Fred R. You're obvious a pretty smart guy. Your posts here are
very well structured and helpful.
Don't put so much stock in the CCNP(NA) vs. bgp.
I had my ccna only a few short months, when we went to multihoming
with BGP.
Do you really think that the small enterprise is going to
use all the
Vpn's dont like out of order packets. Forget load balancing
at layer3. USE MLPPP and do layer 2 load balancing.
CEF may or may not be needed. You have to experiment with CPU
util. I do the same thing.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74430t=74429
I am running compression based ssl vpn for extranet. this allows
without a client 8 to 1 or so compression ratio for mostly spreadsheets sent
over port 80.
also the box is managed by ssh.. what do you mean by telnet ?
most protocols such as ldap, exchange, etc, are very well compressed and
work
Look into IOS bridging. You would then see layer 2 broadcasts
(not unicasts) come through the router. This is true regardless of
whether or not the actual switch on port 1 is a span port or not.
Even if the first router port (connected to the network) is on a switch's
span port, the layer 2
www.netscaler.com
their box does compression, and it has so many dos prevention and
other killer things it blows away the competition. We went with it
based on the performance it had during a syn flood blizard, and their
ssl vpn rocks!
Message Posted at:
Isn't really just a crossover rj-45, i mean same cat5 ends ?
That is what I use with the pinout.
1 to 4
2 to 5
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72596t=72585
--
FAQ, list archives, and subscription info:
Yes. Just add the safe test. CSFPA, VPN3000 are all similar
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72536t=72508
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and
Keith and Mark are correct. One thing to add, dont
permit icmp any any. You definately dont want to allow echo and
other stuff from the internet for security reasons... It will
allow script kiddie's to map your network. A better way is
to only allow echo-replies, time-exceeded (trace routes),
Then You need a network without switches. Without the span
port, all unicast frames will only be forwarded to their correct
destination ports.
Your sniffer will not see the traffic.
Using RMON/SNMP, its possible to poll some data directly from the switch,
such as statistics, etc. I don't know a
maybe your trying to resv nearly a gbps on a 100mbps interface.
Its telling your smallest is 8kbps, largest is 100mbps.
Looks like nothing to do with MTU, just simple math. How can
I RESERVE more than I can possibly trasmit at once ?
Message Posted at:
Try Private-I or Sawmill.
I prefer Sawmill.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72355t=72328
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure
in the new codes, if you turn on ip load-sharing per-packet
cef is automatically enabled globally.
CEF as far as performance issues, uses a bit of ram equal to the
number of routes in your FIB (routing table). Cef builds its
own little adjacency table to do those really fast lookups.
For modern
I think Doyle's VER1 book is too old. See if he mentions this
in TCP/IP v2.
In my lab (running all 12.2(17) 05/15/03) You must redistribute
with default information or redis commands.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=72240t=72211
I made the same mistake.. are you running late model code ?
they have option to run 3 kinds of lan2lan tunnels, originate only, answer
only, and Bi-directional.
Do you have any lan2lan tunnels config'd ?
First thing DISABLE vrrp
Configuration System Ip routing redundancy
on both.
If
This horse has been beat dead far too many times. The default
route must come from EBGP so the tag field is populated with
meaningful data (last i recall)
I my lab I just know it never works from IBGPREDIS OSPF
Must be EBGPOSPF
Message Posted at:
You can 'push' the .pcf file profile during the install with a
simple batch file, or via the .ini file utility that comes with
the client.
the best way, is setup a vpn package, with silent install. It will
install and reboot the clients.
The group user/name is encrypted in the pcf file, so I
PVST+
Except no substitute. Hardcode everything. No PAGP, DISL, or VTP
EVER AGAIN. Next make sure your root bridge is really what you think
it is (knowing what spanning-tree uplink fast does to bridge priority, etc).
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70807t=70797
(this from my usenet post on kazaa) apply source/dest ip when making
traffic shaping decisions!)
the problem is the response from the user in your org to the internet
is not going back over port 1214.. usually it will hit 1214 and go
back like 2000 to 4000 tcp (assuming windoze boxes)
your best
I think in global config,
Router(Config)#ip forward-protocol udp 798
Router(Config)#ip forward-protocol udp 799
Research the ip forward-protocol command on cco. remember the
ip helper-address is for specific ports/protocols only.
Message Posted at:
Most of those are not re-certified. I would like to know of the
11,000+ ccie's how many are still active ?
I guess they retire your number even if you become inactive.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70208t=70162
--
Want a laugh.. I was installing Redhat 8 (graphical install)
during the install was an advertisement for the RHCE. I would
like REDHAT to answer this...
If your RHCE is so great (Top Overall IT Certification), then
why is a Cat6k (sup1/2 clearly visible) in the background ?
check out these
You need a router when running them parrallel.
The router will determine internet traffic goes to the pix, remote
vpn lan's etc go to the vpn 3000.
Mine is like
VPN 3000 PIX
10.0.0.210.0.0.10
10.0.0.0/24
10.0.0.1
RTR
No Read what the tunnel default gateway does... (from the concentrator
page where you set it)
Enter the IP address of the default gateway or router for tunnels. Enter
0.0.0.0 for no default router.
This is used to have a different gateway for IPSEC tunnels than
for ip routing..
What we are
What's sloppy about it ?
Would you prefer the overhead of an acl ?
Please suggest a better way..
But with the AD in there set to 200, it looks like a route
in a holding pattern for bgp redistribution.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=66759t=66755
HYBRID, Especiall for someone like you who needs uptime/redundancy.
In hybrid, if the MSFC dies, you don't loose the whole switch,
just intervlan routing, etc. You can still telnet to the supervisor
engine to get and and find out whats up.
In native the whole switch dies and your burned.
the office 3000 concentrator will route packets between each spoke
client (3002). Its sort of like a hub spoke frame relay network in a
routing sense.
For implementation, just make sure the 3002 are passed routes
via their split tunneling network list on the the 3000 concentrator.
Or if your
Yes. Do it all the time. I also use it as a remote office router
for other clients on the lan behind the 3005.
It has great built in nat functionality (PAT REALLY !). Along with
filter lists for security your set.
But for clients, just enable split tunneling. Let them get to
the internet
what you need to do is learn to use the whodo utility
in mrtg\contrib directory..
Of course you will need to learn ip accounting if you don't already.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=61100t=61084
--
FAQ, list
Responses in line
1. what do I do for Redundancy, ( VPN Redundant Bundle)
It runs VRRP for concentrator redundancy. For user sessions you
make a cluster using VCA under
Configuration | System | Load Balancing.
For redundancy on LAN to LAN tunnels its much harder..
They way the concentrator
are
killing wins replication.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: Sean Knox [mailto:[EMAIL PROTECTED]]
Sent: Sunday, April 14, 2002 2:13 AM
To: [EMAIL PROTECTED]
Subject: RE: WINS replication problem across PPP network [7
from my experience using such an as-path regex, ^10$ would be ONLY 10
and _10_ would be containing 10 in the path there for denying 4513 10 as
well
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: Steven A. Ridder [mailto
system.sysUpTime.0
1.3.6.1.2.1.1.3.0
works all cisco stuff
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: John Jackson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 11:18 AM
To: [EMAIL PROTECTED]
Subject
from my experience using such an as-path regex, ^10$ would be ONLY 10
and _10_ would be containing 10 in the path there for denying 4513 10 as
well
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: Steven A. Ridder [mailto
system.sysUpTime.0
1.3.6.1.2.1.1.3.0
works all cisco stuff
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: John Jackson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 10, 2002 11:18 AM
To: [EMAIL PROTECTED]
Subject
ip as-path access-list 1 deny _65001_
outbound from 65002 towards 65003 dosent work ?
have you tried both route-map match as-path 1 and
neighbor 1.1.1.1 filter-list 1 out ? (not at the same
time of course :)
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695
MRTG with PING PROBE SCRIPTS.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: Mike Bernico [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 10:06 AM
To: [EMAIL PROTECTED]
Subject: RE: Network latency [7:40295
that
have never had beyond level 1 on a production router. Would you take make
out advice from the loser geek
virgin ? Business advice from Enron ?
You must unlearn what you have learned. - yoda
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original
managers who they have been
interviewing so you can badmouth that candidate, to get one of yours in.
That is the business. EVERY HEADHUNTER does this.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: John
configuration, puts
ip addresses and specifies encapsulation per sub-if, and each each sub-if is
assigned a vlan #.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Kelly Cobean [mailto:[EMAIL PROTECTED]]
Sent
MOTEL 6 - SAN JOSE AIRPORT, CALIFORNIA #1007, San Jose, CA US 101/Bayshore
Freeway at the 1st Street exit Ph: (408) 436-8180
(its by a car rental place and accross the fwy is a hyatt..
used to live there at that hotel... :)
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
Moreover, the 6509 complains (cat-os) if it hears BPDU's on a port
configured for Portfast . That port
is automatically, immediately disabled.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Mike
as a Cisco VPN Concentrator, which comes with 100 USERS for only around $4K.
The Checkpoint is garbage. Avoid it
at all costs. Long live Altiga (Cisco) VPNs.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
-Original Message-
From: [EMAIL PROTECTED
David Letterman's top 10 reasons this customer can't browse the internet:
10) PPP - Pre-Historic Pathetic Protocol
9) ISDN - Inferior Service for Dinosaur Networks
8) DNS - Dosent' networking Suck
7) ACL - Adamantium Cisco Locks
6) RIP - Rest In Peace (V2 also)
5) BGP - Big Geek Past-time
pix will respond with error if you do more than 1 static command (specify
more than one
public private translation, using the static command). Pix dosent offer
extendable either
(im running 6 train on the pix)
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695
100%, anything less, john chambers puts your name in a database that
prevents you from
working on his equipment for 10 years.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: john jones [mailto
mrtg
configs.. because i think the other
parts of my memory in I/0 are reserved for IOS and shouldn't be counted..
plus the OID only concerns processor
memory.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original
loser
ISP.
No thanks
read this
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/mxinf_ds.htm
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: John Neiberger [mailto:[EMAIL PROTECTED]]
Sent: Wednesday
our
government all you want,
at home you have free reign of the net.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Chuck [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 20, 2002 9:35 AM
No. Its usually non-portable space. Unless your a really important company
like USPS that has tonnes of portable space
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Steven A. Ridder [mailto:[EMAIL
www.memoryx.net
great prices, selection
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Ronnie [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 16, 2002 6:38 AM
To: [EMAIL PROTECTED]
Subject
www.memoryx.net
great prices, selection
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Ronnie [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 16, 2002 6:38 AM
To: [EMAIL PROTECTED]
Subject
IOS based switch -
3524XL_ATL(config-if)#mac-address ?
H.H.H MAC address
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Kwame [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 13, 2002 10
| System | Events | Classes
for all 3 auth's
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: Jim Bond [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 05, 2002 5:50 PM
To: [EMAIL PROTECTED]
Subject
are you running cef with NAT ?
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: bergenpeak [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 02, 2002 4:03 PM
To: [EMAIL PROTECTED]
Subject: cef
get real.. what SDSL Provider is going to do BGP with you ?
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651 - 7795 Fax
-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 12:20 PM
To: [EMAIL
see comments below
-Original Message-
From: Gaz [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 26, 2002 3:51 PM
To: [EMAIL PROTECTED]
Subject: Limit access to serial link to four users [7:33306]
Hi all,
I'm after some ideas if you'd be so kind :-)
A 2Mb link being used mainly for
on a private peering arrangement, thereby nullifying your prepends.
Unfortunately
there is nothing you can do.. if you were a hi-cap T-3 or larger customer,
they
might traffic engineer this for you.
Joseph Brunner
ASN 21572
MortgageIT MITLending
New York, NY 10038
(212) 651 - 7695 Voice
(212) 651
57 matches
Mail list logo