pened up a backdoor and let Cisco engineers Telnet in over a dial-up
line
connected to his PC. I can't believe Cisco engineers would thwart their
customer's security policy in that way. I think the story sounds fishy.
Priscilla
--- Priscilla Oppenheimer [EMAIL PROTECTED] wrote:
no passwords or filters. I see it on a regular
occurance.
--- Priscilla Oppenheimer [EMAIL PROTECTED] wrote:
At 10:31 PM 1/17/01, J Roysdon wrote:
Today I was a site w/o internet access, but I
needed to get Cisco into it to
save time relaying commands and information. I had
a dial-u
I've always thought that I'd have to arrange for a large signing bonus, or a
direct payment from a company hiring me to my current employer to cover
training/tests my employer had paid for. Although, my current employer has
a fairly reasonable policy: I only owe for the last year of training,
uary 18, 2001 at 09:44:21 PM, J Roysdon wrote:
One thing I didn't mention is that all passwords one the routers are
always
changed to 'cisco' beforehand, and then changed back when done. The
dial-up
connection is only there so long as my laptop is, plus I can see what IP
connects, and it's
Bad info about back to back 2500s. I'm using them in my home lab:
2501 dce:
interface Serial0
no shutdown
ip address 172.16.0.1 255.255.255.252
clockrate 400
2502 dte:
interface Serial0
no shutdown
ip address 172.16.0.2 255.255.255.252
With that and the dte/dce back to back cable,
Today I was a site w/o internet access, but I needed to get Cisco into it to
save time relaying commands and information. I had a dial-up connection out
to my ISP, and then thought about the built-in Telnet server that Windows
2000 Professional has. I made a quick guest account for Cisco, and
It was configured to auto-detect/configure a modem, probably with a script.
Search CCO for modem 1900. I've never tried to do such a thing, and
usually console ports can't properly handle modems (they can't detect when
carrier is lost, etc., so they never hang them up, plus limited to 9600 baud
Check out the following URL or search the lists archive. The topic comes up
every week or so and has been discussed recently:
http://www.google.com/search?q=isdn+simulatorbtnG=Google+Search
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage:
Don't forget Kingston. Piece of junk hubs/switches, but the NICs seem
decent.
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
"Chris McCoy" [EMAIL PROTECTED] wrote in message
[EMAIL
Ouch, you hurt my head reading that. To me, the easier way to explain it is
that hub/switch ports are crossed, unless specified otherwise (like with a
toggle port, or a straight-through port). Therefore, to go from a crossed
hub/switch port to a crossed hub/switch port, you must add another
See http://jason.artoo.net/images/turlock_rack_1.jpg from
http://jason.artoo.net/artoo.html
The top portion is patch panels (with the nice covers over the wire
management keeping it clean looking). Under it you see a large group of
cables going to our switches (3Com, eeyuk, but it was all free
Remember, the fewer lines an ACL is, the faster it is parsed, the faster
packets pass:
access-list 101 deny udp any 195.50.79.0 0.0.0.255 range 137 139
access-list 101 deny tcp any 195.50.79.0 0.0.0.255 range 137 139
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email:
Not to break NDA, but on these multiple choice ones, I read the question,
then try to picture the answer in my head before I look at the answers
given. They're often so close, that if I don't try to think of it on my own
first, I sometimes let myself get confused when I see the answers they list
Configure logging, and have it kick out to a syslogd. Keep a box on the
console with capturing set on your terminal software and disable console
session timeouts, just in case the messages aren't able to be sent via
syslog just before the crash.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA,
http://www.bestbookbuys.com/
Shop comparatively, including SH.
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
[EMAIL PROTECTED] wrote in message 9421ds$tvm$[EMAIL
term no mon.
Odd, since when did they start allowing numeric-only domain names? The old
rule was it must start with an alpha character...
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources:
Yes, this should work fine. I'd configure a tight ACL on that thing so you
don't walk in and find a ream of paper wasted. You can configure the ACL to
limit who can print to it, say the main office and all the other remote
sites, etc., but just not that internet at large. Not to mention you
Inside users would use the inside IP for the printer.
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
"Brian Hartsfield" [EMAIL PROTECTED] wrote in message
[EMAIL
I'm curious what other's study methods are. I'll give an example of how
mine usually go:
I get in mind that I want to pursue something (usually due to a work
requirement), and I research what the objectives are, find out what books
are recommended, order the books, and they end up being mouse
Absolutely nothing wrong with putting a gateway at the high-end of things.
It's all up to feasibility. Most networks I come across are 192.168.1.0/24
networks with the lower addresses already in use. The next most logical
address to use to me is starting from the last and working backwards.
Show some initiative and look on CCO. I'll give you a start:
http://www.cisco.com/
Training/Certifications
Current Exams Outlines
640-503 RTING:
http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/pdf/bscn.pdf
Then remove the filename at the end and you'll get all the outlines of
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis3600/3600i
g/3600trou.htm
"If the LED is amber, the router is receiving power but is not functional"
Time to telnet or console into the router and get some more detailed
information.
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA,
I passed the MCNS before 2001 for my Security cert, so that's all I can
advise on. I basically had hands on CBACS (IOS Firewall) PIX experience.
Try reading through some sample configs at CCO if you don't have access to
equipment:
http://www.cisco.com/warp/public/700/configsec.html
--
Jason
Windows 2000 has telnet server support. Great for quickly checking status
on things, stopping/starting services. Of course, since it's telnet,
security it out the door unless you're on a totally switched network.
I like it because I can telnet in behind a PIX, and then telnet back into
the
You know the funny thing about the telnetd product is that they offer it for
Windows 2000. I wonder if those folks sell refrigerators to Eskimos?
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources:
Tons of free online resources:
http://www.learntosubnet.com/
Also:
http://www.freesoft.org/CIE/Course/
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
"Ole Drews Jensen" [EMAIL
Where in New England? There is a big difference between Bangor, Maine and
Boston, Mass.
Try this out:
http://www.homefair.com/calc/salcalc.html
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources:
Well, as each vlan is a separate broadcast domain, essentially you'll need
to have a different ip subnet for each vlan to communicate between them
through a router (or firewall which is often the case). It's an advantage
to both, but some of the bigger advantages are being able to program a port
There is also a SSH1.5 plugin for TeraTerm. Great program and I use it all
day long. The only time I don't is when I can connect with SSH2 to my Linux
box (Cisco only supports SSH1 thus far).
http://www.zip.com.au/~roca/ttssh.html
Also, "out of the box" TeraTerm doesn't have the setting the
I've never heard of SPD, but as usual a quick search at CCO gave results:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/ios112p/xprn
112/141503.htm
New Features in Release 11.2(5)P:
Selective Packet Discard (SPD)
To answer Chuck L.'s question: No, I'm reading the groupstudy.cisco NG,
instead of studying. I'll get back to that BGP book soon. I guess I'm
obligated to watch the Raider play, so at least that way tomorrow I'll have
a clue as to what went on. Heh, don't get me wrong, I enjoy watching sports
The dozen or so I've had contact with were sharp as they come. Half were
with Cisco, the other half with other firms we've sub-contracted with.
I will say, as some have, that having "the number" can make some of these
folks very arrogant, but I run into that enough I doesn't bother me, I'm
just
Those that know, do. Those that don't, won't bother to even try. We've got
a number of e-rate installs going on for local school districts. Back when
I was at the low-end of the networking totem pole I used to get these dumped
on me. When it was up to me, I discussed with the customer in
Keep the big picture in mind:
http://quote.yahoo.com/q?s=CSCOd=5y
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""Ibrahim"" [EMAIL PROTECTED] wrote in message
[EMAIL
I know I'm taking the lazy road and just need to buckle down and finish
Halabi's Internet Routing Architectures book (chapter 7 of 12, about halfway
through the book). However, with that said, is anyone else working on BGP
as well and have a list of good links? If you don't have it handy, don't
Even with non-Cisco gear, so long as you can keep it at the stubs of your
network, you'll be ok. At the least, you can have the non-Cisco gear talk
to the Cisco gear with RIPv2, and the Cisco side can redistribute RIPv2 into
EIGRP and have the non-Cisco gear at the fringes just default to the
More information about your networks would help us. Can you give us a
general topology map of your PIX routers? Also, what model PIX and
software?
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources:
The linecode framing should match, clocking should internal on one,
line/network on the other. The commands and where you set these depend on
your WIC version.
WIC 2-MFT1-DI syntax:
controller T1 0/0
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24 speed 64
://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""J Roysdon"" [EMAIL PROTECTED] wrote in message
93ml8k$kua$[EMAIL PROTECTED]">news:93ml8k$kua$[EMAIL PROTECTED]...
Posts to the NG for me don't seem to show. Please pardon the test.
--
Jason Roysdon, C
My suggestion to people is to set the snmp chassis-id variable to the serial
number whenever you first touch a new router.
--
Jason Roysdon, CCNP/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""John
201 - 240 of 240 matches
Mail list logo
