""MADMAN"" wrote in message
news:[EMAIL PROTECTED]
> The big thing to watch out for is line card support. Most OSM cards
> are only supported in Native mode and the inverse is true with many
> voice modules. I can't think of any other operational differances that
> would make me lean to one meth
I don't usually post but I follow the discussions with a great deal of
interest. This discussion is particularly interesting and has prompted me
out from under my rock to throw in my 2 cents worth.I'll climb back under my
rock when I'm done.
> 3.
> Linux, what can I said about this little friend?
All,
I am planning to put a VPN concentrator parallel with a Firewall.The problem
I am concerned about is the default gateway on the servers and other
workstations.
Since the concentrator is sitting parallel to the FW, The servers have a
router which is on the same subnet as the Firewall inside i
James Gosnold wrote:
> Um, probably a silly one for you all.
>
> I have a 1721 router at either end of a leased line. I telnet into the
> router and:
>
> Router#debug serial int
> Serial network interface debugging is on
> Router#terminal monitor
>
> And nothing. Shouldn't I get some debug messa
In the event that you are running an internal dynamic routing protocol that
would normally be the reason why the /24 is in your routing table (hence the
ability for it to be in the BGP advertisements), should the place you are
dynamically routing it to go away, so does your route in the IGP, thus s
Though to answer your question :)
Summarization means advertising the biggest network you choose/should
advertise. If you had a /23 that was routed as 2 /24s in your network,
you'd summarize those as a /23 on the way out of your network to keep the
routing table smaller...
You should probably do
UNSUBSCRIBE [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66814&t=66814
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
thanks a lotDanny Free wrote:
>
> OOPS,
> I forgot to add on Router 2:
> !
> router ospf 100
> area 0 authentication message-digest.
>
> :))
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66815&t=66648
--
FAQ, list archiv
Hi,
I have a weird CSS/CE problem that I couldn't figure out. I appreciate
if anyone can help me out.
We use 1 CSS11500 and 2 CE590s as proxy server to connect to the
Internet. Users at main office don't have any problems. Users at branch
office couldn't open a particular site page. That page j
Sent this email out a while back but didn't get any response. Wasn't
sure if it didn't get through...Please help if you can...
I currently have the Cisco ACS and would like to implement a VPN 3000
series solution with a token server. If you have done or researched
2-factor authentication, which
I would have to take issue with the following statement:
"
You should of course harden any Internet facing network device, however
the point is not really the type of server OS you run, or the Apps on
it, but how good you are at proactively keeping them patched.
"
-MANY- so-called vulnerabilities
Especially since we run native in all our 6500's
that perform L3 task in the corp network here...
Larry Letterman
Network Engineer
Cisco Systems
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> MADMAN
> Sent: Thursday, April 03, 2003 3:38 PM
> To
Hello Group.
I read all that you guys wrote about this interesting issue about Linux Vs
Cisco.
The following are the ideas in my mind:
1.
I think this is more something about what you like to do, what you love to
do. I currently hold several IT certifications (MCSE, MCDBA, CCNP, MCSA)
and this
The big thing to watch out for is line card support. Most OSM cards
are only supported in Native mode and the inverse is true with many
voice modules. I can't think of any other operational differances that
would make me lean to one method or the other. The 6500 is the only
"box" being manuf
Passing score is 760, took it last Dec, its a bear, took it 2X's. Studyup on
protocols. HTH's
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66806&t=66704
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list
There are still some functional/operational differences between 6500 hybrid
and native modes with the current CatOS and IOS versions available. A white
paper on the topic is located at (watch for any wrapping):
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09
186a00800c
I discovered one thing that you can't do that you might think you could do.
After I recertified as a CCDP, I wanted to just take Support to recert as
CCNP. After all, theoretically I had recertified for everything else just by
taking CCDP. Alas, they wouldn't let me do that. I had to do the gruelli
What! I have a switch running Native in the lab with dual sups
configured for RPR+, works fine. RPR is what the 7500's with dual RSPs use.
Dave
Joseph Brunner wrote:
> HYBRID, Especiall for someone like you who needs uptime/redundancy.
>
> In hybrid, if the MSFC dies, you don't loose the wh
thats true, however a switch is kinda useless in
the network if the devices cant talk to anywhere past the
local switch...
Larry Letterman
Network Engineer
Cisco Systems
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Joseph Brunner
> Sent:
You can look at it that way..
Instead of having a switch and a router
you actually 1 device with one IOS running
that does the job of both other devices..
Larry Letterman
Network Engineer
Cisco Systems
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
this is the current nat setup I have on one of my PIXs:
global (outside) 1 xxx.xxx.223.235-64.172.223.236
global (outside) 1 xxx.xxx.223.237
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
heres the translations:
PAT Global xxx.xxx.223.237(16882) Local 192.168.2.18(2193)
I think thats the maximum of asynchronous communication that they've put
into their documentation, I don't think there is an upper limit to the real
transfer rate. I suppose you could clock a asynchronous transmission way up
into the Mbps range and that interface would still suck it in. granted the
your example is fair. I haven't seen many real example of load balancing. in
the case you're describing you can simply change the metrics on one of the
routers 'secondary' link to the other router. this would prevent it from
passing anything it received from the one router back to itself. yes the w
UNSUBSCRIBE [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66796&t=66796
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to
You are right, it is using BGP. What does summarization do?
Do I need an identical statement for my new Class C?
Thanx,
Anil Gupte
- Original Message -
From: "Karsten"
To: "Anil Gupte" ;
Sent: Thursday, April 03, 2003 10:46 AM
Subject: Re: IP route to Null0? [7:66755]
Either a sloppy
I'll clarify. On lower end cisco routers not running
bgp, yes, it will save you some cpu cycles. But most
of the routers I'm working on a day to day basis(12Ks, 10Ks, 7200s)
are running full table and hardly get slowed by by acls.
Not to mention the problems a null route (for the purpose
of bit-bu
No. But you can now delete individual files and squeeze the flash
which is relatively new!!
dave
Symon Thurlow wrote:
> Can you format flash in a 3600?
>
> -Original Message-
> From: Larry Letterman [mailto:[EMAIL PROTECTED]
> Sent: 03 April 2003 10:49
> To: [EMAIL PROTECTED]
> Sub
my company does a lot of firewall consulting and I run into this question
all the time. frankly I don't have a great answer for it though.
packet filters (i.e. access-lists) are technically first generation
firewalls, so they do have a firewall in place already.
the sell really comes into play whe
Native means that the sup/msfc module is running IOS for the
routing and switching, similar to the 3500 switches...
Hybrid indicates that the switch sup will run Cat-os for the switching
function and the msfc will run IOS for the routing functions...similar to
a Cat5000 with the RSM...
Larry
If you really want to make big money, go for MPLampS:
http://www.ietf.org/internet-drafts/draft-bala-mplamps-04.txt
Very specialized, but big market,
:-)
Eric
- Original Message -
From: "nrf"
To:
Sent: Thursday, April 03, 2003 4:20 AM
Subject: Re: A career in MPLS. [7:66609]
> ""C
He appears to have done that..
the erase command is the format function for the
3600 flash card...
Larry Letterman
Network Engineer
Cisco Systems
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Symon Thurlow
> Sent: Thursday, April 03, 2003 1
null0 is used as an alternative to access-lists. it is a blackhole. so
anything routed to it gets dropped automatically. an access-list uses more
processor overhead than a null interface and thus if you have a certain part
of your network that you don't want to go anywhere, then use a null
interfac
well georgeW,
your questions seem a little hidden. what are you asking? why an ISP would
need a server? for dns is the first example that comes to mind.
btw, 4 more?
scott
""George"" wrote in message
news:[EMAIL PROTECTED]
> A computer is to be purchased for an Internet Service Provider (ISP)
So ... doesn't that give them enough supporting evidence all by itself?
If not, maybe it is a lost cause?
As an aside - a pix, if it was permitting the offending port through as
well, may not have stopped the worm either. Think "Defense in Depth". A
firewall, while a necessity for -every
should work fine.
You can also test this out by sending a constant data stream via ftp or
something and then start a voice conversation.
""dj"" wrote in message
news:[EMAIL PROTECTED]
> I'm setting up LLQ over hub-'n-spoke frame-relay WAN and want to use the
> following funky looking access-list
I was just reading about this the other day and book-marked this link (watch
for wrap):
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note0918
6a00801350b8.shtml
Shawn K.
-Original Message-
From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED]
Sent: Thursday, April
thanks for the advice. seems like very good and concise info!
I have to laugh though, I started my ccnp over two years ago, passing three
of the four tests and then got caught up in work related projects (damn
work!) and put my certificatiosn on the back burner. the funny thing is, my
ccna was abo
So if I read this right, it is just a different set of commands. Are there
operational differences?
-Original Message-
From: MADMAN [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 3:44 PM
To: DeVoe, Charles (PKI)
Cc: [EMAIL PROTECTED]
Subject: Re: Hybrid vs. Native [7:66766]
De
DeVoe, Charles (PKI) wrote:
> We have a 6509 and I have heard talk about native vs. Hybrid mode of
> operation. What is the difference? Is there a link to a white paper or
> something?
That question comes up periodically but the in a nutshell a 6500 in
native mode is a big router, no catOS
This prompts me to say something about a comment from a previous poster
about how vulnerable Windows is compared to Linux/xBSD etc
I see many, many vulnerability alerts weekly for *nix based systems.
Probably just as many as you see for Windows.
You should of course harden any Internet facing net
HYBRID, Especiall for someone like you who needs uptime/redundancy.
In hybrid, if the MSFC dies, you don't loose the whole switch,
just intervlan routing, etc. You can still telnet to the supervisor
engine to get and and find out whats up.
In native the whole switch dies and your burned.
Cisco's
It looks good to me,
All that is necessary is the following:
Logging on
Logging monitor debug
Term mon (Each time you telnet in)
Debug
Traffic to your telnet session should now be generated.
-Original Message-
From: James Gosnold [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003
conf t
logging console
- Original Message -
From: "James Gosnold"
To:
Sent: Thursday, April 03, 2003 9:37 AM
Subject: Debug display to VTY [7:66762]
> Um, probably a silly one for you all.
>
> I have a 1721 router at either end of a leased line. I telnet into the
> router and:
>
> Route
Can you format flash in a 3600?
-Original Message-
From: Larry Letterman [mailto:[EMAIL PROTECTED]
Sent: 03 April 2003 10:49
To: [EMAIL PROTECTED]
Subject: RE: IOS Download to the new flash [7:66739]
Looks like a bad flash card..try another flash card..
if it wont erase correctly, I don
The Shiva client is pretty good, kicks off domain authentication after
the tunnel is up.
-Original Message-
From: Doug Korell [mailto:[EMAIL PROTECTED]
Sent: 02 April 2003 19:06
To: [EMAIL PROTECTED]
Subject: Re: NT domain access after connecting through VPN [7:66618]
Thanks for your in
Hi Robert,
This is what I have.
Router#show log
Syslog logging: enabled (0 messages dropped, 0 messages rate-l
Console logging: level debugging, 413770 messages logged
Monitor logging: level debugging, 285 messages logged
Logging to: vty6(0)
Buffer logging: disabled
Lo
there's an access list on the ethernet interface thats directly connected to
a dsl modem.
they're allowing telnet and smpt to basically, any any plus various other
protocols from/to specific addresses. There're only two outside addresses
that are natted but its really hideous and the access list
Sloppy!? why??
Dave
Karsten wrote:
> Either a sloppy way to drop traffic for a /24, or bgp
> summarization using null routing.
>
> -Karsten
>
> On Thursday 03 April 2003 07:40 am, Anil Gupte wrote:
>
>>I am trying to understand some IP route commands on our router. Several of
>>them go to
We have a 6509 and I have heard talk about native vs. Hybrid mode of
operation. What is the difference? Is there a link to a white paper or
something?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66766&t=66766
--
FAQ, list ar
Do a "show log" and see if logging is disabled
You might need to do a "logging on"
-Original Message-
From: James Gosnold [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 12:38 PM
To: [EMAIL PROTECTED]
Subject: Debug display to VTY [7:66762]
Um, probably a silly one for you all.
I'm setting up LLQ over hub-'n-spoke frame-relay WAN and want to use the
following funky looking access-list to mark voice packets for the high
priority queue. This access-list logically works, but my question is:
Is this legal?
access-list 101 permit ip any 10.10.X.201 0.0.255.248 precedence
crit
Easy, show them RFC 3514 and let them know you would need a firewall to
block the "Evil" bit...cash, check or charge?
-Original Message-
From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 11:46 AM
To: [EMAIL PROTECTED]
Subject: RE: hacking challenge [7:66
Priscilla Oppenheimer wrote:
> The CCNP Recertification Exam was gruelling, and that's no April Fool's
> joke. But I survived it! ;-)
>
> Exam number: 640-851 (the current one)
> Number of questions: 112
> Time: 2 hours
> Passing Score 732
> My score: 834
>
> Is anyone else taking it soon? Here's
there are 100 questions on the new r & s written...pass mark is 70 % &
fluctuates based on "statistics"
Timur Mirza
Principal Network Engineer
Enterprise Core Network
Verizon Wireless
15505-B Sand Canyon Avenue
Irvine, California 92618
949.286.6623 (o)
949.697.7964 (c)
Message Posted at:
http:
when i failed in november, it was 150 questions/3 hours/58% pass mark
-Original Message-
From: alaerte Vidali [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 6:58 AM
To: [EMAIL PROTECTED]
Subject: RE: Question about the Revised R&S CCIE Writte [7:66715]
When the last exam format
How i configure SNMP mensages in 1700 series router ???
Tanks
Frederico Madeira
Coordenador de Suporte
N. Landim Comircio Ltda
PABX: 81. 3497.3029
e-mail: [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66764&t=66764
-
Rusty,
I'm not clear from your question if there is an acl blocking everything
inbound to the nt servers except smtp and telnet or if the acl is for
inbound to the router itself. In the former case, unless your client is
forcing their users to use good passwords, it's likely that a brute
force te
> However don't let a firewall be your end all
> do all solution. Look into hardening you Server OS, if its Win2k try
> learning about group policy's they are a wonderful addition. If it's
> Novell or Linux, sorry I can't be much help. But the rule applies
If you're looking for security on Win2
Um, probably a silly one for you all.
I have a 1721 router at either end of a leased line. I telnet into the
router and:
Router#debug serial int
Serial network interface debugging is on
Router#terminal monitor
And nothing. Shouldn't I get some debug messages here, keep alives and such
between th
Wilmes, Rusty wrote:
>
> this is a general question for the security specialists.
>
> Im trying to convince a client that they need a firewall
>
> so hypothetically,
>
> if you had telnet via the internet open to a router (with an
> access list
> that allowed smtp and telnet) (assuming you
Either a sloppy way to drop traffic for a /24, or bgp
summarization using null routing.
-Karsten
On Thursday 03 April 2003 07:40 am, Anil Gupte wrote:
> I am trying to understand some IP route commands on our router. Several of
> them go to Null0 - what does that mean?
>
> For example, I have
>
nrf you make an excellent point, as always.
As an example, I just got a job (can you believe it in this economy? ;-)
teaching at Southern Oregeon University. The networking classes don't have
many people in them, partly because students know that the labs aren't
great. We have some Cisco gear, whi
What's sloppy about it ?
Would you prefer the overhead of an acl ?
Please suggest a better way..
But with the AD in there set to 200, it looks like a route
in a "holding pattern" for bgp redistribution.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66759&t=66755
Depending on the servers you could do it in 5 min. There is an
annonamys account that runs over netbios in the 130's port area. If
there isn't a firewall in place to filer this port you can use the "net
use" command and have access to the box. After this you can download
the backup copy of t
I am trying to understand some IP route commands on our router. Several of
them go to Null0 - what does that mean?
For example, I have
ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200
What is this doing?
I need to add another block of class Cs from the same provider. Do I need
a similar statement
70%
On Wednesday 02 April 2003 05:11 pm, Mirza, Timur wrote:
> do you know what the pass mark is?
>
> -Original Message-
> From: Karsten [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 02, 2003 3:43 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Question about the Revised R&S CCIE Written Ex
May I suggest a quick and dirty lab to test the various theories that have
been described in this thread.
1) Take a router, create four loopbacks with /32 masks out of the same /29
range.
2) set up your NAT pool with only two outside addresses. Then set the
outside interface. Maybe shorten the ti
When the last exam format was introduced (September if I am right) the pass
mark was 70%. Lately I heard it was around 57% (it was my grade when I
failed in September - life needs to go on).
Maybe the new exam also started at 70%. Does it?
Message Posted at:
http://www.groupstudy.com/form/read.p
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66751&t=66744
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Until now I could not find out if the number of questions also decreased. It
seems not to be documented anywhere.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66749&t=66706
--
FAQ, list archives, and subscription info: http://www
I have been following this thread with great interest, for I had
problems with PAT/NAT in IOS recently. It looks to me that many people have
the same confusions (hopes) as I had.
I have a case where I have many users on private address space
(around 1000 or so) which must be NAT-ed through
You are correct, the card can aggregate the dandwidth as long as you dont
use the second port .. you can also do this on 8 port sync/async
cards...have used this for high speed frame-relay !
Andrew Larkins wrote:
>
> I noticed the same thing. From my understanding it works great
> but the
> prob
Hello group...
Let's put an example:
PUBLIC POOL:
X.X.X.0 X.X.X.4
Four public ip addresses (it's only an example!!)
Supppose that the first three clients
arrives(clients are computers that try to get
internet), the router does NAT (1:1), ok?? Now the
fourth client arrives, so
Have a look at What's Up Gold.
Best regards,
Dom Stocqueler
CTO - SysDom Technologies
===
IMPORTANT: This email is intended for the use of the individual
addressee(s)named above and may contain information that is confi
According to my experience you have got it the wrong way round.
Cisco IOS will do NAT until the pool runs out, then do PAT on the last IP.
This was a major issue when then documentation suggested the opposite. Not
sure if this is still the case though.
Peter
--On 03 April 2003 07:50 +
Done some more digging here and found the following:
1. Incoming access-list
2. NAT
3. Outgoing access-list
4. CBAC
-Original Message-
From: Andrew Larkins [mailto:[EMAIL PROTECTED]
Sent: 03 April 2003 10:34
To: [EMAIL PROTECTED]
Subject: Order of packet processing on an interface - NAT
Looks like a bad flash card..try another flash card..
if it wont erase correctly, I dont think it will copy the file and
be usable...
Larry Letterman
Network Engineer
Cisco Systems
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Mamoon Dawood
Many thanx! Friend !
It seems that there is few errata in the book :))
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=66741&t=8
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report mis
You should be able to use your normal pool and overload command,
eg ip nat inside source list 1 pool POOL overload,
You pool, for eg is 192.168.0.60->10.168.0.99, then the first 39 IP's would
be used for NAT, and the last will be use for PAT
=?iso-8859-1?q?ciscoGo2002?= wrote:
>
> Hello friend
Dear All,
While tring to download an IOS to the new (Clear) flash of a 3662 router
using the xmodem method, and after finishing the download and reload, we
got the following message,
device does not contain a valid magic number
boot: cannot open "flash:"
boot: cannot determine first file name on
A computer is to be purchased for an Internet Service Provider (ISP) that is
to be used as one of the server at the network backbone. What may be the
role of this server for the ISP?
Can this server be put for other server related applications?
What will be configuration of this server giving rea
HI all,
I remember seeing something on CCO yesterday while searching for something
else, but for the life of me I can't find it again. I need a refresher!
Does anyone know the order that packets are processed on an interface.
Basically, with respect to outgoing traffic from an interface, does i
I noticed the same thing. From my understanding it works great but the
problem comes in when the second link is connected. Once that is done, only
then do the problems start. Something to do with the capabilities on the WIC
itself.
Regards
Andrew
CCNP, CCDP, CSS1
-Original Message-
From:
Hello friends,
Thankyou for your answeres, but I have more doubts:
Config:
ip nat inside source list 1 pool POOL overload
If have understood your answers, the router start
doing PAT with the first IP address and doesn't takes
the next avalaible public IP address until PAT is
exhauste
John,
This is from one my 6509's with an MSFC router module, which is
similar to your 4006...we do use the trunk allow to put our trunks
in the native vlan and the vlans for data/voice...we also use portfast
bpdu-guard on the access ports in the floor switches..it stops the potential
of loops in t
We have a Cisco 1750 router with a WIC2A/S card installed..According to
Cisco's documentation, the WIC card supports speeds upto 128kbps. But i have
seen the serial port working at speeds of 250kbps.How??? Is Cisco's
documentation wrong or am i missing something??
Thanks and Regards
Simon K.
86 matches
Mail list logo