February 6, 2012

Posts Comments

You are here: Home / 2009 / Archives for March 2009

Can you knock out half of the CCNP in a week?

March 30, 2009 By 4 Comments

Your probably thinking..yeah right! Actually, I have met a few people that have. How did they do it? I think it was a combination of a lot of reading, a strong background in networking and the class I’m teaching this week. That class, the “CCNP2″ training from Ascolta is a bear, but I’ve actually had people do it.

But why am I making a big deal of this? First, understand that the CCNP2 training covers bot the ISCW as well as ONT content. Then take a look at the topics as defined by Cisco and then I think you’ll understand.

First ISCW:

Implement basic teleworker services Describe Cable (HFC) technologies. Describe xDSL technologies. Configure ADSL (i.e., PPPoE or PPPoA). Verify basic teleworker configurations. Implement Frame-Mode MPLS Describe the components and operation of Frame-Mode MPLS (e.g., packet-based MPLS VPNs). Configure and verify Frame-Mode MPLS. Implement a site-to-site IPSec VPN Describe the components and operations of IPSec VPNs and GRE Tunnels. Configure a site-to-site IPSec VPN/GRE Tunnel with SDM (i.e., preshared key). Verify IPSec/GRE Tunnel configurations (i.e., IOS CLI configurations). Describe, configure, and verify VPN backup interfaces. Describe and configure Cisco Easy VPN solutions using SDM. Describe network security strategies Describe and mitigate common network attacks (i.e., Reconnaissance, Access, and Denial of Service). Describe and mitigate Worm, Virus, and Trojan Horse attacks. Describe and mitigate application-layer attacks (e.g., management protocols). Implement Cisco Device Hardening Describe, Configure, and verify AutoSecure/One-Step Lockdown implementations (i.e., CLI and SDM). Describe, configure, and verify AAA for Cisco Routers. Describe and configure threat and attack mitigation using ACLs. Describe and configure IOS secure management features (e.g., SSH, SNMP, SYSLOG, NTP, Role-Based CLI, etc.) Implement Cisco IOS firewall Describe the functions and operations of Cisco IOS Firewall (e.g., Stateful Firewall, CBAC, etc.). Configure Cisco IOS Firewall with SDM. Verify Cisco IOS Firewall configurations (i.e., IOS CLI configurations, SDM Monitor). Describe and configure Cisco IOS IPS Describe the functions and operations of IDS and IPS systems (e.g., IDS/IPS signatures, IPS Alarms, etc.) Configure Cisco IOS IPS using SDM

Then ONT:

Describe Cisco VoIP implementations Describe the functions and operations of a VoIP network (e.g., packetization, bandwidth considerations, CAC, etc.). Describe and identify basic voice components in an enterprise network (e.g. Gatekeepers, Gateways, etc.) Describe QoS considerations Explain the necessity of QoS in converged networks (e.g., bandwidth, delay, loss, etc.). Describe strategies for QoS implementations (e.g. QoS Policy, QoS Models, etc.). Describe DiffServ QoS implementations Describe classification and marking (e.g., CoS, ToS, IP Precedence, DSCP, etc.). Describe and configure NBAR for classification. Explain congestion management and avoidance mechanisms (e.g., FIFO, PQ, WRR, WRED, etc.). Describe traffic policing and traffic shaping (i.e., traffic conditioners). Describe Control Plane Policing. Describe WAN link efficiency mechanisms (e.g., Payload/Header Compression, MLP with interleaving, etc.). Describe and configure QoS Pre-Classify. Implement AutoQoS Explain the functions and operations of AutoQoS. Describe the SDM QoS Wizard. Configure, verify, and torubleshoot AutoQoS implementations (i.e., MQC). Implement WLAN security and management Describe and Configure wireless security on Cisco Clients and APs (e.g., SSID, WEP, LEAP, etc.). Describe basic wireless management (e.g., WLSE and WCS). Configure and verify basic WCS configuration (i.e., login, add/review controller/AP status, security, and import/review maps). Describe and configure WLAN QoS.

Looks pretty rough right? Well, it is. But thats ok. When I teach this class in a week I obviously dont cover every detail of each topic but its a great way to wet your whistle. Especially if you like drinking from a firehose!!! Anyhow, you can find the CCNP2 course information on the Ascolta web site.

As you can tell, I am in for a busy week!

Filed Under: ISCW, ONT Tagged With: , , , , ,

Recap of my journey CCIE Security

March 17, 2009 By 18 Comments

I know most of you have heard already, but if not, I passed the CCIE Security exam in RTP on March 13th, 2009. I wanted to take a moment to recap my journey.

I have been a Cisco Instructor for 8 years now. I have been teaching the CCSP track since it’s inception, and taught various courses of the CSS-1 prior to that. Although I was a CCSP, I didn’t take the CCIE Security Written exam until March 21, 2007. I passed with an 85 on my first attempt. I used the CCBootcamp written exam guide to prepare for that, along with my existing knowledge as a CCSP/Instructor.

Studying for the lab is a whole new ball game. It’s weird because there is a total difference between knowing the book material that Cisco tests you on for the Professional level certifications, and being able to teach it, and knowing the material that is on the CCIE lab exam and being able to implement it. Don’t get me wrong, I knew the material, and the concept of why things were happening were easy to me. What was difficult is putting it all together. When you teach an ASA class, IPS class, or any other security class for that matter, it doesn’t cover how all these things work together. Thats where the CCIE will get you!

Anyhow, I know people are wondering what material I used in preparing for the lab exam. I made a video to show you, mainly because I think the spread of material is impressive. Please do not get mad at me for killing a tree. In the future I’ll use PDFs. Also, forgive me for the quality of the video. I am to cheap to buy an HD camera. I made the video at 6-am so don’t expect much.

So, assuming you watched that video and know what I used to prepare, I’ll give you the run down of the lab.

First time was in San Jose. I was overwhelmed. I had a decent understanding but no strategy. I ran out of time and had maybe 50 points.

Second time was in San Jose as well. It went better than the first but still there were some grey areas for me and even though I took the InternetworkExpert Online Bootcamp and used Brian’s strategy I still was missing something.

The Third, and Final attempt was in RTP, North Carolina. There is no particular reason I switch to RTP. It’s not closer to me by any means. I live in Seattle. But I wanted something fresh. I stayed at the Wingate hotel which was great. The bed was comfortable and the rate was fair. I flew in the night before the exam. I arrived at the hotel at 9pm, took half of a sleeping pill (Melatonin) and crashed. I woke up refreshed and ready to go.

The hotel had a continental breakfast and I didn’t eat much but forced myself to eat a little. I stopped at Starbucks on the way, and headed over to the Cisco office. Now when you get there you should know that the building will remain dark until right around 7am. There is nobody there to meet you in the lobby. Someone from Cisco was taking the lab as well and they let me in the lobby using their badge. At about 7:10 the proctor came out. He was very nice and much more chatty than Tom (nice guy) in San Jose.

We were led back to the room and from there its your standard lab exam stuff. We broke at about 11 for lunch. I say about 11 because they cater in lunch and there wasn’t a set time. You still only get 30 minutes for lunch. I ate a bit and tried to work out some issues in my head.

I finished about 45 minutes early but left 15 minutes before the Proctor called it a day. That includes my clean up and so on. I didn’t use the last 45 minutes to do any extra verifications because I didn’t want to break anything. Then I went to dinner at the Angus Barn. I had Alaskan King Crab Claws, a 24oz New York Strip and an Oatmeal Stout. Pass or fail I was going to enjoy that meal.

The wait was excruciating. I didn’t get my results until about 8:30 on Sunday night, so if you are planning on taking the lab on Friday you should be aware of that.

Now that its over I am enjoying the fact that I don’t have a deadline staring me in the face, but I still love the technology and want to learn more. I think the next track that I am going to pursue is the CCIE voice, but I have the CCVP in between that I have to get up to Instructor level on. I already have the IPexpert CCIE Voice BLS and plan on renting from Proctor Labs.

The big kicker for me was the bootcamp at ipexpert and the labs i did after that. Without the information I gained from IPexperts Jared Scrivener I dont think I would have passed. Im not going to give away all of his tricks because thats what he gets paid to do. But Seriously, Jared- You are the man!.

Also I can’t say enough about the support that I received from Ted Wagner at Ascolta. He really stood behind me even though there were other things he probably wanted me working on.

Wayne Lawson at IPexpert was another key player in my success along with Matt Brooks, Neil Apolzan, and Drew LaPla.

I can’t forget to mention Mike Down. Before Mike started pinging me online I only owned the IPexpert Volume 4.1 and the Proctor Guide, and I wasn’t really looking at using IPexpert.

One last person I have to mention is my wife. She was patient with me even though the family would take a hit from time to time while I was studying. The CCIE is not easy on a family but the accomplishment and the job security afterwards was the payoff I was looking for. I think I got it. Time will tell. At least I have her if the other stuff doesn’t pan out.

Thats about it for this rant. I’m going to keep blogging about topics that come up in my classes as well as through the contact form. When I start to study for the Voice IE I’ll try to blog it all here as well. In the mean time I am going to spend some time posting on Network World for the CCNA Wireless candidates and catching up on my sleep/socializing/theocratic activities/yard work/home improvement projects/reading/DVR/family videos/familiy photos/email/projects at work/fitness/weight loss/rss feeds/staring into space/day dreaming/playing darts with tyrel/texting my daughter/emailing my mom/calling my grandma/netflix/and enjoying whatever comes my way.

Filed Under: CCIE Security, General Information, IE ATC-CoD, IE Information, IE Labs, IPExpert Information, IPExpert Labs, Rants Tagged With: , , , , ,

VPN's can really upset me.

March 10, 2009 By 2 Comments

I’ve come to the conclusion that if ANYTHING gets me in the lab on Friday its going to be VPN. With so many options and piling one solution on top of another (e.g. EasyVPN plus DMVPN on the same interface) I am totally screwed. I cruised thru lab 18 all morning. had about 41 points at lunch and since then have only managed to accumulate 6 points. NHRP isnt even registering. R2 is the NHS but gives me a lovely message when you bounce the tunnel interface that there are no NHSs:

R2#debug nhrp NHRP protocol debugging is on R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#int t256 R2(config-if)#shut R2(config-if)# *Mar 10 22:53:31.291: NHRP: if_down: Tunnel256 proto IPv4 *Mar 10 22:53:31.291: NHRP: if_down: Tunnel256 proto IPv4 R2(config-if)# *Mar 10 22:53:31.295: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF R2(config-if)#no s *Mar 10 22:53:33.291: %LINK-5-CHANGED: Interface Tunnel256, changed state to administratively down *Mar 10 22:53:34.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel256, changed state to down R2(config-if)#no shut R2(config-if)# *Mar 10 22:53:36.331: NHRP: if_up: Tunnel256 proto 0 *Mar 10 22:53:37.331: NHRP: Unable to send Registration - no NHSes configured R2(config-if)# *Mar 10 22:53:38.331: %LINK-3-UPDOWN: Interface Tunnel256, changed state to up *Mar 10 22:53:38.331: NHRP: if_up: Tunnel256 proto 0 *Mar 10 22:53:38.331: NHRP: Unable to send Registration - no NHSes configured R2(config-if)# *Mar 10 22:53:38.331: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON *Mar 10 22:53:39.331: NHRP: Unable to send Registration - no NHSes configured *Mar 10 22:53:39.331: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel256, changed state to up R2(config-if)#

I still have sections 9 – 12 but I am so frustrated right now that I have to go clear my head. Maybe I need to watch the DVDonDemand section on VPNs again. I thought I had them down pretty good. I must be missing something. Well enough of my ranting. Time to move on.

Filed Under: CCIE Security, IPExpert Labs, Rants
« Older Posts