I have a 1750 with a /29 assigned to me, and I need to create a DMZ to put
a DNS server on so that I can control access using CBAC. My FastEthernet
interface is trunked to a Cat 2924. I'd like to have the /29 on one
subinterface which talks to PacBell's router, and take a /30 out of the
/29 and
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Nigel Taylor
Sent: Sunday, August 11, 2002 11:51 AM
To: [EMAIL PROTECTED]
Subject: Re: * Routing/Subnetting question [7:51193]
James,
See Inline..
- Original Message -
From: James Wilson
To:
Sent: Sunday, August
All you have to do to do NetBIOS over the internet is either use WINS or
reference the share by IP address, assuming you are using either NT or
Win2K.
For instance, from a command prompt:
net use X: \\123.123.123.123\C$ /user:ntdomain\ntusername
Thththththats all folks.
God knows why you
I disagree that most ISP's block the following:
tcp or udp 135 (mapping)
tcp or udp 137 (NetBIOS Name Service)
udp 138 (NetBIOS datagrams - the actual data)
tcp 139 (NetBIOS Session)
Any more than they block the rest of it. If they did, for one thing, your
firewalls wouldn't be blocking this
I have a 1751 trunked to my c2924XL running IP/FW/IDS/PLUS/IPSEC/3DES and it
only supports dot1q trunking on the 100Mb interface. Works like a champ,
though.
--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
non sunt multiplicanda entia praeter necessitatem
William of Ockham
Be afraid. Be very afraid.
At least if you plan on having any sensitive information used with it.
But hey, King Bill decried that all Microsoft software is now secure and
security is number one at Micro$oft, so you should be safe.
--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
For Linux/Unix I'd recommend c-kermit; it is a powerful open-source program
that is easy to use.
--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
non sunt multiplicanda entia praeter necessitatem
William of Ockham (1285-1347/49)
-Original Message-
From: [EMAIL PROTECTED]
On this same subject, how secure or how vulnerable is ISL or dot1q trunking?
Is it vulnerable to arp attacks?
--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
non sunt multiplicanda entia praeter necessitatem
William of Ockham (1285-1347/49)
-Original Message-
From: [EMAIL
Hear Hear - good job!
--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
non sunt multiplicanda entia praeter necessitatem
William of Ockham (1285-1347/49)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
George Dodds
Sent: Friday, January 25,
Until the list is locked down you will continue to get spammed.
--
James D. Wilson, CCDA, MCP
Sr. Network/Security Engineer
non sunt multiplicanda entia praeter necessitatem
William of Ockham (1285-1347/49)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Go into config mode
go into the vlan interface you want to be the default vlan
type manage
voila
conf t
int vlan 24
manage
end
wri mem
Mark Odette II wrote:
Let me clarify my statement:
...Some Catalysts may just simply not allow dropping VLAN 1, as it can be
the
only Administrative
Where I work we have two circuits to the Internet with two different
providers. We configure GRE tunnels to each with the endpoints being two
routers at the main office with feeds from each of those two providers. We
then run EIGRP across the GRE tunnels, which (1) gives us load balancing and
If you are going to a Catalyst you can set up the interface as either an
802.1Q or ISL trunk and put as many VLANs across it as you like. Instead of
having to do secondary addresses you simply create subinterfaces. I did
this with my 1751 at home trunking to my 2924XL using 802.1Q encapsulation
Also using VLAN trunking you can place access lists on the various
subinterfaces, as well as NAT...
John Mairs wrote:
Hi,
I have a 2501 (one ethernet interface) and I wanted to
route over that interface by setting up two
sub-interfaces. I can't assign an address because it
replies with
This is such a good mailing list - it is a shame they won't secure it from
the spammers. Its easy to do if you give up allowing open posts via
non-smtp or non-member smtp sources. In the age of free email accounts
anyone can get an email account and participate on mailing lists without
using
I have enhanced ADSL service with PBI here in San Jose and have purchased a
1751 with the WIC1ADSL. Do I need any information from PBI to configure
ADSL support? Has any list member in the Bay Area configured ADSL with
PBI? I've seen some sample configurations but do not know if they apply to
Michael - please send me the list of prices...
Michael Paulson wrote:
I am a network consultant working with a large financial firm. They
just foreclosed on a Web hosting facility. The facility had quite a bit
of Cisco gear. Most of the gear is between 6 and 12 months old. It is
I saw this as chmod +x /bin/laden also.
The +x means to make it executable. I concur.
Albert Y. Pak wrote:
I would do:
chmod a +x /bin/laden
Hehe!
Albert
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Andy Hoang
Sent: Wednesday, October
Aloha Paul,
The double opt-in or confirmed opt-in is where you send a subscribe message
to the list, the list sends a response to the address being subscribed, and
the user has to modify and reply to that message before the subscription is
processed. Done properly this defeats any automated
D. Wilson, CCDA, MCP
non sunt multiplicanda entia praeter necessitatem
William of Ockham (1285-1347/49)
-Original Message-
From: James Wilson [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 29, 2001 7:22 PM
To: Paul Borghese; [EMAIL PROTECTED]
Subject: RE: DNL Blackhole list for GroupStudy
My recommendation would be to require a confirmed email subscription process
which only allows posts from specific subscribed email addresses and not
from web forms. Furthermore your web archives should strip out any personal
email addresses to keep spambots from harvesting addresses. Also make
since they have to pay for every minute on the 888 number everyone should be
sure and call them and let them know how much you appreciate having their
spam shoved down your mailbox. Call long, call often.
-
James D. Wilson, CCDA, MCP
non sunt multiplicanda entia praeter necessitatem
William of
A better question is why the Groupstudy mail server does NOT record the IP
address of the submitter of the message in the headers. Sendmail records
this information by default unless you configure it not to do so. For that
matter, why the groupstudy mail server does not have RFC compliant DNS
How about a 7 day delay of posting rights. One week after subscribing the
person would have to reply to a message sent to the original subscribing
address. For those seven days the subscriber receives posts but cannot post
themselves. Most spammers use throw-away accounts that are valid for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
HP Openview Network Node Manager...
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Isn't this list confirmed double opt-in and posts restricted to
members?
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
-BEGIN PGP SIGNATURE-
Version: PGP 6.0.2
Hi Tim,
This is typical behavior when using Frame Relay in a main serial interface.
This is because unless you are using a point a point sub interface the
router relys on map statements or classes to map layer 3 ip addresses to
layer 2 DLCIs in the frame cloud -- even though you have given
in notepad, copy it, then paste to host while in the terminal program.
I couldn't believe how many people tell me they type all this junk at every router.
This will save you probably 20 minutes.
Tony
--
[=[ www.cisco.com ]====]
Ja
Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
James Wilson
Sent: Saturday, December 02, 2000 7:41 PM
To: Tony Olzak
Cc: [EMAIL PROTECTED]
Subject: Re: Speed Tip
Good tip... but be very very careful -- If you accidently saved this file
somewhere you would
]
--
[=[ www.cisco.com ]]
James Wilson cisco Systems
Customer Service Engineer, I
Global On Site Services||||
||||
Phone : +61-2-8448-7919
another restriction you're facing please advise
soonest...I'm now very interested in this one. Thanks, Frank
James Wilson wrote:
Nope, all one subnet. i.e all interfaces are on the 10.1.X.X/16 subnet
Hence the problem.
Im well aware this is the normal partial mesh behavior and tha
All,
Thanks for the help, especially Aaron Dixon... Below are the working
configs, solved through using Policy Routing which i hadnt thought of.
R1
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1-Ob
!
!
interface
Hi Jenny,
To see the actual protocol-specific routing table you have to use the
protocol specific command...
For example :
sh ip ospf database
sh ip bgp
Cheers.
At 11:07 AM 27/11/2000 +1100, [EMAIL PROTECTED] wrote:
Hi all,
Does anyone know if there is an IOS command that will show the
Hi All,
I hope someone can shed some light on the problem I have come across in the
following scenario :
Three routers, R1,R2 and R3 all connected via a Frame Relay cloud with a
router in the middle doing frame relay switching. The frame switch is _not_
fully meshed. R1 is acting as the hub
...and as always, comments are welcome ( and in fact expected
;-)Frank
James Wilson wrote:
Hi All,
I hope someone can shed some light on the problem I have come across in the
following scenario :
Three routers, R1,R2 and R3 all connected via a Frame Relay cloud with a
router in the middle
IP?
Look into Proxy ARP.
Just a thought, I've never tried this but, is there a way to make a static
ARP entry?
Rodgers Moore
"James Wilson" [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi All,
I hope someone can shed some light on the p
generate default routes for the spokes or use policy
routing to set the default next hop.
Regards,
Aaron K. Dixon
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Frank B.
Sent: Sunday, November 26, 2000 10:27 PM
To: James Wilson
Cc: [EMAIL PROTECTED
Depends on your paper, and thats going a little beyond the NDA.
At 11:45 PM 23/11/2000 -0800, ShahzaD Ali wrote:
Hi there,
Is it true you need to troubleshoot entirely a new scnerio when you are
trouble shooting in day 2? AnyOne knows about this?
Regards,
SchahzaD
The MAC address criteria is used when the routers bidding for active status
have the same priority
At 08:52 PM 22/11/2000 +0400, Naveen Sharma wrote:
Dear friends,
Cisco press book says lowest MAC address router becomes the active router
(In HSRP). At other place it says router with highest
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Both of you please stop sending rich text or html messages to the
list.
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
- -Original Message-
From: [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
That one is a reworked Veri$ign commercial ad with a Thawte (who used
to give out free certificates so Veri$ign bought them to kill the
competition and the only good source of free certificates with
pre-programmed support in the browsers.) Veri$ign
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What is the code at the bottom of your email or flier?
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
What is the URL for the tour?
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Apoorva
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And implementing MRTG on Intel or *nix is a breeze. You can graph any
SNMP OID that is numeric. On NT, if you use Perf2MIB you can graph
anything Performance Monitor can get.
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
MRTG is an open-source PERL-based tool that can poll and present
graphical representations of any numeric SNMP value.
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The difference for me was when I did the flash I didn't get the offer
but when I did the html version and paged through it I did...
- -
James D. Wilson, CCDA, MCP
"non sunt multiplicanda entia praeter necessitatem"
William of Ockham (1285-1347/49)
46 matches
Mail list logo