Globalconfig.net

Well I just wrapped up my section 19 lab.  Wow.  It was tough.   Even though it was tough I can’t help but feel satisfied.  You see I am taking a new approach to studying.  Here is what I do:

1. Read the entire Mock lab
2. Read the entire Mock lab and take notes for each task of either what I would type or what I would need to do to make this work.  This includes notes like “This should be done AFTER task XXX.”
3. Work on the lab starting where it is logical to start.

I did that with this lab.  I have 3 1/2 pages front and back of notes.  When I am done I crack open the Solution in the Proctor Guide and start checking my work.  I’m doing pretty good, with the exception of some really dumb mistakes and a few “Thats New!” topics that I come across.

Here are some things I learned in this lab:

• Sometimes an ACS Server just needs reimaged.  I will not spend too much time on it in the actual lab.
• There is a really weird “established” command on that ASA that does what you would expect the MPF and FTP inspection to do, but for some reason they wanted this particular command in this particular lab.  I used it to allow IDENT in ftp to come back into through the firewall.
• Another command that is interesting in its implimentation is “scheduler allocate.” This command allocates time in microseconds to spend on fast switching within any one network interrupt context and guarantees the minimum number of microseconds to spend at the process level when network interrupts are disabled.  The task I had required allocating 2.5% of CPU time for OSPF and other processes.  The solution shows scheduler allocate 39000 1000. The way you figure this is that 1000 is 2.5% of 40,000.  The number you use just has to keep the ratio.
  

• I forgot that config commands are not authorized unless you add the command aaa authorization config-commands
• There is a VPN3k “on-a-stick” that doesn’t seem practical but is an intersting configuration.
  
• Using the DocCD to find IDS/IPS log identification numbers are useful when the task just says to disable things like “Bomb” Attacks.

I’m sure there were a few more things but that is all I remember.  I didnt even try to do this in 8 hours.  Instead I booked rack time 24/7 and just worked on it when I was able to.  I found it easier to focus.  If I went away to watch TV for a bit I would feel guilty and head back to the labs.  If my wife needed help with the kids I didn’t feel guilty walking away for 2 or 3 hours.  I knew the configs would be just fine until I got back.

Now that I have finished that one I’m going to do the 1-Week Lab Experience -Exam One, which is part of the “Last Mile” deal right now.  Use the coupon code from my previous post on the program to get $50 bucks off.

Happy Labbing!

If you are like me, you could spend a lot of time taking classes.  I really enjoy them.  It’s not because I am an instructor but because the knowledge transfer in a training class is like no other.  The problem is, I have to work.  No doubt you have to work as well.  If that’s the case you have to find alternative methods of getting that knowledge transfer.

The good news is that I have found that solution.  If you imagine what you would get from a training class you would end up with the following:

• An instructor to guide you through slide presentations
• An opportunity to stop and ask questions as they pop into your head.
• A manual with exercises to help practice what you have learned

As the new IPexpert offering was made available it made me think about how to get all of the above without leaving work.  Here is what I recommend.

For the first point you can grab the CCIE Security Lab Video-on-Demand

(This is now part of the Blended Learning Solution.)

This will provide the instructor that guides you through the technologies.  The real benefit here is that you can pause, rewind, and replay.

For the second point, being able to ask questions, there is the Online Study List.

There are also a few benefits here:

1. It’s email based so all you have to do is shoot an email off to the list with your question
2. Multiple Instructors, former Students  that have passed the exam, and many of your peers that are currently working on the exam have the opportunity to respond.
3. You will usually get multiple replies within minutes.

Now for the third point, a manual of exercises…This is what my post is all about.  There are a ton of products out there that provide exercises you can go through.  Well IPexpert has just release another weeks worth of content that you have probably never seen before.  I’m talking about the CCIE Security 5-day Mock Lab Experience Class material.  This is for the version 2.0 blueprint so if you are like me, and trying to cram it in before a date that is sneaking up on you, this will help!

The new offering is called the CCIE Security CURRENT BLUEPRINT v2.0 “Last Mile” Prep Kit.

Take a minute to check it out.  It’s $450 bucks.  Now if that isn’t a sweet deal, let me sugar coat it: You also get 60 hours of rack time.

And don’t let me forget the sprinkles on top…..use this exclusive code when you checkout and get $50 bucks off!

coupon code: "GC_SEC"

Last but not least, I am not getting paid for this and I do not work for IPexpert.  I am posting this because $50 bucks off a product is a great deal, and I don’t mind throwing up a little word-of-mouth advertising for a company that I use and trust.  I am going through the first of the labs and will be blogging about the technologies, solutions, stumbling blocks and so on as I work on them.  My lab is March 16th.

If you haven’t seen it yet, check out http://www.pearsonvue.com/cisco/specialize/.

Also, you can get 500 bucks of an IPexpert Online vClass by using the coupon code “GLOBALCONFIG.”

Don’t miss out! Visit http://www.ipexpert.net for more information.

For over a year I have been blogging about the CCIE Security.  I’ve made mention about getting another one after I finish this one.  That’s my game plan.  I am planning on Voice, followed by Wireless.  What about you?  Are you going to chase another?

[poll id="8"]

Have you ever searched through Cisco Documentation looking for port numbers so that you could write an access-list?  Well if you are studying for the CCIE you probably have, especially since our good friend Google is not allowed within the confines of the lab exam.  In the past I have followed the advice of Brian McGahan at Internetwork Expert and used the “Reference” Section of the Cisco ASA User Guide.  It has always proven to be useful but sometimes lacking.

Well here is another tip to add to your arsenal, brought to you by “deadhead blues” on the CCIE TO BE blog:

Finding out port numbers with NBAR show commands

I had a filtering task that said to allow H323 Traffic to a specific vlan. Well…what ports does H323 use? I could not find it on the DocCD but I remembered a show command that will let us know:

R1#sho ip nbar port-map h323 
port-map h323       udp 1300 1718 1719 1720 11720 
port-map h323       tcp 1300 1718 1719 1720 11000 - 11999 

Sweet!

If you haven’t had a chance to check out the blog I would recommend it.  It’s one of my regular reads!   I hope you find this useful as I did.  Now I have to get back to the IPexpert CCIE Security Section 19 lab that I have been working on in bits-and-peices over the week.  Happy Studies!

So a week ago I went to the IPexpert CCIE Security 5-day bootcamp in Columbus, Oh. My review can be found here.

Around the same time my blog was chosen as the Featured CCIE>Blog_ of the Month.

What an honor!  What makes it even better is that as the featured blog I have an oportunity to offer an exclusive offer to my readers.  So what may the offer be?  Well here it is:

By using the coupon code “GLOBALCONFIG” found only on this blog, you can get $500 off any of the new Live Online CCIE “vClass” Boot Camps.

Do you know how much rack time you can get with 500 bucks?  Anyhow, here are the details directly from IPexpert. The second option is very unique so pay extra attention to it.

In response to frequent requests, we are pleased to introduce three different “flavors” of live, online instructor-led courses.

Option 1: CCIE 5-Day Instructor-Led Boot Camp vClass

Attend our 5-Day vClass Boot Camp online and learn from the renowned IPexpert instructors. Benefit from 4-6 hours per day of focused lectures covering the various CCIE blueprint topics. Lecture topics are then reinforced by focused lab scenarios through the week, concluding with a full-day “Mock Lab” exam.

Click your track for more information, schedule of courses and registration:

• CCIE Routing & Switching (includes graded labs with detailed reports)
• CCIE Security
• CCIE Service Provider

Option 2: CCIE 5-Day Technology-Focused Lecture vClass

Interested in learning about the protocols and technologies? Attend this live, online 5-Day vClass where IPexpert’s industry-recognized instructors discuss the lab exam blueprint topics in depth. Lectures also cover test-taking strategies and time management, helping ensure your success in the real lab.

Hands-on labs are not part of this offering, which makes the commitment just 4 to 6 hours per day… easy to fit into your schedule!

Click your track for more information, schedule of courses and registration:

• CCIE Routing & Switching (includes graded labs with detailed reports)
• CCIE Security
• CCIE Service Provider
• CCIE Voice

Option 3: CCIE 1-Week Lab Experience vClass

Tackle challenging full-day mock labs Monday through Thursday. Practice time-management, learn test-taking strategies and expose your weaknesses. Friday is reserved for review and group discussions.

Click your track for more information, schedule of courses and registration:

• CCIE Routing & Switching (includes graded labs with detailed reports)
• CCIE Security
• CCIE Voice

According to learning@cisco the updated version of the CCIE Security Lab Exam will be made available April 20, 2009.

As previously announced, Cisco has refreshed the exam with the latest Cisco equipment and software to mirror the job knowledge and skills needed by security professionals.

In other words, they updated it to meet current vode versions and hardware that you probably are using in production.

Also a continued emphasis has been placed on troubleshooting to recognize the operating challenges faced by IT departments.

So what does that mean for you? Well if you are a candidate scheduling your lab after April 20, 2009 you should prepare using the CCIE Lab Exam v3.0 Overview, the CCIE Security Lab Exam Blueprint and the CCIE Security Lab Exam v3.0 Equipment and Software Overview. Each of these can be located at http://www.cisco.com/go/ccie. However, if you are a candidates testing prior to mid- April 20, 2009 should continue using the v2.0 blueprint

I just started using iTerm for Mac Os X instead of Terminal.  The reason is mainly because I like the way the you can create a bookmark.  I use this to make my rack time more efficient, however it will also work nicely for common connections I use at work. 

Here is what I did:

First I created an expect script for each device in the pod I wanted to log into.  This lets me save the username and password so I dont have to keep typing it.  Once created, store them in a directory on your drive. Here is what they look like:

#!/usr/bin/expect --

spawn telnet Your-Terminal-Server-IP-or-Name Line-Number-Goes-Here

expect 	"Username"
send "YourUsername\r"
expect	"Password"
send "YourPassword\r"
expect	"are"
send "\r"
interact;

Next open ITerm.

Select “Bookmarks”

Select “Manage Bookmarks”

Select the “+” button.

Enter the name for the bookmark and drag the expect script that auto-logs you into the lab equipment and drop it into the command field.

Then Click ok.

You can now choose Command-B to view your bookmarks.  Double click the bookmark and you are in business.

Well as began typing this I was sitting in the Columbus, Ohio Airport.  I was feeling a little brain dead after this week but not enough that I don’t have all the details of my class in mind.  This was actually a last minute class.  I was scheduled for sometime in March, the same week as my lab, but since the new lab blueprint is out this week was the last class that was being taught on the current version 2.0 blueprint.  Fortunately I did not have a class to teach this week and my company, Ascolta Training was kind enough to allow me to attend.

I know you don’t want to hear the boring details of my travel out to Columbus from Seattle, but I will throw this in; I arrived in Columbus at midnight on Sunday night.  Class started at nine in the morning.  Needless to say, I was pretty tired.  Still I was pumped with excitement (and coffee of course) as I waited outside the classroom door with two or three other students.  When the Instructor arrived, Jared Scrivener,  he greeted us kindly and welcomed us in.

The Office

The Columbus office has two classrooms and a break room.  The break room was stocked with a full assortment of beverages that we could help ourselves to.  The first classroom is filled with Cisco IP phones and the other room was 8 empty desks, nice leather chairs (a huge plus since your butt is in it from 9-am or earlier until as late as 10-pm), and was simple and clean.  Each desk had an Ethernet cable, no computers since you bring your own, and a white board and projector.  It’s pretty much the standard for a training room.

The Material and Lunch

The only part of the week that wasn’t flawless was the arrival of our training material and lunch on the fist day.  Since it was just after a holiday week nobody really cared.  Besides that, we had lecture all day.  We took notes, and day one was off.  Jared treated us to lunch on Monday since it didn’t show up.  The rest of the week they brought lunch in so we only took about 20 to 30 minutes for eating then we were back to lecture on Monday, Tuesday, and Wednesday.

The Schedule

Monday, Tuesday, and Wednesday consisted of Lecture until about five in the evening and labs until late.  When I say late I mean that I was working on them at midnight from my hotel room.  This was mostly because I decided to leave the office at 7:30 to workout and eat.  It was intense.  You have to go to this class expecting to put a lot of time and effort into it.  Don’t show up thinking you are gonna see some sights and hit the bars at night.  Some others in the class told me they were there until ten at night before leaving.

The Training

The lecture, Monday through Wednesday, covers a TON of material.  If you are coming to this class you better be ready for it.  Another thing to note is that not all topics can be explained.  YOU HAVE TO DO SOME RESEARCH.  I think the real benefit is the first half of the first day, where you learn priceless test taking strategies.  I’d love to spill the beans on the strategy we were taught but I’ve chosen not to.  This is their business and in support of that…you’re going to have to take the class to get all the details.

Anyhow, Thursday and Friday consisted of full scale mock labs.  I completed the lab on Thursday with a few mistakes but enough points to pass the lab.  (The Mock Lab that is)    On Friday I only did about half of the lab since I was flying out and was kinda brain dead.  I think my last count was at about 46 points.  The Friday lab was a little more difficult than the Thursday lab and the lab that is worked on Monday thru Wednesday, but nothing too difficult that I couldn’t do it.

I can’t speak for IPexpert but keep in mind that this was based on the current 2.0 blueprint so if you sign up for this class the material will be different, based now on the 3.0 blueprint.  Most likely the class will run in the same manner.  Still, if you are concerned, ask them.

The Instructor

Also, before I wrap up I wanted to take a minute to speak a little more about my instructor, Jared Scrivener.  Come on people, 3 CCIEs in such a short amount of time?  This guy knows his stuff.  From VPN to CBAC, AAA to smoking a pack of cigarettes a day….oh wait, Jared you quit right? *

My Overall Feelings

If I had an opportunity I would take a class from IPexpert again.  Over the last few months I have had an opportunity to deal with a number of folks there, Wayne, Matt, Neil, Drew, and Jared specifically.  Their customer service is top notch.  You know its not often that you come across a company that really, i mean “really,” cares about their students.  How many companies have a President and CEOs that interacts directly with the customer on a daily basis, and how many companies offer the wide variety of delivery options that IPexpert does?  Not many.  I’ve noticed that some claim to but wind  up neglecting one or more tracks while focusing on the track that brings them in the most money.  The IPexpert product line is complete.

Now, one more thing.  Am I getting paid to write this?  Nope.  Not a dime.  However, any compensation can be deposited into account number 123DDGSGG6123…..  Just Kidding!  It’s a pleasure to write a review like this.  It sure beats sitting here in the airport , or at home after being ticked off and writing an angry review.

Well thats it.  I have rack time scheduled 24/7 thru mid February and plan on snagging up some more to get my all the way to my lab date.  I have a newfound confidence and I want to keep up this high.  If you are planning on taking CCIE training go check them out on their website at  http://www.ipexpert.com

Thanks IPexpert!  I had a great week.

*Jared told us on Monday that he was quitting and that we should give him a hard time every time he went to smoke.  We did.  All week long. 

You probably know this already but believe it or not…my wife showed me this morning how to take screen shots with the iphone.  Siimple press the home and power button at the same time.  The screen will flash and you are good to go…