
It depends on the interfaces you'll have on the 1700 and 2500. The base
1700 has only a fastethernet port which can connect via a crossover cable
(or hub/switch) to the ethernet port of the 2500 via an AUI-to-10baseT
transceiver (if it's a 2500 with an ethernet port and not token ring). You
can
I believe he means without a static public IP. I posted a config for a
dynamically issued IP that should work.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Howard C. Berkowitz"" wrote in message
[EMAIL PROTECT
interface Ethernet0
description Customer LAN
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface BRI0
description Customer, Inc. 209-599- (SPID1 2095990101) (SPID2
2095990101)
ip address negotiated
no ip directed-broadcast
ip nat outside
enc
Hehee, cool, and no irc client even required! I've added an A record in my
domain to make it easier to remember, so please keep me informed if you
change the IP:
telnet://ciscochat.artoo.net
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: htt
oes out the
> window.
> >
> > Maybe I have a twisted view?
> >
> > Teunis,
> > Hobart, Tasmania
> > Australia
> >
> >
> >
> > On Saturday, April 14, 2001 at 03:00:21 PM, Jason J. Roysdon wrote:
> >
> > > If 3 must be true, I&
"show flash" or "dir" will report that you probably don't have enough space.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Kim Seng"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am trying t
Mirrored and re-zipped by me at
ftp://artoo.net/pub/doc/cisco/ios/
You can get the individually zipped directories (for those with slower
connections), or the ciscoios-combined.zip file which contains all of them,
but don't waste your time downloading both.
Note: I only allow a certain amount of
I received this from a fellow engineer who contacted TAC:
From: Mangieri,Joe
Sent: Tuesday, April 17, 2001 10:46 AM
To: 'Jason Roysdon'
Subject: RE: Microsoft Windows XP, and CISCO's 5000 Series Switches
On a Supervisor Engine III, the show module command provides information
about the EARL and
*snort* You only do that when you typo an ip address you want to telnet to
and it just sits there waiting to time out ;-p
Otherwise, use CTRL+^ followed by x (CTRL, SHIFT, 6 release keys and x).
If you're telnetting into a router and then into another, you can stack the
CTRL+^ twice and then x
Regarding layer 2 security, it all comes down to how much of an
administrative load you can handle. We have one customer that locks each
port down to the MAC address of what is supposed to be there. No
unauthorized traffic is allowed to touch the network beyond the switch port
which just drops i
Click on the size of the organization, and once the next screen loads you'll
have a "Success Stories" button on the bottom left.
You'll never find a lack of Cisco sales-fluff on CCO ;-)
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://j
True, but even if you sat down at a PC and got its MAC address (or just used
that same PC), you'd still have to have the username/password for any real
access, as even their Bordermanager proxy is based on being authenticated to
NDS. But good point if that's all a person was using to verify a val
Should be easy enough to troubleshoot with a sniffer. Search the archives
here and you'll find a number of references to free/trial versions.
The solution is to segment with switches if it's not a misbehaving device
(and even still, switches are so cheap these days). How many nodes and how
many
Convince them to get troubleshooting tools when they don't even have
switches? *chuckles* Good luck.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Chuck Larrieu"" wrote in message
[EMAIL PROTECTED]">news:[EMAI
The Novell client doesn't use the windows login password (they keep them
blank and actually have a script that deletes *.pwl), and is also configured
to blank out the username. This can be done with NT as well (or at least
instruct users to use blank local windows passwords).
--
Jason Roysdon, C
rt switch for only
> $92 and really cheap LinkSys switches. Those are all good name brands.
(No,
> I don't work for them! ;-)
>
> Priscilla
>
> At 09:05 PM 4/17/01, Jason J. Roysdon wrote:
> >Convince them to get troubleshooting tools when they don't even have
> &
Zebra for linux works great. I even have a copy running for public access:
telnet://artoo.net:2605 (password is bgp)
http://freshmeat.net/projects/zebra/
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""sdonoho""
I actually found "Cisco IOS Bridging and IBM Network Solutions" in our
company library today (collecting a ton of dust, I might add). (c) 1998,
but I'm sure the IBM Network Solutions will work for me in addition to what
I've found online so far. If I need more help, I'll check out your
suggesti
MRTG, and it's free. I routinely set it up for customers (of course my
labor isn't free). Here's a link to my site where I have it running. At
the bottom of the page is a link back to the MRTG site where you can
download it.
http://artoo.net/mrtg/63.107.123.253.2.html
--
Jason Roysdon, CCNP+S
Aren't the xV models just the same thing but with the extra dram/flash and
correct IOS image bundled (and also cheaper than buying them individually)?
I think that's my recollection on them.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http
Yes, routers are capable of QoS into a VPN. The Concentrator or PIX are
not, as they don't support QoS (although if you have a router supporting QoS
before, you might be able to fudge it a little). Of course, you can only
control QoS into the VPN, and not how the tunnel itself will perform once
HR is clueless. List all certs, including pre-reqs that we all know a
higher cert holds. I list CCNA and CCDA in addition to the CCNP and CCDP in
my certs section (but I also break down when I obtained them by date).
Also, don't just list "CCNP" but include what it stands for and order the
certs
I haven't applied CAR yet, but one other point to make is that you need to
have your upstream ISP applying CAR as well, otherwise this is basically
useless (you need them to block/slow down this sort of traffic before it
hits your WAN link).
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Networ
101 - 200 of 268 matches
Mail list logo