Globalconfig.net

15 days left till my lab and I’m coming up for air.

I played around last night and made some changes to the blog.  If you haven’t seen them here they are:

1. Added the Subscribe Page to help inform people on how to follow this blog.
2. Added the Contact Page.  If you want to get in touch please reach out to me.  I am always willing to take suggestions.
3. Added the About Page.  Proof that I am a real person!
4. Changed the Blogs Banner.  I think it looks pretty good.

I still need to get the banner on the right aligned to the left but that’s minor.  After I pass the lab I’ll work on the little details.

When I left my office last night I had made good enough progress in volume 1 of Internetwork Experts CCIE Security workbook. I really wanted to dig into VPN. Instead I build the default configurations for a few of the labs and saved them so I don’t have to build them every time and I edited this blog a little. I hope you like the new contact page, subscribe page, and about page. They kept me up until 12:30am.

Now on to VPN. The clock is ticking and there are only 15 days left until my lab!

Yes- I’m now sweating a little bit.  16 days….I’m so gonna bomb! 
There is so much that I still feel like I need to learn or even
re-learn.

So far this week I have gone over:

• Rip authentication
• OSPF authentication
• Redistribution, Summarization, and Route Filtering
• ACLs
• Object Groups
• Managing ICMP
• NAT/PAT both static and dynamic
• SSH, Telnet, and HTTP access
• DNS Doctoring
• Advanced Firewall Topics such as contexts, failover, arp inspection and transparent firewalls.
• DHCP Server Config
• Multicast with ASA/PIX
• MPF and advanced Inspecition

Now its on to VPN.  The scary part is that the VPN section is from page 153 to 669.  Ugh!
On another note the material that I am working on this week comes from Internetwork Expert.  This Volume 1 is a beast of a book and is packed with a ton of mini-labs.  I am really enjoying it!

Yes- I’m now sweating a little bit.  16 days….I’m so gonna bomb!  There is so much that I still feel like I need to learn or even re-learn.

So far this week I have gone over:

• Rip authentication
• OSPF authentication
• Redistribution, Summarization, and Route Filtering
• ACLs
• Object Groups
• Managing ICMP
• NAT/PAT both static and dynamic
• SSH, Telnet, and HTTP access
• DNS Doctoring
• Advanced Firewall Topics such as contexts, failover, arp inspection and transparent firewalls.
• DHCP Server Config
• Multicast with ASA/PIX
• MPF and advanced Inspecition

Now its on to VPN.  The scary part is that the VPN section is from page 153 to 669.  Ugh!
On another note the material that I am working on this week comes from Internetwork Expert.  This Volume 1 is a beast of a book and is packed with a ton of mini-labs.  I am really enjoying it!

I had to blog this out mostly because its one of those things that I have done before but said to myself, “Huh?” when I came across it again.

So here is the short form:

I want to policy Static PAT so that when 10.2.2.2 telnets to the interface of the ASA it is redirected to 10.1.1.2.

You begin with the access-list:

access-list TELNET permit tcp host 10.1.1.2 eq 23 host 10.2.2.2

Initially thats what gets my mind spinning becuase its not the access-list to permit the traffic its the access-list to define the mapping for the static.  Here is the rest.

Define the static and tie it to the ACL:

static (i,o) tcp interface 23 access-list TELNET

Allow telnet in:

access-list OUTSIDE_IN permit tcp any any eq 23

access-group OUTSIDE_IN in int outside

That does it.  Strange huh?  Oh well! It works.

For those of you that have followed this blog for CCIE prep be sure to subscribe to ccieprep.me or cciestudy.brandonjcarroll.com. 

Only 18 days left till my lab.

Also, if you are linking here for CCIE study you may want to update the like to ccieprep.me or cciestudy.brandonjcarroll.com.  Once the lab is passed tips will be back here but for the final run you’ll find it all there. (here too, a little bit)

If you have no idea what I’m talking about read this post!

Thanks for your support!

Brandon

Only 18 days till my lab.  If any of you have suggestions please let me know.  Whatever optimizes my study time and gets me though the lab I am willing to adjust for!

Here is my current plan:

(7/28-8/1)

• Totally go back through the InternetworkExpert Volume 1 this week. Every Lab- making sure I haven’t missed anything.

(8/2)

• 8-hour Lab Experience- InternetworkExpert Volume II lab guide.  Probably lab 1.

(8/3-8/9)

• Begin a week in IPexpert Racks.  I’m going to try to plow straight through the workbook starting on page 1.

(8-10-8/14)

• Back to a week of Internetwork Expert Racks.  I’m taking the week off and starting the 5-day bootcamp CoD at 7am.  Going to go through it just as if I were in the class again.  (of course I have a little travel in here that I didn’t mention.)

(8-15)

• My CCIE Security Exam in San Jose, Ca.

It’s 19 days before my lab and I am not even close to being ready.  I don’t really have a studny plan for the short term.  I guess I should consider what I need to really work on over the next few days.  I have changed the way I schedule rack time.  Starting tomorrow (Monday) I have booked the labs for all sessions so that I can get on the lab whenever I want and I dont have to worry about losing my configs.  Anyone have suggestions for the last few weeks prior to the exam?  Please leave a comment and let me know.  Your recommendations are welcomed!

Now back to my studies.

For the CCNA Exam the Routing Information Protocol (RIP) is still covered.  Your knowledge of this protocol is not going to need to be extremely extensive but you will need to know some of the highlights. 

• RIP is a Distance Vector routing protocol
• RIPs Administrative Distance is 120
• RIP uses hop count to choose the best path.  This is called a metric.  The shortest hop count is preferred. 
• RIP has two versions, Version 1 and Version 2
  • Version 1 is Classfull, meaning it does not advertise a Subnet Mask with the routing update
  • Version 1 Sends the RIP updates to the broadcast address 255.255.255.255
  • Version 1 assumes that all the subnet masks in the network are the same.  This is called Fixed Length Subnet Masking (FLSM)
  • Version 2 is Classless meaning it does send a subnet mask with the update.
  • Version 2 sends the RIP updates to the multicast address 224.0.0.9
  • Version 2 supports Variable Length Subnet Masking

To configure RIP follow these steps:

! Enable the RIP process on the router:

config trouter rip

! Once enabled you need to change it to Version 2 as this is not the default.

version 2

! Also, RIP summarizes routes at the classfull network boundary.  

! It's common to see the following:

no auto-summary

! Next tell RIP what networks it will advertise into the RIP process.  

! You need a statement here for every network you are connected to and 

! that you want other routers in the network to see and be able to get to.

network 10.0.0.0network 192.168.1.0

! Exit the configuration mode:

end

! Verify RIP with the following commands:

Show IP ProtocolsShow IP RouteShow IP Route RIP

Here are a few CCNA resources that include Exam Prep questions.