Globalconfig.net

Your probably thinking..yeah right! Actually, I have met a few people that have. How did they do it? I think it was a combination of a lot of reading, a strong background in networking and the class I’m teaching this week. That class, the “CCNP2″ training from Ascolta is a bear, but I’ve actually had people do it.

But why am I making a big deal of this? First, understand that the CCNP2 training covers bot the ISCW as well as ONT content. Then take a look at the topics as defined by Cisco and then I think you’ll understand.

First ISCW:

Implement basic teleworker services

Describe Cable (HFC) technologies.
Describe xDSL technologies.
Configure ADSL (i.e., PPPoE or PPPoA).
Verify basic teleworker configurations.

Implement Frame-Mode MPLS

Describe the components and operation of Frame-Mode MPLS (e.g., packet-based MPLS VPNs).
Configure and verify Frame-Mode MPLS.

Implement a site-to-site IPSec VPN

Describe the components and operations of IPSec VPNs and GRE Tunnels.
Configure a site-to-site IPSec VPN/GRE Tunnel with SDM (i.e., preshared key).
Verify IPSec/GRE Tunnel configurations (i.e., IOS CLI configurations).
Describe, configure, and verify VPN backup interfaces.
Describe and configure Cisco Easy VPN solutions using SDM.

Describe network security strategies

Describe and mitigate common network attacks (i.e., Reconnaissance, Access, and Denial of Service).
Describe and mitigate Worm, Virus, and Trojan Horse attacks.
Describe and mitigate application-layer attacks (e.g., management protocols).

Implement Cisco Device Hardening

Describe, Configure, and verify AutoSecure/One-Step Lockdown implementations (i.e., CLI and SDM).
Describe, configure, and verify AAA for Cisco Routers.
Describe and configure threat and attack mitigation using ACLs.
Describe and configure IOS secure management features (e.g., SSH, SNMP, SYSLOG, NTP, Role-Based CLI, etc.)

Implement Cisco IOS firewall

Describe the functions and operations of Cisco IOS Firewall (e.g., Stateful Firewall, CBAC, etc.).
Configure Cisco IOS Firewall with SDM.
Verify Cisco IOS Firewall configurations (i.e., IOS CLI configurations, SDM Monitor).

Describe and configure Cisco IOS IPS

Describe the functions and operations of IDS and IPS systems (e.g., IDS/IPS signatures, IPS Alarms, etc.)
Configure Cisco IOS IPS using SDM

Then ONT:

Describe Cisco VoIP implementations

Describe the functions and operations of a VoIP network (e.g., packetization, bandwidth considerations, CAC, etc.).
Describe and identify basic voice components in an enterprise network (e.g. Gatekeepers, Gateways, etc.)

Describe QoS considerations

Explain the necessity of QoS in converged networks (e.g., bandwidth, delay, loss, etc.).
Describe strategies for QoS implementations (e.g. QoS Policy, QoS Models, etc.).

Describe DiffServ QoS implementations

Describe classification and marking (e.g., CoS, ToS, IP Precedence, DSCP, etc.).
Describe and configure NBAR for classification.
Explain congestion management and avoidance mechanisms (e.g., FIFO, PQ, WRR, WRED, etc.).
Describe traffic policing and traffic shaping (i.e., traffic conditioners).
Describe Control Plane Policing.
Describe WAN link efficiency mechanisms (e.g., Payload/Header Compression, MLP with interleaving, etc.).
Describe and configure QoS Pre-Classify.

Implement AutoQoS

Explain the functions and operations of AutoQoS.
Describe the SDM QoS Wizard.
Configure, verify, and torubleshoot AutoQoS implementations (i.e., MQC).

Implement WLAN security and management

Describe and Configure wireless security on Cisco Clients and APs (e.g., SSID, WEP, LEAP, etc.).
Describe basic wireless management (e.g., WLSE and WCS). Configure and verify basic WCS configuration (i.e., login, add/review controller/AP status, security, and import/review maps).
Describe and configure WLAN QoS.

Looks pretty rough right? Well, it is. But thats ok. When I teach this class in a week I obviously dont cover every detail of each topic but its a great way to wet your whistle. Especially if you like drinking from a firehose!!! Anyhow, you can find the CCNP2 course information on the Ascolta web site.

As you can tell, I am in for a busy week!

I know most of you have heard already, but if not, I passed the CCIE Security exam in RTP on March 13th, 2009. I wanted to take a moment to recap my journey.

I have been a Cisco Instructor for 8 years now. I have been teaching the CCSP track since it’s inception, and taught various courses of the CSS-1 prior to that. Although I was a CCSP, I didn’t take the CCIE Security Written exam until March 21, 2007. I passed with an 85 on my first attempt. I used the CCBootcamp written exam guide to prepare for that, along with my existing knowledge as a CCSP/Instructor.

Studying for the lab is a whole new ball game. It’s weird because there is a total difference between knowing the book material that Cisco tests you on for the Professional level certifications, and being able to teach it, and knowing the material that is on the CCIE lab exam and being able to implement it. Don’t get me wrong, I knew the material, and the concept of why things were happening were easy to me. What was difficult is putting it all together. When you teach an ASA class, IPS class, or any other security class for that matter, it doesn’t cover how all these things work together. Thats where the CCIE will get you!

Anyhow, I know people are wondering what material I used in preparing for the lab exam. I made a video to show you, mainly because I think the spread of material is impressive. Please do not get mad at me for killing a tree. In the future I’ll use PDFs. Also, forgive me for the quality of the video. I am to cheap to buy an HD camera. I made the video at 6-am so don’t expect much.

So, assuming you watched that video and know what I used to prepare, I’ll give you the run down of the lab.

First time was in San Jose. I was overwhelmed. I had a decent understanding but no strategy. I ran out of time and had maybe 50 points.

Second time was in San Jose as well. It went better than the first but still there were some grey areas for me and even though I took the InternetworkExpert Online Bootcamp and used Brian’s strategy I still was missing something.

The Third, and Final attempt was in RTP, North Carolina. There is no particular reason I switch to RTP. It’s not closer to me by any means. I live in Seattle. But I wanted something fresh. I stayed at the Wingate hotel which was great. The bed was comfortable and the rate was fair. I flew in the night before the exam. I arrived at the hotel at 9pm, took half of a sleeping pill (Melatonin) and crashed. I woke up refreshed and ready to go.

The hotel had a continental breakfast and I didn’t eat much but forced myself to eat a little. I stopped at Starbucks on the way, and headed over to the Cisco office. Now when you get there you should know that the building will remain dark until right around 7am. There is nobody there to meet you in the lobby. Someone from Cisco was taking the lab as well and they let me in the lobby using their badge. At about 7:10 the proctor came out. He was very nice and much more chatty than Tom (nice guy) in San Jose.

We were led back to the room and from there its your standard lab exam stuff. We broke at about 11 for lunch. I say about 11 because they cater in lunch and there wasn’t a set time. You still only get 30 minutes for lunch. I ate a bit and tried to work out some issues in my head.

I finished about 45 minutes early but left 15 minutes before the Proctor called it a day. That includes my clean up and so on. I didn’t use the last 45 minutes to do any extra verifications because I didn’t want to break anything. Then I went to dinner at the Angus Barn. I had Alaskan King Crab Claws, a 24oz New York Strip and an Oatmeal Stout. Pass or fail I was going to enjoy that meal.

The wait was excruciating. I didn’t get my results until about 8:30 on Sunday night, so if you are planning on taking the lab on Friday you should be aware of that.

Now that its over I am enjoying the fact that I don’t have a deadline staring me in the face, but I still love the technology and want to learn more. I think the next track that I am going to pursue is the CCIE voice, but I have the CCVP in between that I have to get up to Instructor level on. I already have the IPexpert CCIE Voice BLS and plan on renting from Proctor Labs.

The big kicker for me was the bootcamp at ipexpert and the labs i did after that. Without the information I gained from IPexperts Jared Scrivener I dont think I would have passed. Im not going to give away all of his tricks because thats what he gets paid to do. But Seriously, Jared- You are the man!.

Also I can’t say enough about the support that I received from Ted Wagner at Ascolta. He really stood behind me even though there were other things he probably wanted me working on.

Wayne Lawson at IPexpert was another key player in my success along with Matt Brooks, Neil Apolzan, and Drew LaPla.

I can’t forget to mention Mike Down. Before Mike started pinging me online I only owned the IPexpert Volume 4.1 and the Proctor Guide, and I wasn’t really looking at using IPexpert.

One last person I have to mention is my wife. She was patient with me even though the family would take a hit from time to time while I was studying. The CCIE is not easy on a family but the accomplishment and the job security afterwards was the payoff I was looking for. I think I got it. Time will tell. At least I have her if the other stuff doesn’t pan out.

Thats about it for this rant. I’m going to keep blogging about topics that come up in my classes as well as through the contact form. When I start to study for the Voice IE I’ll try to blog it all here as well. In the mean time I am going to spend some time posting on Network World for the CCNA Wireless candidates and catching up on my sleep/socializing/theocratic activities/yard work/home improvement projects/reading/DVR/family videos/familiy photos/email/projects at work/fitness/weight loss/rss feeds/staring into space/day dreaming/playing darts with tyrel/texting my daughter/emailing my mom/calling my grandma/netflix/and enjoying whatever comes my way.

I’ve come to the conclusion that if ANYTHING gets me in the lab on Friday its going to be VPN. With so many options and piling one solution on top of another (e.g. EasyVPN plus DMVPN on the same interface) I am totally screwed. I cruised thru lab 18 all morning. had about 41 points at lunch and since then have only managed to accumulate 6 points. NHRP isnt even registering. R2 is the NHS but gives me a lovely message when you bounce the tunnel interface that there are no NHSs:

R2#debug nhrp
NHRP protocol debugging is on
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int t256
R2(config-if)#shut
R2(config-if)#
*Mar 10 22:53:31.291: NHRP: if_down: Tunnel256 proto IPv4
*Mar 10 22:53:31.291: NHRP: if_down: Tunnel256 proto IPv4
R2(config-if)#
*Mar 10 22:53:31.295: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
R2(config-if)#no s
*Mar 10 22:53:33.291: %LINK-5-CHANGED: Interface Tunnel256, changed state to administratively down
*Mar 10 22:53:34.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel256, changed state to down
R2(config-if)#no shut
R2(config-if)#
*Mar 10 22:53:36.331: NHRP: if_up: Tunnel256 proto 0
*Mar 10 22:53:37.331: NHRP: Unable to send Registration - no NHSes configured
R2(config-if)#
*Mar 10 22:53:38.331: %LINK-3-UPDOWN: Interface Tunnel256, changed state to up
*Mar 10 22:53:38.331: NHRP: if_up: Tunnel256 proto 0
*Mar 10 22:53:38.331: NHRP: Unable to send Registration - no NHSes configured
R2(config-if)#
*Mar 10 22:53:38.331: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
*Mar 10 22:53:39.331: NHRP: Unable to send Registration - no NHSes configured
*Mar 10 22:53:39.331: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel256, changed state to up
R2(config-if)#

I still have sections 9 – 12 but I am so frustrated right now that I have to go clear my head. Maybe I need to watch the DVDonDemand section on VPNs again. I thought I had them down pretty good. I must be missing something. Well enough of my ranting. Time to move on.

Status Update: Yesterday the IPexpert CCIE Security 1-Week Lab Experience Exam Four Kicked my butt. I think I accomplished about 59 points on my own and then after checking realized that I would have missed 8 points on stupid stuff that I missed.

Today I am moving on to the IPexpert Workbook (version 4.1) Section 18 lab. I guess we’ll see how this one goes. I’ve never done this one before.

Here goes nothing….

Today I am starting an 8 hour Mock Lab. I’ll be working on IPexpert CCIE Security 1-Week Lab Experience – Exam Four. I left my phone in another room. I’ve turned off all notifiers. I’ve brought in a 5-hour energy shot for later, a cup of coffee, and I have a lab book sitting in front of me that I have never looked at. I have 3 sheets of white paper, a hand full of pencils that I don’t normally use, and ear plugs. This week I will not be updating my blog on Network World, Facebook account, or Twitter account, aside from the notification of my posts here which I will do before I start each day. I can’t even come close to explaining how I feel right now. My nerves are kicking in and I just want this to be over with.

Time to dive in.

Boy was that one fun. I am feeling better when it comes to VPN and my methodology of progressing through the lab. I still am concerned that some random VPN configuration is going to sneak up on me but at this point, all I can do is hope for the best. I have 6 days left until my lab. I have to travel today so I will not be able to get back on the labs until tomorrow morning.

I am now at the point where the lab is making me nervous. Still I want to get this thing out of the way so I can move on to some other projects that I have been itching to do. I guess we’ll see how it goes. Tomorrow I start IPexpert CCIE Security 1-Week Experience Lab 4. I’m hoping to knock it out in 8 hours.

Some time back I purchased a 1st generation Amazon Kindle. I really liked it. While I owned it I bought 5 Cisco Press books, including Network Security Principles and Practices. There was some talk about Internetwork Expert releasing their workbooks for the kindle, and I actually had some email correspondence where I was told I could be a beta tester. Well that never happened, and although IE announced that the kindle version was coming soon I think they kinda just dropped the thought and changed directions. It probably had something to do with how difficult Amazon makes it to add items to their store.

At any rate, I sold my kindle in leu of an iphone. I love what the iphone can do, and have the “safari bookbag” from ciscopress on there so I can read my safari books. Well, yesterday I received the icing for my cake, that is, the Kindle App for the iphone. The App is free and once installed it allowed me to sync up all the books I purchased when I owned the kindle. It is really easy to read, and remembered what page I was on in all my books. Amazon also has what they call “whispersync” that will sync the iphone app to the kindle if you have both.

Now if IPexpert were to put their workbooks on a kindle, or better yet on an iphone, I would have it all! I’d rather carry the phone or a kindle with me when I travel versus a ton of workbooks! I say IPexpert because I have decided that I like their style and they are pretty much my vendor of choice now. Sorry IE, but I still think highly of you.

Well I MUST get back to my labs. Time is closing in on me….