Wednesday, December 23, 2009

Better luck next time...

Well, just got my score report for 4.0 and as expected, I did not pass. In checking my score report, I scored about as well as I thought I did. The layer 3 section showed a lower score and I thought I got most of these points. In other sections, I got more points than I thought I got. Well, here is my run down.

Core Knowledge - this was a piece of cake this time. I still think it's a crapshoot. I just happened to get four pretty easy questions this time. The four questions were broke down like they were before - 3 pretty simple questions, and 1 out there question. I was well prepared for this section.

Troubleshooting - this should have been easy. My time management killed me. First task totally threw me for a loop and I spent about 30 minutes troubleshooting to no avail. I tried to stick to the 10 minute limit per task, but I finally decided to move on. Uh-oh. I can't do task two until task one was fixed. This bucks the assumption that each task is independent. They can, and will, produce an IGP issue that will be necessary to fix a later task. I never did fix that first task and spent way too much time on it. The remaining tasks were really easy but I did not have time to complete them all. This tells me that I need to spend more time troubleshooting and really work on my time management in that section. As others have mentioned, you can expect to see 10 - 12 tasks in this section.

Configuration - not totally different than version three, but you need to know the blueprint inside and out. Surprisingly, there is still troubleshooting in the configuration section. My lab covered some interesting topics. My multicasting section was totally based on IPv6. I took a shot and got 50% of the points. Not too bad, but it should have been a pretty easy 100% had I spent any time labbing multicast for IPv6. They also touched on other things that I haven't labbed like EEM, Netflow, and surprisingly, autoqos? If I had more time to prepare, I could have done much better on this section.

Miscellaneous - the format is different. There is no SecureCRT, and no lab book. After the OEQ, you log out and log back in. From here, you log in to a webpage and start your troubleshooting section (which has a countdown timer). Once that completes, you click 'Start Lab' to begin the configuration section. You have one 24" monitor. For the OEQ, and even the troubleshooting this was not a big deal and I did not have any problems. For the configuration portion, you could definitely benefit from a second monitor. When you are trying to flip back and forth between 9 terminal sessions, several diagrams, and lab instructions - things can get lost pretty quick. I doubt they will add a second monitor any time soon, but just be prepared. One cool thing is the ability to click on the devices on the main lab diagram and have that session opened up for you.

Proctor - Howard Pearse was not the proctor this week. There was another gentleman who I don't believe ever announced his name? Howard was generally friendly, and helpful, while still operating within the confines of a CCIE proctor. This gentleman was generally distant and unfriendly. At one point, my lab instructions disappeared. I couldn't bring up the tasks, the diagrams and subsequently any additional console sessions to my devices. This was not an issue with the lab hardware, but an issue with the lab delivery. At first he said "I don't know what to tell you". Excuse me, but what the f*$k do you mean you don't know what to tell me? This is the equivalent of someone stealing my damn lab book in version 3.0. Several people also had this problem. It took three of us to say something before it was fixed. Once he looked into it, it was promptly fixed. I am not blaming my failing in anyway on the proctor but he always seemed bothered. Had this been fixed when the first person said something, things would have been much smoother.

In closing, I did about as well as I thought I would do. Given more time, I feel confident I would have passed. I am still going to guarantee that I get my CCIE in 2010. This damn journey will be the death of me if I don't. I am going to take some time off for the holidays and get back at this in January. I plan to take a few weeks to get my VCP, and then mix-in some June-OS studying with my CCIE. As far as study materials, I need a troubleshooting workbook. I also need a more complete workbook. I love Narbik's materials but he needs to add a lot of topics to his latest workbook. Items such as OER, EEM, and IPv6 multicast are some pretty glaring holes missing for the 2.0 workbook. I also need to spend some time on mock labs before my next attempt. INE's has finally started to update the dynamips workbook so I am covered there.

Well, it's been an exhausting 24 hours. Thanks to everyone for your support.

_matt

Monday, December 21, 2009

The time is near...

Well, here is sit the day before my lab exam. In a little more than 24 hours, I will have completed my second lab attempt, my first crack at the 4.0 blueprint. I certainly hope to be victorious! I took a little different approach this time around. For my last attempt, I got into RTP early, and just kind of vegged out all day watching TV. This time around, I'm spending some time on INE's OEQ engine, as well as reading some DocCD. The old saying is if you are not ready the day before, than you are not ready. Well, I don't think this is really the case. For me, I am finding it beneficial to read up on the items I am weak on, or things I have no experience with. Items such as IPv6 unicast, fallback bridging and SRR queuing.

Now, I am not over studying, just some light reading to make me feel more comfortable. I also feel this is necessary because I didn't quite have as much time as I would have liked to prepare for this attempt. None the less, I still feel prepared and ready. My nerves are still going this time, just like they were last time. I guess the only difference is, I know that if I do not pass, that it is not the end of the world. I will just pick my self back up, dust my self off, and get right back at it.

I spend the better part of the last three days reading and labbing OER/PfR. Now, I am not going to say I am an expert, but like anything, once you understand the concept and familiar yourself with the commands, it all kind of comes together. I feel confident in that if I see OER on my exam, I wont be surprised or scared. I also did some reading on IPv6 multicast today. If you know IPv4 multicast, IPv6 multicast will be cake. There are some differences in the technologies and how they work, but for the most part, it's not all that difficult.

I believe I've done enough studying for the day. I may take a few more OEQ quizzes, but that would be it. I am now going to veg out, watch some TV, get some rest, and then wake up tomorrow and give this exam hell. Wish me luck everyone - I'll post my results regardless tomorrow night.

_matt

Saturday, December 19, 2009

Troubleshooting

Well, yesterday I finally finished Narbik's 2.0 workbook. Overall, I give the workbook high marks. What it does cover, it covers inside and out. There are a few items that I wish were covered and I have mentioned those before. I also wish it included the mock lab and the troubleshooting lab. Narbik said these items would be ready, but I have yet to receive them or an announcement about their availability. I completed MPLS yesterday. MPLS was both fun and exciting. I truly do appreciate learning new things, especially when I can lab it up and see how it works step-by-step. I feel fairly confident that I can excel at any MPLS tasks in the lab.

So today I am starting on Narbik's free troubleshooting lab. This will be the one and only troubleshooting lab I get my hands on before my lab on Tuesday. Considering I only have two abbreviated days of study left, I don't see how I would be able to touch much else anyway. I am truly excited about the troubleshooting lab. I work for Alltel in the WAN department for almost two years as a Telecom Network Analyst and my job depended on my troubleshooting skills. I am excited to see what these labs can throw at me.

I am feeling pretty good about Tuesday's lab. In case you had not heard, the very first person passed the CCIE R&S 4.0 lab this week. I knew it would only be a matter of time, but I am glad that someone finally passed. Maybe all these other CCIE candidates will quit bitching about how difficult this is and just hit the ground running. Then again, what do I care if people throw in the towel? It's not happening here. I have already guaranteed that I WILL have my CCIE in the 2010 no matter what.

Well, I guess less blogging more studying. More updates to come later...

Thursday, December 17, 2009

MPLS Land

Well, here I sit with 5 days left of study time left, including today. I have made it through Narbik's 2.0 workbooks except for MPLS. I plan to spend the next 2.5 days working through the MPLS labs as well as reading about MPLS in the DocCD. I have no on-hands experience with MPLS. Of course, I know the theory of MPLS and how MPLS works from my CCNP studying several years ago, but I have yet to touch a PE/CE router. Narbik covered this pretty well in the latest bootcamp, but until I do the labs, most of that stuff won't really set it.

I completed multicast yesterday and I would like to say that I finally get it. Not only did I do the multicasting labs, but I also read the entire multicast section on the DocCD. After I complete MPLS (hopefully able to do the labs twice) I need to tackle Narbik's free troubleshooting lab - just to get an idea of what I will see on the exam.

I am worried about a few things that I see on the blueprint and has not been covered by Narbik's labs. These include OER, Performance Routing, advanced 3560 QoS, IPv6 multicast as well as a few other small topics. I know that the new lab focuses on everything on the blueprint and not just the core technologies. Hopefully I still have some time to touch these remaining items in the DocCD.

I can't help but feeling like I have been rushed and if you read my previous blog posts, you know that I am kind of being rushed. Don't get me wrong, I feel much better prepared for this attempt than I did my last, but I can't help but shake the feeling that I need more time. I am still going to walk into RTP on December 22 and give that lab hell. For a little extra luck, hopefully the grading proctor will be in the holiday mood!

If I don't pass on this attempt (and I am still expecting to pass!) I want to hit the ground running again and just got for it. I am going to guarantee that I have my CCIE by the end of 2010. I think I got burned out on my first attempt, and actually spent too much time studying and not really focusing where I needed to. If I could go back, I would have attempted version 3 much sooner, and gotten myself a second attempt in version 3. I am not saying this because I really don't want to do version 4. I think version 4 is great and will make better CCIE's but it is different and requires a different mode of studying.

Sunday, December 13, 2009

Time is of the essence..

Well, expected to get several hours of lab time done today. Unfortunately that didn't happen due to a small family emergency. So my wife is out and about, and I am at home watching my two year old son Xander. No big deal. I'm logging some time on the INE OEQ engine as well as reading some DocCD. I can't reasonably lab with a two year old loose but I can sit on the laptop and read to my hearts content - even if I have to take frequent breaks to find out the latest thing my son has gotten into.

I've also decided to spend some time troubleshooting my bandwidth issue. After running some iperf test, I found out the issue is my Linksys DD-WRT router. Furthermore, I discovered the issue is with QoS on the DD-WRT. The thing is, it seemed to work great for prioritizing all of my voice traffic. Unfortunately, all my other traffic suffered - to the rate of T-1 speeds. After some reading, there are some incompatibility issues between QoS and PPTP. Bummer. There is also issues and bug with the code I am running. The QoS was enabled for WAN only, but alas, it was working on all destinations which is why my inter-vlan traffic suffered. Sigh.

When all else fails - go with what you know right? So, I am thinking of getting a cisco 2621xm (unless someone has a better recommendation). Hopefully with that, I won't have any issues. I also want to get a 3550 as my switch. Currently, I am using the DD-WRT router trunked to an old 3500xl. It works, but not the way I want it to. Hopefully I can get these after the new year and put everything in my new server rack that is coming in. Now I am off to do some wiresharking to see if my current voice traffic is marked in any way.

Saturday, December 12, 2009

Status Update

Well, since I have some time I figured I would post my current status. I've got some free time because neither my 3640 nor my 3745 images supported EIGRPv6. So now I am downloading the latest 12.4 T train to see if this remedies the situation. I previously tried the 3745, but could not get them to behave properly. I would calculate idlepc values to my hearts content, but no matter what value, the actual console of each machine was TERRIBLY slow. Well, after some research, I've matched an IOS version to a suggested idlepc value on the hacki forum. Let's see how this works. Right now it's taking forever to copy the 95mb image over to my dynamips server. Not sure if this is the fault of my DD-WRT router, or my 3550xl switch. Intra-vlan stuff seems to copy just fine, but when copying from my native vlan (desktops) to my server vlan, things are incredibly slow. I'll have to investigate later, but I don't usually have much inter-vlan traffic.

On to CCIE stuff. I have nine days left of study time left, and unless you have been under a rock, the holidays are here. This has been the most difficult time to study, which is why I didnt even touch my CCIE during the holidays last year. On top of that, I had to take a VMware VCP4 training class this week. The class was online, but was also 9 hours a day which left no time for CCIE studies. I guess the good news is I will soon be VCP4 certified. I will also be obtaining a few Juniper certifications. Juniper is pretty much giving away their certifications. They have a 50% off voucher, they give you the study materials, and I'm told you can load up their OS in a VMware instance - you just have to scour the net for the OS. So after my lab December 22, I will be taking a short break to bang out my VCP4 and Juniper certifications.

I am resuming my CCIE studies today. I am ripping through Narbik's latest workbooks. Some of the topics are a rehash from his previous workbooks, but there is plenty of new material. I am doing almost every lab, except the really trivial ones. I should complete the workbooks this coming week, hopefully leaving me time to do some labs twice, such as multicast and MPLS. I feel the more I go through these labs, the better I become.

I also have a running list of things I need to read this week from the DocCD. These include items such as multicast, ZBF, DHCP Snooping, 3560 QoS and IPv6 tunneling. In addition, I also want to complete Narbik's free troubleshooting lab. Hopefully this gets me a good idea of what the troubleshooting may look like on the exam. I will also have a daily dose of OEQ review, thanks to INE's OEQ testing engine - which has hopefully improved since my last attempt. This may seem like a lot of things to cram in nine days, but I am going to get it done.

On to other topics in CCIE land, there is a lot of talk about the lack of passing students for V4. Does this have me concerned? Only a little. On one hand, I am totally surprised that at least one person hasn't passed since October 21st. On the other hand, I know first person that not many people are attempting the version 4. Why do I know this? Just look at the CCIE scheduler. You can pick a date for a soon as the following week, sometimes even the current week. Now I know version 3 was never like this - even before the announced version 4 change. There is also a lot of talk about the revised digital format. Again, I don't see this as a big deal - we just have to adapt.

So in short, I'm ready to go and conquer this thing. As we all know, this is a journey, and if at first you don't succeed, try, try again. You can bitch and moan all you want about the changes, format, etc. but what are you going to do about? Think Cisco is going to change the CCIE because some possible CCIE candidate doesn't like it? I don't think so. Most prepared candidates as well as current CCIEs and instructors think these change are the best, and will produce the best CCIEs in the world. Don't we all want to be the best?!?!

#####UPDATE#####
Yay! I got IOS 12.4T and 3725 to play nice together! In case anyone is curious, here is my IOS image and idlepc value. YMMV.
IOS 12.4(15)T10 (decompressed)
ram = 256
ghostios = true
mmap = true
sparemem = true
idlepc = 0x60c056e4


Wednesday, November 25, 2009

So soon?

Well, it's official. I will be attempting version 4 before the end of the year. My employer has a need for another CCIE before years-end. I was one of the ones asked to take on this endeavor. I was asked because I've already attempted once, and I am one of the few in such a situation to take the 4.0 lab(I just re-attended Narbik's latest bootcamp).

My lab date is scheduled for December 22nd. Now although I was never anticipating taking the lab this soon, I feel pretty good about it. The configuration portion is still there. I just need to really focus on VPNv4, BGP, MPLS and troubleshooting. I think if I can nail those down, I've got a good shot. I can't forget though that the 4 OEQ's are still there.

So I am spending about 6-8 hours a day banging out Narbik's new workbooks (which are excellent). Hopefully he releases his troubleshooting workbook soon so that I may work on that as well. I intend to take a few graded mock labs before my exam, to see what different vendors can throw at me.

Well, that is my big news! Wish me luck, and maybe the proctors will be a christmas giving mood ;-)

Friday, November 13, 2009

Micronics Training Alumni

To anyone who has completed Narbik's bootcamp, there is now an alumni group on LinkedIn. Just search for 'Micronics Training' under group in LinkedIn.

Wednesday, November 11, 2009

Back again with a vengence...

Well, my free time is over once again....after a comfortable three months away from my CCIE studies, I am back at it again. I really enjoyed my three months off. It made me realize what "free time" was and also gave me an opportunity to spend time with my family. Most of all though, I am refreshed and ready to attack this again.

I decided to kick off phase two with Narbik's bootcamp which I am attempting this week. I purchased Narbik's latest workbooks which are excellent as always. The addition of v4.0 stuff was worth the cost alone. Additionally, you receive two versions of the book. One version is a LockLizard secured PDF file which can be installed on your laptop or desktop. The other version is a printed book with questions only. The PDF file has both questions and answers. This combination makes things VERY portable. I no longer have to pick and choose which workbooks to take with me out of town.

Well, that is it for now. I have a rough estimate of when I want to take the lab, but I am not going to announce it to anyone except my close family and friends. With my previous attempt, I felt I had too much pressure brought on by other people ask about my studies and when I would attempt/pass. Hopefully, I will just post a nice 5-digit number on here one day....

Enjoy folks. If you are reading this, please follow me. The more people I know that are following, the more inclined I will be to post here frequently.

_matt

Monday, August 3, 2009

Well...

I failed, due to the open ended questions. Quite the bummer, but there is nothing I can do. I'm tired and it's been a really long day. I'll post more in a few days, but for now I just want to back away and spend some quality time with my family.

Thanks again for the support everyone.

Remember, there are only 20,000 in the world, if this were easy, everyone would have those digits.

Whew...what a day.

Well, I have completed my lab. I even finished early! (by a whole 2 minutes). I definitely feel like I didn't make the mistakes I made in the previous lab. I went through every task fairly quickly, then had time to go back and troubleshoot anything that I missed. After all of that, I still had to time to go back over everything and verify.

Now I am not going to say I passed, but I feel ok. Two of the open ended questions really got me, because I had never seen the scenarios before. I still feel like they were valid questions, just something not very well documented (I STILL can't find either on the DocCD!)

So I am sitting at the airport and now the waiting begins. I am hoping to have my results by the time I get back into Akron tonight. I have heard your results will arrive anytime after 9pm the same day. I am definitely eager to find out.

I will be sure to post the result later this evening, or early tomorrow. If anyone is interested in a complete run-down, just let me know and I would be happy to post it.

Otherwise, thanks for the support!

_matt
Well, I got a good nights rest. I slept for about 9 hours. Now I am gonna catch some breakfast and head over to Cisco to meet my maker. Wish me luck.

Sunday, August 2, 2009

Made it to RTP...

Just got in to my hotel here in RTP. I had a connecting flight in Charlotte and both flights were delayed. So that was kinda aggrevating. I ran from one terminal all the way to another (with a bum knee) only to find out my connecting flight was delayed as well. The whole thing caused way more stress than I needed right now. Oh well, I made it to my hotel plenty early.

I originally thought I would get some study in, but honestly, I don't feel like it. I am way too tired and I doubt it would really help me at this point. Either I am ready or I am not. I will find out Monday evening. I'll head out for dinner at 5pm or so, swing by Cisco so I know where I am going tomorrow. Then I will head back to the hotel, catch a shower and head to bed.

I will be sure to post my thoughts and feeling tomorrow after my lab, provided I have time. But I'm expecting some free time between flights in Charlotte.

Saturday, August 1, 2009

What a journey its been.....so far.,

Well first off, I did one of INE's mock labs yesterday. Unfortunately, I failed...barely. I didn't fail because I didn't know the material, I failed due to not managing my time properly, not reading the entire task, and not verifying every task after completion. I finished right about 8 hours. I spent too much time on a route redistribution problem (that was caused by a trunking error) and a bgp problem (that was incidentally solved by a reboot). I know I shouldn't have spent so much time on these two topics. I will be sure to NOT do that in the actual lab. If I manage my time, and verify and re-verify everything, I feel like I got a good shot of passing.

This has been one hell of a journey. Now although my journey is not yet complete, it will not be wasted if I don't get that 25xxx number come Monday. Throughout the last year, I have learned so much. I now know BGP pretty well, I know multicast, I know NAT, in addition to loads of other topics. So if I do not get that number on Monday, I will continue my journey and add MPLS, troubleshooting, VPNV4 and other topics to my repertoire. Then I will try again. This journey will only end when I get that number - no matter how long it takes me.

For now, I have competed my studying. If I don't know enough by now, 1.5 more days of studying isn't really going to help me. I do plan to fire up the INE Core Knowledge SIM over the next few days - just to keep myself sharp on the core knowledge questions.. I've been at it for 12 hours a day for the past 2.5 weeks and I don't feel like I can take in any more knowledge this week.

I will be flying out early tomorrow morning. I will get to RTP, rest, relax and get a good nights sleep. I will be sure to post my results Monday night (provided I receive them then). You can also follow me on facebook: http://www.facebook.com/impiouspunk

Wish me luck - it's been one hell of a journey...so far!

-Matt

Wednesday, July 29, 2009

Wednesday Update

Update: I now realized that S0/1/0.1 was indeed specified - in the physical/logic topology diagram. Damn, I am just not used to that. So now I know to look at BOTH the instructions, and the diagrams.

Wow, I need to get this post off and get the hell off of here. I logged in to make a quick post, and got distracted looking and INE/IPExpert blogs as well as other CCIE candidates blogs. Hey, at least it was still CCIE related, but none the less, it was taking away from my actually studying.

Monday I took the IP Expert mock lab (which was free by the way - thanks IP Expert!). Overall, I was happy with the mock. The material was good and I didn't feel that any areas were too difficult. From what I hear, this lab compares favorably to the actually CCIE Lab (Workbook 3 lab 1). Are you ready for my score?

40.

Yup, 40. And I'm still feeling pretty good. You know way? Their automatic script grader kinda sucked. One item screwed up my entire grade. Want to know what screwed it up?

S0/1/0.567

Yup. Thats it. See, their script looks for S0/1/0.1 and S0/1/0.1 only. Thus anything that depended on that interface (nat, ipv6, ip multicast, frame relay, etc) was marked as failing. So oh well, no big deal. It would be nice if they told you that at some point. Would have made the grade more realistic and add more value to their product. Beyond that, I did miss some silly points. Somethings didn't work and I didn't want to do a reboot due to time constraints. A reboot most likely would have fixed those items (namely ipv6, multicast and nat). There were also a few silly things I missed, mostly due to not reading and re-reading the entire task. I will be sure not to make these mistakes in the lab. My time to complete the lab was great, even though their mock labs are shortened due to the time to grade (you are only given 7.5 hours).

After the mock lab, I decided to read portions of my BSCI book, study with INE's Core Knowledge Sim and re-do some of Narbik's labs in those areas that I am a little weak in. This includes advanced OSPF filter, BGP Aggregation/Filter, IPV6, NAT, IP Services and Multicast. So far, I am making good time. I am spending about 10 -11 hours a day studying/reading and doing lab. I plan to do another mock lab this Friday using INE Dynamips workbook lab 1. I will be sure to post how that goes. After the mock lab on Friday, I plan to do some reading and watching some videos on Saturday. I am not going to do anything too intense on Saturday. If I am not prepared by Saturday, it will show on Monday.

In closing, I just wanted to post some notes on what I've been doing for the week. Hopefully typing these in here reinforces them into my mind.

  • 'sh ip interface' shows split horizon behavior
  • 'access-list 0' with offset-list in rip means all networks.
  • ONLY 'area filter-list' filters LSAs
  • Use 'point-to-multipoint' with database filter all out. Nonbroadcast keyword not needed.
  • non-broadcast next-hop is originating router.
  • broadcast next hop is originating router.
  • point-to-point next hop is advertising router.
  • point-to-multipoint treats each connection like a PtP. PtM also creates a host route, with next-hop being the advertising router.
  • Only reason to use PtM non-broadcast is to assign cost to the neighbors.
  • BGP INJECT MAP requires prefix-lists. Must match on route-source and aggregate route (again, with prefix lists). THEN you can SET the injected route (also, prefix lists!)
  • Local Preference and Weight are set inbound (why do I always want to set these outbound?)
That's all for now. Stay tuned....

Monday, July 27, 2009

T minus 1 week

Well, I know I haven't posted in a while. I just haven't felt the need to, but here I sit with exactly one week to go. I re-attended Narbik's bootcamp last week. I have to say I am feeling pretty good after the bootcamp. First, I realized that I am farther along than some in their CCIE quest. As Narbik went over the material, I was almost playing the exact scenarios in my head and coming to the same conclusions. Second, anything that I was weak on, or had been forgotten has now been fortified.

To start off the week, I am going to begin with an IPExpert graded mock lab. I don't expect to learn anything from it. Instead, I want to see what they can throw at me, and how it will compare to the actual lab. For the rest of the week, I plan to re-read some of my books, play with the IE Core Knowledge simulator, go over some of Narbik's labs again, and take another mock lab or two. I will wrap up Friday at about 5pm and stop. I don't plan to do any studying after Friday. If I am not ready by Friday - what is two more days going to get me?

I am flying out Sunday morning to RTP, NC. Once I arrive, I plan to just relax, watch a little TV, have a good dinner and head to bed. The big day comes the following morning. I may post little tid bits here throughout the week, but hopefully by this time next week, I will have good news.

Tuesday, May 19, 2009

ASET Labs

Ok, so I had the chance to hack a the Cisco ASET labs. Let me say this first - I was not impressed. I had a total of 18 hours of rack time available, and I would surprised if I used 6 of those hours. And of those 6 hours, I probably only got 2 hours of actual lab time - the rest of the time troubleshooting Cisco's equipment!

Perhaps I just got a bad rack, but all of my equipment would randomly power-cycle. Some times it was all of the equipment, sometimes it was just one or two devices. Sometimes the router would just power-cycle, other times it would load a weird ass configuration, and other times it would load to ROMMON and say the flash was corrupt!! Passwords would randomly appear, and just numerous other things. How could I have an entire bad rack? How could 13 devices be totally FUBAR'd?

In any event, I will not be using the ASET labs again. I think I spent more time cursing and re-starting labs than it was worth. Instead I was able to locate refurbished 24-port 3550 switches for $150 a piece. This was a fantastic deal, and much cheaper than even eBay! I could probably even sell them when I'm done for $200 or more a piece!

Now, there is no way in hell I could purchase a couple 3560's, even if I could re-sell them when I am done. With less than three months to go, it's not worth it to invest a ton of money in 3560s. So, I am going to supplement my switching labs with rack rentals. This shouldn't cost me any more than $60. Once I get my 3550s, I should be able to zip through my switching labs and then finally complete my BGP labs. It feels like I've been working on my BGP labs forever but with so much travel, and maximizing time with my family, I just haven't had much time to really study.

If I had given up much sooner on the ASET labs, I could have probably completed the BGP labs this past weekend! Well, that is all for now. I'm hoping for a week or two off so I can get some prime study time in. That lab date is quickly approaching!

Tuesday, May 5, 2009

Updates and News...

Well, for anyone that reads this, you may have noticed I have not posted in quite some time. This is partially due to the fact that I'm traveling a lot for work, and partially because when I do have time to study, I don't have a lot of time for much else.

I've been working on my BGP workbooks the last two weeks. It's going pretty slow, with the travel and all, but at least I am still getting some study time in. BGP was a weak area when I started my studies, and unfortunately it is still one of my weak areas. Hopefully by the time I read the BGP section in the DocCD and double-up on the workbook labs, I will feel much better.

In other news, it looks like Cisco has released the CCIE 4.0 blueprint with BIG changes hitting in October of this year. The good news is I already have 6 months of CCIE study under my belt, with 4 of those being Lab study, the bad news being that if I don't obtain my CCIE before October, I may not achieve it this year. This is not to say that I am overly worried. I did move my date back to August 3, 2009. I did this so that I could attend a 2nd Narbik bootcamp in July, and leave myself enough time between the end of the bootcamp and the exam to really cram on some mock labs. I've got less than 90 days, which means I really need to get cracking. The exam is now paid for, so my August 3rd date is pretty firm. I've scheduled out two weeks of vacation as to not be distracted from my goal.

If I am not fortunate enough to achieve a passing score on the first attempt, I plan to immediately schedule another attempt as soon as I can. I can only hope to get in three attempts before the October date. The changes to the blueprint are pretty massive. They are splitting the exam into two pieces - a 2 hours troubleshooting section and a 6 hour exam. The core knowledge topics remain. They are also changing the hardware, the IOS version, and adding things such as MPLS, MP-BGP, advanced IPV6 routing and other topics. These changes in themselves are not terrible - I think they properly reflect todays networking world. Unfortunately, these changes will drastically adjust my studying.

So overall, I am still happy with my progress and still feeling pretty good about the exam. I've got some ASET labs scheduled for next week, so I'll post my feeling here.

Friday, April 17, 2009

OSPF = DONE

Well, I finally finished the OSPF labs in both the Technology Focused and Bootcamp workbooks and man do I feel better. I had a pretty good understanding of OSPF before, but a lot of the nuances always got me - like Frame Relay interface types and OSPF. I understand all of that much better. In fact, I was able to rip through all the labs in under 6 hours. I consider that to be not too shabby. I won't be studying next week, because I will be out of town for 3 days in Miami. It will be nice to get away to a warmer climate and see the beach, but at this point, I really do hate missing ANY study time.

Anyway, when I return I plan to attach the BGP labs for two weeks. There is lots of information on BGP and I wholly expect all the labs to take two weeks. I was lucky enough to get access to the Cisco ASET labs. I plan to use the ASET labs purely for my switching labs. I can use up to 6 sessions per month, for free. So if you work for a Cisco partner, and you don't have access to a real rack, get with your Cisco rep and get access to these labs. Between Dynamips and the ASET labs, you can study for your CCIE for almost $0 hardware costs.

After I utilize the ASET labs, I will review on what I though. The one downside with the ASET labs is they are pretty booked up, so you may need to schedule up to a week in advance.

In other news, the bootcamp scheduled for the second week in May has been cancelled. Well, that really sucks. The bootcamp was going to be free (as my 2nd retake) and I was going to stay with friends, but it a great way to stay on top of things. Well, with that session being cancelled, the next session that is available for me is in July - right before my test. I was planning on taking that session anyway, but just as more of a brush-up right before the test. Well, since I will only get two bootcamp sessions in, I am going to move my test back a week.

With my test moved back a week, I can take the bootcamp on July 20 -24th, head home, whip through as many mock labs in a week as possible, and then fly out to take my test - with of course a few days rest inbetween. Well, that is all I have for now - I'll post more on BGP and ASET in a few weeks.

Wednesday, April 8, 2009

Frame Relay Labs

Well - I've just finished up the first round of the Frame Relay labs. Nothing really threw me for a loop except for the Frame Relay switching part. I was just reading too much into it and adding WAY too many commands. I've got some DocCD reading to finish up today, but other than that - it's going to be an early day for me. I am really liking how things are progressing. I should finish up Frame Relay this week (maybe even tomorrow) and rip into OSPF next week.

I'm feeling more and more confident as the days pass - but I figured a little "good luck" can never hurt - so I'm growing a beard. The beard will remain until I pass my CCIE. I figured, Hey, this works for athletes right?

Also got some good news today. I passed my EIQ SecureVue examination. So I am now EIQ SecureVue certified! Yay! Now, exactly how far will this get me in the world? I have no idea. But hey, it never hurts to add another certification to your list of achievements!

Here is a good tip - IP Expert released a pretty nice Core Knowledge Simulator. One of the best features is it has 100 questions and it is totally free. I've been firing it up once per day just to stay sharp. I also take a few notes every day for things to look up in the DocCD. Like most of these simulators, your answers have to be exact. Minor pain-in-the-ass, but hey, you will know if you got the answer right or not, and that is all that matters. I've been scoring well on anything that isn't a 'timers' related question and most of those just have to be memorized.

Well, that is all I have for now. More later...

Monday, April 6, 2009

Back at it again...

Well studying has not quite progressed as well as I wanted to after returning from my first boot camp session. Generally, I was a little burned out the week after boot camp, and then last week I had to travel to Boston to attend training on EIQ SecureVue. Great product, but unfortunately has little to do with CCIE!

So, I got back at it today. Re-visiting the RIP and EIGRP labs. I feel much better going through the labs a second time. I was able to just rip through the labs, without checking the answers or consulting the DocCD. This is exactly what Narbik's materials teach you. By cutting the lab into sections, and really focusing on those technologies, you learn the protocols inside and out. After I have completed all of the workbooks, then I should be able to attack some mock labs with 100% confidence on the core topics.

Tomorrow, I will finish up the remaining EIGRP lab (it's a big one - 20+ tasks!) and then switch over to Frame Relay for the rest of the week. Hopefully I can complete Frame Relay this week, and really focus on OSPF for the next week. Wow - time really flies as the my next boot camp session is approaching in a mere four weeks. I certainly haven't covered as much as I would have hoped between sessions, but I simply cannot pass up a free re-take of the CCIE bootcamp. Hopefully I will cover all of the RIP/EIGRP/FR/OSPF/BGP labs before the next re-take. I am also expecting some updated materials and the mock lab from Narbik when I attend the boot camp again in May.

Wow...I'm really starting to love this shit...If anyone out there is interested, I am attending the boot camp on May 4-8, 2009 in Columbia, MD.

Monday, March 23, 2009

Nothing much to report..

Well, didn't post anything last week. Decided to take the week off. I wanted to spend some time with my family after a week long bootcamp, plus I would be traveling later in the week so I wouldn't have had a whole week of study time anyway.

I got right back into it today. I am going to spend 1-2 weeks focusing on one technology until I feel I have a better understanding of it. This week, it's RIP and EIGRP. As I go through the workbooks, I am referring to the DocCD for anything that does not immediately click in my head and taking notes. I figured this way, I can really learn and understand the routing protocols. I finished all of the RIP labs today but I am going to go back tomorrow and read the entire DocCD section on RIP as well as re-try some of the labs I attempted today.

I figured I wouldn't bore you with my boring, albeit brief, RIP notes. More to come later.

Friday, March 13, 2009

Narbik Bootcamp Day 4/Day 5

Some more notes for your enjoyment! Day four covered RIP and QoS. Again, both were covered very in-depth. And don't believe that RIP is an old, easy, simplistic routing protocol. Narbik is quick to point many of the nuances of RIP and it's versatility. Remember - the LAB isn't asking you how you do something, but they usually ask if you know the most CREATIVE way of doing something, just to make sure you are well versed in the topics.

The QoS lecture ran most of the day, but again, it was a great lecture. I can't say enough about it. Day five covers multicast and generally wrapping everything up. Narbik is going to let us know how to best attack the lab exam. He is going to give us his suggestion, and if we follow his suggestion, he suggests 70% of us will pass the CCIE on the first attempt. This is great news and I plan to follow his suggestion - whatever it may be, to a T. I am certainly focused on attaining the CCIE and I am not going to let anything stand in my way.

Narbik again suggests that EVERYONE attend his bootcamp a week or two before our lab. I am going to double-up on this suggestion. There is a bootcamp in Columbia, MD the first week of May. There is another bootcamp in Herndon, VA the month of July - right before my exam. Hopefully with three bootcamp sessions, and all my studies - I'll be one of those 7 out of 10 to past on the first try.

Wednesday, March 11, 2009

Narbik Bootcamp Day 2/Day 3

Well after a long day, I didn't get around to posting yesterday. Not a big deal because it's not like I am going to post all my notes anyway. Day two covered OSPF cover-to-cover. Narbik runs you through almost every possible command in OSPF and he explains what the command does and where to apply it. My understand of OSPF, while already pretty good, is much better following Narbik's lecture.

Narbik also covers EIGRP in the same manner during day two. Again, showing you all the commands, how they work and what they do. Again, I understand EIGRP better now than before. Narbik does a great job of making you want to learn about everything, and teaches in a very exciting way.

Day three Narbik covers BGP, again the same manner as OSPF and EIGRP. This bootcamp is worth every penny. I know this post isn't very long, but hey - 13 hours hacking IOS and listening to lectures kinda tires you out. More later...

Monday, March 9, 2009

Narbik Bootcamp Day 1

I promised everyone to post notes on my experience with the boot camp. First, I've got nothing but good things to say. The day started with the typical introductions, with Narbik asking us what our weak points are and how we heard about his class. From there, we started straight into the Advanced Technologies workbook, starting with with basic switching. Nothing really new or exciting but fundamental and essential. Narbik makes his rounds to make sure that everyone is progressing along. After lab time, we take a break for lunch.

After lunch we start into the lecture of switch security. The lecture was great and covered items such as DAI, DHCP snooping, mac access list and vlan access maps. After the lecture, we tore into the advanced switching labs. Again, the labs are top-notch. Narbik is available the whole time for any questions. He will also cover a topic more in-depth if someone has a question about a specific topic. It's during this time that he gives us some more labs covering private VLANs, multicast and others. These are labs he just completed so we are some of the first few people to see these labs. This shows Narbik's dedication to all of his students - past, present and future.

After the switching lab, Narbik starts into the Frame Relay lecture. Narbik doesn't just show you how to do something, he explains EVERYTHING in detail, including all the options for a particular subject. He doesn't just show you how something works, he explains to you how something works.

Well, as I've already said, the materials are top notch, but they would just be another set of workbooks if you did not take Narbik's class. When Narbik teaches, you can tell he cares about his students and shows an enthusiasm in teaching you everything he knows. He encourages everyone to take his bootcamp as many times as needed to pass the lab. He even encourages current CCIEs to take the bootcamp once a year to keep all the knowledge fresh. This shouldn't be a problem since Narbik offers free retakes of his bootcamps.

Well, that is all I got for tonight. I need some rest so that I'm fresh for tomorrow session.

Tuesday, March 3, 2009

Wrapping up for the day..

Well, now that you all (all two of you I guess...) are caught up on my notes, I would like to reflect where I am at now in my studies. I have one section left in the Soup-to-Nuts workbook and that section is IPv6 which I feel fairly comfortable in. I should complete the IPv6 section tomorrow, which will leave me Thursday and Friday to kinda take a break. I'll be leaving for Narbik's bootcamp in Chicago on Sunday. With 50+ hours of dedicated study time next week during the bootcamp, I think a little break is in order.

With a little over two months into my CCIE studies, I would have to say that I feel better now than I did two months ago. I should say MUCH better. Things like redistribution, BGP, multicast and security are now better understood than they were two months ago. That being said, I know I still have a ways to go. I peeked at Narbiks "superlab" that is included with the Soup-to-nuts workbook and I immediately identified areas where I am still weak.

Hopefully the bootcamp will really drill some of these topics into my head. After I complete the bootcamp, I'll be hitting the Advanced Technologies workbooks from Narbik pretty hard. Hopefully after completing those, I can start taking a crack at full practice labs again. I still feel like I am on track for the July 27th test date. Narbik's got another bootcamp the week of July 20th in Herndon, VA (where my company is headquartered). My plan is to attend the bootcamp a second time right before the test on the 27th. The good thing about this is the 2nd boot camp attempt is free, and I can stay with my best friends in Alexandria, VA. My only cost will be gas.

Anyway, enough rambling for now. I'll be sure to post pertinent information from the bootcamp next week in Chicago.

Multicast and ACL...

Multicast

  • "ip msdp peer [address] connect-source [interface]" sets up the msdp peer relationship.
  • bgp and msdp peer ip must match.
  • "ip pim neighbor-filter [acl]" can filter PIM neighbor relationships.
  • "ip igmp helper-address [address]" is an interface level command to forward igmp requests to multicast capable router, much like DHCP.
ACL
  • "ip telnet source-interface [x]" can tell a router which interface to use for telnet access.
  • "autocommand access-enable host" links dynamic ACL to telnet authorization.
  • "clear ip access-template [line] [dynamic ACL name] host [x] port [y].." clears a dynamic ACL line.
  • "autocommand access-enable host timeout [x]" creates dynamic acl timeout for dynamic ACL entries.
  • "access-list 100 dynamic [name] timeout [y] permit ip any any" creates static timeout for dynamic ACL entries.
  • "rotary [x]" is a line command to create a telnet session on 300[x]. ie; rotary 3 creates telnet access on port 3003.
  • "ip reflexive-list timeout 120" is a global command to limit reflexive ACL entries.
  • "ip tacacs source-interface [y]" assigns an interface to use for TACACS source requests.
  • When using authentication default, it does not need assigned to any line/port.
IP Services

  • "ip dhcp ping [packets] timeout [y]" changes DHCP behavior. DHCP will ping [packet] number of times with a timeout of [y] before re-assigning a previously used address.
  • manual DHCP bindings require their own pool.
  • interface level command "standby use-bia" will use MAC burned-in address for HSRP mac.
  • preemption is enabled by default in VRRP.
NAT
  • inside local is local IP of private host on your network.
  • inside global is public IP address that the outside network sees as the IP of your local host.
  • outside local is the local IP from the private network which your local hosts sees as IP of remote host.
  • outside global is public ip of remote host.
  • "extendable" allows you to have to NAT entries for the same source IP address.
  • You can use a route-map to "permit" local to global mappings.
  • You can create stateful NAT translations to assign to HSRP groups by using a mapping-ID.
  • You can create stateful NAT translations and assign a primary and backup NAT router (ip nat stateful..)
  • I hate NAT....
  • I really hate NAT....
  • Why can I not understand the NAT syntax?

Switch QoS

Continuing my notes..

3550 QoS
  • "mls qos min-reserve [queue] [# of packets]" sets max number of packets per queue
  • "wrr-queue cos-map [queue] [CoS]" is assigned per interface
  • "wrr-queue bandwidth [weight Q1] [weight Q2] [weight Q3] [weight Q4]" assigns a weight per queue.
  • "show mls qos interface [x] queuing" is one of the single most important QoS commands on a switch. Shows default/configured QoS settings per interface.
  • "priority-queue out" enables PQ (which is Q4 on 3550) per interface.
3560 QoS
  • "show mls qos maps dscp-input-queue" or "show mls qos map" shows default mappings
  • You assign a queue and a threshold to traffic.
  • "mls qos srr-queue input dscp-map queue [x] threshold [y] [dscp-values]" maps dscp values to a queue and threshold.
  • "show mls qos input-queue" shows weights per queue and threshold.
  • "mls qos srr-queue input threshold [queue [threshold1] [threshold2]"
  • "mls qos srr-queue input-buffers" alters the # of packets per queue.
  • "mls qos srr-queue input bandwidth [queue1] [queue2].." assigns bandwidth per queue.
  • "mls qos srr-queue input priority-queue 1 bandwidth 20" would assign a weight of 20 to priority queue.
  • 3560 has 2 input queues and 1 priority queue
  • "show mls qos maps dscp-output" shows default dscp map for output.
  • "mls qos srr-queue output dscp-map queue [x] threshold [y] [dscp values]" assigns dscp values to output queues/thresholds
  • "show mls qos interface [x] buffers" shows QoS output queue buffers.
  • "mls qos queue-set output [queue-set #] buffers [Q1] [Q2] [Q3].." assigns buffers to a queue-set.
  • "queue-set [y]" assigns an interface to a queue set.
  • "show mls qos queue-set" shows buffers, threshold, etc for each queue set.
  • "srr queue bandwidth [share|shape] [weight Q1] [weight Q2].." - interface level command to assign bandwidth to interface.
  • "srr-queue bandwidth limit [percent] limits bandwidth per interface.
Up next...multicast

Notes Catch-up

I've been sick the last couple of days and although I've made time to study, I have not devoted time to posting my notes. So here are my latest notes from Narbik's StN workbook, starting with QoS.
  • Priority queueing is processed like ACLs - top-down.
  • "priority-list x [interface|protocol|default] queue [tcp|udp|acl]" assigns traffic to a queue
  • "show queuing priority" shows priority queues
  • "priority-list x queue-limit " alters queue sizes
  • "custom queuing queue-list x" creates a custom queue much like a priority queue
  • With custom queuing, bandwidth is allocated by assigning byte-counts in increments of 1500
  • "hold-queue x out"WFQ packet limit for all queues
  • To create a rate-limit ACL using IPP, add binary of IPP levels. binary 01 is IPP 0, bianry 10 is IPP 1, so mask if binary 11 or 3.
  • "show interface | i Internet" shows all IP addresses (except secondary) with netmasks.
  • "sh run | in no\ "shows disabled servers. (note: there is a space after \)
  • rsvp must be done per interface along the path.
  • test rsvp using "ip rsvp sender-host|reservation-host" from config mode.
  • "ip rsvp sender" is used to proxy for another host.
  • "ip rsvp reservation" is used to proxy for another reservation host.
  • "frame-relay de-list x protocol ip tcp 80" can be used to assign protocols (such as HTTP) the de bit. Can be applied by using "frame-relay de-group x dlci y"
  • You can enable "random-detect dscp-based" directly on the interface.
  • ECN marks packets instead of dropping them.
Up next...3550/3560 QoS

Friday, February 27, 2009

A reflective access list will inspect return traffic. When you allow outbound traffic, you tell the oubound access-list to 'reflect TEST' (where TEST is the dynamic ACL name. You then tell the inbound access-list to evaluate TEST. This will create dynamic entries into an ACL called TEST that should list allowed return traffic that was initiated behind this router.

Some day I will get this right, but I'm also having trouble with dynamic ACLs (by the way - call them A C L 's, not Ackles..I can't stand that. Do you call a BMW a bamwah?). The StN workbook called for creating dynamic ACLs based on authenticated telnet users. I understand the concept, but it's hard to get the syntax down. Additionally, the 'autocommand access-enable' is a hidden prompt. My router accepts the command, but when I telnet to that router, I get a response saying this is not a valid command. Oh well.

Anyway - just jotting some notes. More to come later..

Wednesday, February 25, 2009

BGP..Better Get Practicing...

I'm slowly making my way through the Soup-to-Nuts E-Workbook. I am probably half-way through the book and I cannot say enough good things about it - especially after doing the BGP mini labs. See, I know the BGP basics and I've worked with BGP for sometime. Er, I should say - eBGP. So beyond the basics of setting up a peering session with an eBGP peer, I was pretty much clueless. The Soup-to-Nuts (StN) workbook goes through about 15 BGP scenarios covering everything from AS path filtering, to route reflectors, to regular expressions and more. Narbik takes a simple approach in showing you BASIC scenarios so you can understand and see how each feature works. Once you know and understand how something works, you can apply that knowledge to more difficult situations such as the CCIE lab.

Anyway...I wanted to post up my BGP related notes before I move on to the QoS section of the workbook.

  • "network x mask y backdoor" will assign an AD of 200 to bgp routes so that the configured router would prefer any available IGP routes first.
  • advertise-map is the name of a route-map to advertise if the condition of the exist/non-exist route-map are met.
  • as-set will remove atomic aggregate. An atomic aggregate route can lose important information such as the AS path.
  • You can use BGP communities much like tags. Within a route-map, you can "set community x" on the advertising router. On the receiving router, you can "match community x" and do things such as "set ip next-hop...."
  • ip community-list standard [name] permit [community] works like an ACL for communities
  • local-preference is propogated through the AS to prefer exit point from that AS
  • "bgp always-compare-med" enforces MED across all paths
  • "bgp bestpath as-path ignore" is a hidden feature that will force the router to look past the AS path as it's first rule for best-match and skip right to metric.
  • "_AS$" where AS = AS Number is the regexp to match originating prefix.
  • filter-list filters on as-path acl. (neighbor 1.1.1.1 filter-list 1)
  • "_AS_" where AS = AS number is the regexp to match AS in path.
  • ".*" is the regexp for match-all.
  • "^$" matches self-originating prefix. (if your AS is 100, this would match paths with an origin of AS 100)
  • "^AS$" where AS = AS number, is the regexp to match AS from neighbor ( ^200$ would match routes originated from bgp neighbor with an AS of 200).
  • "bgp regex deterministic" disabled recursive algorithym when processing regular expressions.
  • "neighbor x advertisement-interval y" sets the minimum advertisement interval of y for neighbor x.
  • You can use replace-as within a local-as command (neighbor 1.1.1.1 local-as 300 no-prepend replace-as"
  • no-prepend does NOT place the configured AS (say, router bgp 300) into the bgp path when using local-as.
  • "bgp maxas-limit x" limits the number of AS in the path of each prefix where x is the number of paths.
  • You can use a route-map with "..default-originate" command for conditional advertisements. (don't use an advertise-map - it doesn't work!)
  • You can set the distance per peer as well as per route.
    distance x y z - where x is distance value, y is source IP and z is IP mask. For example - distance 150 1.1.1.1 0.0.0.0 will set a distance of 150 for ALL routes from neighbor 1.1.1.1.
  • To set distance per neighbor and per route.
    access-list 3 permit 150.1.1.0 0.0.0.255 - create ACL to match which routes you want to alter AD for.
    distance 132.1.1.1 0.0.0.0 3 - will set a distance of 150 for 150.1.1.1 coming from neighbor 132.1.1.1. If you couldn't tell, you could also set the distance of certain routes for all neighbors using the correct wildcard mask.
Well, that is it for now. I may actually revisit the BGP section of the workbook at some point later. If I have trouble with practice labs and BGP, I will definitely use this workbook.

Well, back to studying. It's time for QoS!

Friday, February 20, 2009

And one week later...

If anyone is paying attention to this thing, you may think I've fallen off the planet. Quite the opposite. While I have had some moments over the past week and a half to study, I did not have anytime to blog the details. In short, I made two trips to D.C., took my son to the hospital for an MRI (all is well ), took him to the doctors office twice and my wife once. All of that on top of my normal everyday life kept me quite busy.

I've been working on Narbik's Soup-To-Nuts workbook. The workbook is great at getting you intimately familiar with the basics. It does not really cover the advanced or really weird topics, but hey - that's what the bootcamp is for, right? Anyway, here are my notes thus far.
  • ip hello-interval eigrp 100 30 - this is the interface level command for setting eigrp hello intervals
  • ip hold-time eigrp 100 120 - interface level command for hold time
  • metric weight 0 1 0 0 0 0 - sets the k1 EIGRP metric values to use only BW. (sidebar: should I memorize eigrp K values?)
  • A leak map will advertise component subnets in addition to summary address. If route-map referenced is undefined, only summary is advertised. If access-list is undefined, summary and all components are advertised. If both are defined, only specified subnets within ACL are advertised w/ summary.
  • By default, EIGRP uses up to 50% of interface bandwidth.
  • ignore lsa mospf - disables syslog messages concerning type 6 LSAs not supported by Cisco
  • ip ospf name-lookup - global command to enable ospf domain lookup
  • max-lsa [x] - maximum number of non self-generated LSAs that the routing process can receive
  • ip ospf message-digest-key 1 md5 [password] sets the OSPF md5 password. (not ip ospf authentication-key .....this sets plain text key)
  • no discard-route [internal|external] - disables null routes on summarizing router
  • stub routers cannot use Virtual Link but can use Tunnels
  • no ASBRs with stub routers
  • no type 5 externals w/i stub.
  • area xx default-cost yy - sets the default route-cost in OSPF
  • you only need "...stub no-summary" on the ABR
  • Totally stubby filters IA routes
  • You can filter LSAs using "neighr [x] database-filter all out". Must be point-to-multipoint network.
  • distribute-list out only words on ASBR.
  • Summary address can be used to not-advertise". Cannot be used to filter internal.
  • area x range y not-advertise to filter internal routes.
  • max-metric router-lsa is done so other routes do not prefer configured router.
  • Tunnels are almost always an option to a seemingly crazy request!!!
Well, that's all for now. I've got more notes on switching and RIP that I'm just too lazy to type up right now. More studying tomorrow and next week using the Soup-to-nuts workbook. Then it's off to bootcamp March 7th!

Wednesday, February 11, 2009

Completed IPExpert CoD...

Here are the last of my notes for the IPExpert CoD.

  • Use distribute lists out from one routing protocol to another. Use under original process.
  • BGP only accepts internal OSPF routes by default.
  • RIP redistribution requires metric or it may get 16.
  • Always filter routes when redistributing. Particularly by using distribute lists and route tagging.
  • Watch for connected routes when redistributing.
  • ip policy route-map for remote, ip local policy route-map for local.
  • You must have a multicast mapping agent when using autoRP. Assign mapping agent to hub router or behind in FR networks.
  • ip pim send-rp-announce [src inter] scope [ttl] group-list [acl] to enable autoRP
  • ip pim send-rp-disc scope [ttl] to enable mapping agent
  • ip pim autorp listener works as an override in sparse mode only operation. (when you are forbidden from using dense or sparse-dense-mode)
  • BSR is sparse mode only
  • hop-by-hop bsr messages exchanged by PIM routers.
  • ip pim bsr-candidate [interface] [hash] [priority] to enable BSR
  • ip pim rp-candidate [interface] [ttl] to enable RP w/i BSR
  • BSR elected 1st based on highest priority or IP
  • RP candidates are fed to elected BSR
  • AutoRP overrides static RP
  • ip pim rp-address [ip] [acl] override - to prefer static over autoRP
  • ip pim nbma-mode and ip pim sparse-mode on FR interfaces.
  • FR may need map agent as well as RP.
  • autoRP doesn't work in FR PtMulti.
  • ntp trusted-key required on all clients to authenticate.
  • create snmpv3 group before users
  • You need a separate pool/scope for manual DHCP bindings
  • debug ip dhcp server to determine client ID for dhcp reservation
  • dhcp bootp ignore - disasble bootp requests
  • default TC is 125ms data, 1/100 voice
  • Tc = Bc/CIR
  • BC = CIR/Tc
  • Be = (AcessRate/Tc) - Bc
  • You can queue outbound only, police in and out
  • On inside interfaces, Inbound reflect, outbound evaluate
  • When tunneling, make sure route to tunnel destination does not change to point to tunnel IP
  • To route a NAT pool, assign to loopback and advertise through IGP.
  • FE80 is link local
  • FEC0 is site local
  • FF00 is multicast
  • 0x8644 is IPv6 ethertype
Well, that is all the notes I have. There was a fantastic section on wildcard access-lists that totally makes sense to me. If you have ever seen anything about creating an access-list with the least lines possible, and the subnets are spaced all over, this is when you need to break down the subnets into bits. I won't try to recap this, but if you have any trouble with this, I highly suggest you check out Scott Morris' IPExpert CoD. He does a fantastic job. Overall, I'm pretty happy with the CoD. It's fairly comprehensive and detailed. Unfortunately, there is no hands-on with the routers which would have made the CoD three times better. I also have InternetworkExperts CoD series, but the videos are much longer and do include hands-on router sections. I don't think I need to spend so much time watching more videos on some things I'm pretty comfortable with. I need to get back to hacking IOS. If I have trouble with a particular topic, I'm going to watch that particular video in addition to reading the DocCD (which I've become pretty familiar with).

This post may seem long, but I'm pretty much cramming two days of notes into one post. Tomorrow and Friday I plan on setting up my dynamips to run Narbik's labs. Then I can begin the Soup To Nuts workbook. If I haven't said it before, the lab is all about completing your core properly in the quickest amount of time possible. If you succeed here, you can pick and choose the remaining topics to get you the 80 points. It's during this time that you can rely on the DocCD and configuration examples. It is my hope that with Narbik's training, I can tackle the core without any issues.

More to come later...

Monday, February 9, 2009

IPExpert Day 3 Notes ...

Well first off - I've changed the layout. Hopefully this one looks a little more friendly and easier to read.

Moving on, here are some of my notes and pointers from the IPExpert CoD
  • spanning-tree vlan x forward-time sec to reduce ST convergance time
  • frame-relay map bridge [dlci] to enable FR bridging.
  • On 3550, bridge protocol vlan-bridge instead of protocol ieee
  • macro name [name] to define macro, macro apply [name] under interface to apply macro.
  • backbonefast used to enable fast switchover to alternate RP
  • spanning-tree link-type point-to-point is SP macro for host ports
  • spanning-tree mst configuration to enter MST configuration mode.
  • mst will always have a default instance 0 for unassigned vlans
  • mac access-list extended [name] for defining mac ACL
  • vlan access-map functions just like a route-map.
  • vlan filter [map name] vlan-list [vlans] to apply vlan map
  • switchport protected prevents protected ports from talking to other protected ports.
  • errdisable recovery... to restore errdisabled ports automagically
  • dot1x system-auth-control to enable dot1x, otherwise dot1x is disabled
  • storm-control broadcast/multicast/unicast level [percentage] under interface config to enable storm control
  • SDM templates alters switch memory allocation. Available templates are access, extended-match, routing and vlan. Enable with 'sdm prefer [mode]'. Require switch reload.
  • split horizon needs disabled for PtM hub routers in FR
  • For secondary IPs, primary IP must be advertised 1st, split horizon is likely to have effect and can't use passive interface for primary IP
  • Distance can be set globally or per route
  • Broadcast and non-broadcast elect DR/BDR; hub must be DR
  • Use 'sh ip ospf int' to determine network types
  • If you can't change network type, use neighbor command.
  • 'ip ospf mut ignore' switch setting for ignoring MTU differences
  • Stub area = internal and default
  • NSSA = Internal, Default and Externals directly entering area
  • Totally Stub = interarea only and default
  • distribute-list in filters from OSPF DB to routing table
  • You can filter between areas - area x filter-list prefix [prefix list]
  • dead-interval minimal sets dead timer to 1sec, multiplier is hellos per 1 sec
  • With RIP, use neighbor and passive-interface to enable unicast updates only
  • 'no validate update-source' to disable source verification, ie; for secondary IPs
Well, that is all for now. In other news, I've scheduled my bootcamp for March 19, 2009 in Chicago. This is Narbik's bootcamp and I am definitely looking forward to it. I've already received the Soup-To-Nuts workbook and I plan on starting this after the IPExpert CoD.

Thursday, February 5, 2009

IPExpert Class On Demand Day 1

Well I tore into the IPExpert CoD today. It's a great product with lots of tips but can sometimes be a little light on specific details or examples. Here are a few of the tips I have picked up so far.

  • DTE cable is usually terminated at the customer end
  • DCE is usually terminated at the provider end and provides clocking
  • PVC Status of Inactive indicates an issue between FR switch and router
  • PVC Status of Deleted indicates an issue on the router
  • Point-to-point subinterfaces require frame-relay interface dlci command on only one side of the link.
  • I've mentioned it before, but I need to burn it into my skull. Be careful of Frame Relay network type mismatches with OSPF.
  • You cannot use map class with frame-relay map commands.
  • LMI is disabled with "no keepalive" command
  • There is no LMI when two FR routers are cabled back-to-back and must share the same DLCI.
  • Service udp small-servers required to enable TFTP server
  • PPPoFR uses virtual-templates
  • If using LFI, PPPoFR must be used, if fragmenting only, FRTS can be used.
I'll continue to post interesting tips as I come across them. After completing the IPExpert CoD, I intend to get back to the labs. I am going to try the Soup-to-nuts and Advanced Workbooks before jumping back to IEWB. During the labs, I am going to refer to the DocCD and IE Class-on-demand for specific topics that create trouble for me.

Monday, February 2, 2009

CBT Nuggets QoS...

Well, I gotta say this was a waste of time. The video did not teach any more than I already knew from my CCNP/CCIE studies. Thankfully, it only took me a day and a half to complete the video. If nothing else, I guess it reinforced my knowledge about QoS.

I intend to start viewing the IPExpert class-on-demand series sometime this week. Hopefully the CoD will help me strengthen some of my weaker areas. My study time this week will be cut short because I'll lose about two days of studying due to travel to D.C. Hopefully while I am at work, I'll at least get started on the IPExpert CoD. I've also decided to re-read some of my Ciscopress books - namely the BSCI and CCIE Written books. I've replaced my usual "bathroom reading material" of Car and Driver, Revolver and Motortrend with Ciscopress books. Hey - I may as well make that time beneficial!

So my goal going forward is to complete the IPExpert CoD, and then move on to Narbik's Soup-to-Nuts workbooks. Hopefully, I can squeeze a bootcamp in there as well. After that, I'll once again tackle the IEWB practice labs. I'm going to take a peek at the IPExpert material just to see what I am up against.

Friday, January 30, 2009

CBT Nuggets

Well, I've finished the CBT Nuggets Video on Demand for the CCIE Lab. The first half, which covered the core of the exam, was pretty beneficial. It helped me to understand items such as redistribution and BGP attributes better. The second half though was mostly worthless. It covered the most easy multicast, security and QoS scenarios. Anyway, it was still useful.

I've also found a copy of CBT Nuggets for the QoS exam. No, I'm not tackling two certs at once, I just want to learn more about QoS for the CCIE R&S Lab Exam. I know the basics pretty well, but some of the details get fuzzy. Hopefully the videos will help.

After that, I'll be checking out the IPExpert class-on-demand videos. I don't know what to expect, but I've heard good things about them. I need to copy all of my study material over to a hard drive so that I can take it with me on my trip next week. I'll be at work, but I should still be able to get a good amount of study in. I'll be packing the headphones to drown out the usual office noise!

Wednesday, January 28, 2009

Life in Northeast Ohio...

Well, pleasant surprise this morning...about 5 inches of wet snow on the ground. So first things first, I had to get out there and clear my driveway. I am quite thankful I purchased a snow thrower this year, although it's less effective with wet snow. Still better than shoveling! Bad news is, we are getting another 6-8 inches before sunset. So that means I'll be back out there again.

On top of that, I've got some work to do. That takes precedence over my studying. Especially since, for the most part, my job right now is to study for the CCIE. I work for a company that does consulting for Government agencies and part of my job is to participate in pre-sales activities. They certainly aren't fun, but it's a necessary evil when working in this industry. Next week I'm taking a trip to company headquarters in Herndon, Va. I've got a quick meeting to attend and then hopefully I'll get started on setting up our CCIE R&S rack. Unfortunately, all these things take away from my studying. I'm a little upset about it since I was on a roll with the CBT Nuggets video. All-in-all, I'm still expecting to finish the CBT Nuggets video next week. Then it's on to the IPExpert Class-on-demand.

I'm not looking to get too much studying done today, but I did want to post a few tips I picked up on from yesterday's studies.

1. Virtual-link IP address is the neighbor's router-id. I knew this already, but this may be an important tip to someone else!
2. User "area x default cost" to set a preferred exit point from an area. (Lower cost on preferred exit point, high cost on alternate)
3. 100/BW(in MB) is the default OSPF metric calculation. Remember this. A 56k link would have an OSPF metric of 1785. You can change this by setting the auto-cost reference bandwidth under router ospf.
4. Tags are very useful when redistributing into OSPF. I always tag because you never know when you may need to use the tag later. I've learned the hard way.
5. For setting tag values, I use the redistributed protocols admin distance. (tag 120 for RIP, tag 90 for EIGRP, etc).
6. When doing mutual redistribution between OSPF and EIGRP, exclude external routes when redistributing EIGRP into OSPF. This prevents original OSPF routes, now in the EIGRP process, from re-entering the OSPF process in another router with a lower AD.
7. External EIGRP routes have an AD of 170. When redistributing between OSPF and EIGRP, setting the OSPF external distance can help ( ospf distance external 171).
8. Always pay attention to network type when using OSPF across Frame-relay networks.

Well that's it for now, back to work, snow-blowing, some studying, and hopefully installing my new Graphics card and monitor today.

Tuesday, January 27, 2009

A new day

Well, if you couldn't tell from my short, quick post last night, I've moved away from practice labs for now. Why? There are some things that I still don't understand fully. No matter how many times I read them, I still can put the whole picture together. I had a copy of CBT Nuggets for the CCIE Lab that my boss tossed to me several months ago. With no other avenues at this point, I decided to fire it up and take it for a spin.

In taking tips from another CCIE, I decided to stay away from the labs for now until I have a better understanding of the topics at hand. Now while Ethan suggests he should not have started with the practice labs, I disagree to some extent. When you are starting your CCIE Lab studies, fire up a few practice labs first thing. Then you can determine how far in over your head you may be. If you are anything like me, you will jump away from the practice labs until you understand better.

Overall, I'm pretty happy with the CBT Nuggets video, even though it is several years old. But when you get down to the details, the core of the CCIE R&S Lab exam has changed very little. It's the other details that have changed (ATM, ISDN, Multicast, IPv6, etc.)

Since I do not have my own rack of equipment, I've been using Dynamips. So I decided to cruise the Internets and search for a Dynagen topology file. I found one, but not one I was particularlry fond of. First, the author took the cheap route of creating a "hidden" ethernet switch by using the ethersw directive inside of Dynamips. Well, the lab does cover 3550/3560 catalyst switching, and while using a 3640 with Etherswitch module isn't the same thing, it at leasts gets me in the mindset and allows me to follow the video verbatim. Secondly, instead of mapping multiple DLCIs to the frame switch, they used another serial interface on one of the routers. Perhaps the author simply did not know how to map multiple DLCI's to one interface?

Anyway, I've made it through the first section of OSPF already. If you can tell by my tips, I've already learned quite a few interesting facts. Since I've been studying in my office, with little distractions, I am now able to take notes and draw diagrams. This is going to help me immensly in the long run.

Speaking of my office, I got a surprise yesterday in that my new office chair arrived early. While I was watching my son while my wife was at the dentist, I put the chair together and immediately noticed an improvement. The first half of the day, I sat in my old chair, only to get up for lunch with an aching back and a sore tailbone. The second half of the day, I sat comfortably in my new chair. When I arose at around 6pm, no back aching, no pain. It was great! Also this is not necessarily CCIE related, there is one tip you could take from this. Make yourself comfortable. I find that I am able to focus better now that I am comfortable and not getting up every couple of minutes to relieve my aches.

I also now have a copy of IPExpert's Class-on-demand from a friend of mine. I plan to watch these videos following the CBT nuggets. If I encounter areas within the videos that I am not comfortable with, I will read-up on the topic in my BSCI book, my CCIE Written book or the Cisco DocCD.

Well that is it for now, need to get studying. Oh and by the way, I've scheduled my lab exam - July 27, 2009. The pressure is on!!

Monday, January 26, 2009

Tips learned from CBT Nuggets...

1. Use Multipoint instead of point-to-point frame-relay type when only one side of the link requires a sub-interface.
2. Use 0.0.0.0 wildcard mask to be sure what interface is in the routing processes. I always put the actual network mask, thinking that network will be advertised into OSPF, not what interface will participate in OSPF.
3. To advertise loopbacks as /24, you can use point-to-point network type under interface configuration. (ip ospf network point-to-point).
3a. You can also redistribute connected use route-map.
4. Use large metrics when redistributing another routing process into another. In most instances, you would not want a redistributed route to be preferred over a native route, although I've seen weirder requests on the IEWB practice labs.
5. Type 1 OSPF external routes will calculate their own metric across the path. Type 2 external routes will remain the same across the routing domain.
6. Use neighbor statements at the hub router only in a hub-and-spoke frame-relay network.

Saturday, January 24, 2009

My study area...

Well, I finally broke down and bought the additional items I need for my office. First on the list, was the most important, my new office chair.

I found this little beauty at Staples, with free 1 day delivery. It's not the most expensive, and probably not the nicest, but it's a good price and generally received 4/5 stars. If it lasts me even the next year through my CCIE studies, I'll be happy.

Next on the list was a graphics card and monitor. I had a couple of requirements that I knew off the bat. I wanted to switch to DVI, and I wanted a graphics card with dual DVI for my dual-monitor setup. I also wanted a monitor that was closest in size to my current monitor, a Dell 20.1" widescreen. This is where the research began.

Not only did I research for price, I had to research for compatibility. I knew of DVI and PCI-e, but I did not know the specifics of each. I've been out of the hardware game for a few years now. Several years ago I worked for a small Computer repair shop/ISP. During those days, I could tell you exactly what you need for any setup. During those days, I custom built my own PCs. Today, I just buy what meets my needs.

Yesterday, I had to research the different DVI cables (DVI-D, DVI-I, Dual-Link, Single Link, etc. ) the different PCI-e cards (PCI-e 1.0, PCI-e 1.1, PCI-e 2.0, x1 slot, x2 slot, x4 slot, x8 slot, x16 slot) and what was compatible with my system ( a Dell XPS). I found these gems on NewEgg.

Acer 20" Widescreen Monitor - This monitor was not quite the size I was looking for, but it's highly rated and was priced just right.

EVGA 1GB PCI-e 2.0 x16 Dual DVI Graphics Cards - Nothing too fancy here, but the price was right at $50 with a rebate. It also increases my graphics memory 10-fold from my current graphics card. I could have gotten by with less, but why not improve my system while I am at it?

These items should be in next week, when I plan to begin studying in my office. This post is not so much CCIE, related, but perhaps someone will find it useful.

Friday, January 23, 2009

CCIM for me...

Well I finally finished lab 3 after only a few hours today. I've gotta say that I'm burned out after this week. Since I'm treating my studying like an actual job, I am looking forward to the weekend. I'm going to use the rest of my time today to do some reading and studying. I've got to say that after these first two weeks, I'm feeling more like a CCIM than a CCIE candidate. That's CCIM, Cisco Certified Internetwork Moron. Even though I've been working with Cisco for almost 10 years, these labs strip me of all my confidence, and sometimes even my manhood. ;-)

I've got to say that my study approach just is not working. Even though I said I was not going to, I'm trying to limit myself on time for each lab. I just absolutely, cannot do this. Why do you ask? Because I don't understand a lot of the topics fully to implement them without peeking at the answer key.

I've also realized that my "study area" is just not working out. I usually study on the couch with my laptop so that I can spend some time with my family during the day. Unfortunately this is not working out, and not because of distractions. To be able to really understand what I need to do, some topics need to be visually represented for me to understand them. I also need to take notes and build things on paper before I start hacking IOS. Drawing diagrams and notes while on the couch will not work.

So starting next week, I'm going to begin studying in my office, in the basement, with all of my equipment. For this to really work for me, I need a new office chair. My current chair is at least 9 years old, and after years of wear and tear, it just does not support me anymore. I also need to get some notepads so that I can draw diagrams and keep notes. I'm also looking to get at least another monitor. With another monitor, I can have my terminal, the lab docs, and the Cisco DocCD all up at the same time. I know I won't have another monitor for the actual lab, but this will help me prepare. I may also look into using TreePad. Comes recommended from other candidates...

Starting next week, I also need to quit trying to get through the labs. When I see something I don't understand, I need to research it (through the DocCD and OECG) and understand it before I attempt the task. Once I understand the task, then I will attempt it. My goal for the remaining labs is to learn as much as possible. I'm planning on re-reading a few sections from the OECG before I move on to the next lab. I plan to make a second round through the labs, and then and ONLY then will I work on my speed. I may also purchase the 3rd IEWB workbook, which will also help with my speed.

Well that's all for now. Stay tuned...

Thursday, January 22, 2009

Redistribution, BGP

While attempting to finish lab 3, I came across many problems that I couldn't solve. The first was the IGP redistribution. I can setup redistribution pretty easy, but the scenario called for external routes to flow through a specific router. This involved route tagging. Ok, so no big deal - I already know redistribution is a weak point. On to BGP I said...

Aghhh. More hang-ups. The BGP section for Lab 3 was more difficult than the previous two. Lots of path adjustments, attribute adjustments, etc. It took me several hours to make it through the BGP section. I at least attempted a solution before looking at the solutions document. The good news? I'm in the ballpark and can usually create appropriate prefix-lists and route-maps. The bad news? I'm no where close to completing the problem, let alone getting it right.

After I complete Lab 3, I think I'm going to return the OECG (Official Exam Cert Guide) to re-read the redistribution and BGP sections. Following this, I need another outside source to shore up my knowledge in these areas. Perhaps some Videos or Class on demand.

I am also begining to use Cisco documentation to help me in my solutions. IE is currently offering a free class-on-demand on how to use and navigate the Cisco documentation.

InternetworkExpert Blog

I highly suggest viewing the class-on-demand. Remember, you can use official Cisco documentation during your lab, but you have to know how to use the documentation and where to find what you are looking for.

I've decided to expand my studying beyond the practice labs. I receive a daily digest from Group Study covering a range of CCIE lab topics. Reading the group study list can only help me in the endevour. I am also reading the CCIEcandidate.com blog as well as IE's Blog. My plan is to tackle the labs during the weekdays, and catch up on the reading during the evening/weekends. We shall see....

Wednesday, January 21, 2009

And on to Lab 3...

I made good progress today. I finished up Lab 2 and I have made it almost completely through the core section of Lab 3. I did not take too many notes concerning the remaining parts of Lab 2, because I thought they were pretty simple. Overall, I feel I'm referring to the solutions document way too much. I'm checking the solutions less and less with each lab, so that is promising.

I'm pretty burned out and don't feel like blogging much. One tip - to advertise a loopback interface from within area 0 as a /24 into OSPF, make the network type point-to-point. Makes sense now, but not something I knew before-hand.

The labs are getting more difficult and my confidence is slowly growing. I expect to finish lab 3 tomorrow and complete lab 4 by the end of the week. Big difference from last week. Lab 1 took me an entire week and I'm looking to complete 3 labs during my second week. Before too long, I will be completing one lab per day!

More to come later...(if anyone is listening)

Tuesday, January 20, 2009

Finish Lab 2? Well, not so much...

Whew, what a day. In between a Dr. appointment, dropping my dogs off at the groomers, picking up my dogs from the groomers and watching the historical inauguration (in addition to around-the-house-stuff), I managed to make it up to section 9 in Lab2. No where near where I wanted to be today, but I guess that happens. The last three sections are pretty easy and I should zip through them either tonight or early tomorrow. Overall, I think I'm still making pretty good time.

Lab 2 BGP was pretty simple, but there are still things that throw me for a loop, like prefix filtering and using route-maps. This is definitely one area I need to read up more on. I know how to use prefix lists, route maps, and access lists, I just don't know when and exactly how to use them. I did much better in the peering session, identifying where I need to use route reflectors, albeit I did place them on the wrong end of the session. I truely feel like I now understand route reflectors, which is a good thing.

Multicasting was pretty easy, but ip pim nbma-mode really messed me up. I will certainly need to read up on this and it's purpose. IPv6 was also very simple, only tripping up on my own mistakes and assumptions, but overall, I understood the problem and how best to attack it. I just need avoid assumptions such as eui-64 where it's not needed!

I felt more confident during the QoS section, but I still have issues discerning how to form the access-lists, since you can only do "service-policy output [policy-name]". Again, an area I need to read up on and one I will become more familiar with as I progress through the labs. Policy routing was also slightly difficult, only because I forgot the command sytax and forgot to set next-hop in my route-map. Again, something I will tackle better with time and practice.

Overall, these first two labs have been fairly simple and straightforward. In reading another candidates blog whom used NMC DoIT series, I realized that these labs are simplier than those from the DoIT series. Perhaps the IEWB progressively get harder, we shall see.

I'm also debating taking a boot camp from Narbik. The cost seems right, especially if I can get my employer to pay, I just don't want it to be a waste of money. I want to be the most prepared that I can be. So in short, here is my "new" expected plan of attack:

1. Complete IEWB Workbook I
2. Complete IEWB Workbook II
3. Complete IEWB Workbook III
4. Supplement practice lab with DocCD and Exam Cert Guide reading
4a. Schedule Lab Exam
5. IE Mock Lab
6. Revist Labs
7. Narbik CCIE Lab Boot Camp
8. Revist Labs
9. Cisco Lab Assesor
10. Revist Labs
11. Attempt Lab Exam

Well, it's been a long day so far, and I'm kind of burned out. More later....

Monday, January 19, 2009

On to Lab 2

I started on Lab 2 today. Overall most of the topics were the same with obvious variations. They did throw a few things at me, like creating a backup interface. Again, I don't remember this from my CCIE/CCNP studies. In any event, it was pretty easy to configure. Under the main interface just issue the following:

backup 60 300 (where 60 is the timeout value and 300 is the stable value)
backup interface Serialx/x (this is the interface that will come up/up when primary fails).

Not sure if this is still present on the CCIE track, but it's useful information.

Lab 2 also covered Etherchannels, which I've configured before. An important rule of thumb is that the NM-16 Ethernet Module in the 3600 series only supports etherchannel (channel-group 1 mode on). So, be familiar with how to configure Lacp and Pagp. I was again frustrated by the order of the tasks. Lab 2 again present you with VLAN assignments using VTP, before the trunks were established. I suppose this may be how the actual lab is presented.

Lab 2 also added dot1x authentication, which is something I had no trouble with on the written exam, but presented a problem in a lab scenario. You must remember that once you enable dot1x, it is enabled across the board, so you must keep yourself from being locked-out. 'aaa authentication login default none' solves this issue. Remeber to enable dot1x before assigning any ports, ie; dot1x system-auth-control.

I again had issues with the frame relay traffic shaping. QoS in a whole is a weak area to me. I've learned that if you know the formula, this can be achieved pretty easy. BC = CIR * TC. Using this, you can pretty much figure out what to set bc and tc to. Still trying to figure out BE, so I'll be sure to post that later.

In the IGP section, I encountered RIP using an offset list. This was totally foreign to me. The lab requested that the RIP process not access routes with an even second octet. Figuring this out using an access-list was easy. 255.254.255.255 0.0.0.0 will give you all routes with an even second octet. After this you set the hop count to 16 which poisons the route.

I'm still really weak when it comes to IGP redistribution. Especially when it comes to metrics and distance. After going through the labs, I intend to re-read the IGP redistribution chapter from the CCIE Exam Cert guide, in addition to other chapters such as BGP.

I feel more confident about my time management. I'm now on track to complete one lab in two days time. Now I realize the actual lab is only 8 hours, but I'm reviewing my solutions after each task, so this is essentially doubling my time. The only question I have now is - when to schedule the lab? I know there is a waiting list, so I went online and checked. Looks like there are dates available in July, which would be the absolute earliest I would even think about taking the lab. I held off on scheduling the lab. I want to complete all 20 practice labs to gain some confidence, and then schedule the lab. That should give me 3-6 months to complete my studying, take some mock exams, etc.

I'm taking a break. Hoping to tackle BGP later for lab2.

Friday, January 16, 2009

Finishing up Lab 1

Well, I finally finished Lab1 this morning. The final sections covered QoS, Security, system management and IP services. The one thing that really threw me for a loop was the section on RMON. I've never had to configure RMON before and I don't recall seeing it in my CCNP or CCIE study materials. Perhaps this was left over from an old CCIE Lab Framework? I'll have to double-check the current framework to be sure. In any event, it was not that hard to configure, it's just not something that I have done before!

Looking back, I would have to say that I did not expect this to be that hard. After completing the first lab, I've learned a lot. The most important thing is learning what they expect from the way they phrase the questions. Hopefully I'll pick up on this over the next couple of labs. I am curious as to how much the remaining labs differ from Lab1.

Overall, I think my dynamips setup is working well for me. Again, I did have some weird switching issues, but I'm not sure if this is dynamips fault, or the patchwork "switching" by using 3600 ethernet modules. Hopefully once I get the lab setup at my workplace in Februrary, I can get some studying time on actual Catalyst 3560 switches. I'm looking to start Lab 2 a little later this evening. Going forward, my hope is get the core setup correctly. Hopefully, I can get some of my co-workers to study with.

Thursday, January 15, 2009

Lab Core Setup

Well after 3.5 days, I've finally setup the core for my first lab, which totals 50% of your available points. I know I need to focus more on BGP path selection and IGP redistribution. Outside of that, I'm pretty familiar with all of the core topics covered. Some may have taken a little longer than needed, mostly because I did not remember some of the commands.

The workbook goes on to tell you that you can pick and choose the remaining tasks, picking the easy ones for quick sure points, and returning to the remaining tasks to tackle them. This seems very smart. Time is the enemy during your CCIE lab.

The one thing I have discovered is why I am doing these practice labs. Right now, I'm not doing the practice labs to speed up my time, I'm not doing them to get them right, I'm simply doing them to learn. After a period of time, I will have to focus on getting the tasks done right and quickly, but right now I'm just learning. It's not that I don't understand the topics at hand. I've passed the written test and posses both a CCNA and CCNP certification, but the lab is a whole separate beast. During a written test, it's pretty easy to see iBGP and know about full-meshing the peers, but during the lab, this can easily be overlooked. Plus there is no multiple choice or memorization!!

After a few hours at a less-than break-neck pace, I've decided to call it a day. I've got a headache and still have to clear my drive-way of snow. I've made it through the multicast and IPV6 portion of the lab, pretty easy stuff. I just have to remember to enable ipv6 unicast routing. Maybe later tonight, and tomorrow I plan on completing the lab. One week and only one lab complete, sounds scary. At this rate it would take five months just to make it through all the practice labs once. I'm not worried as I know things will speed up after the first few labs.

Wednesday, January 14, 2009

Still on Lab 1

Whew, what a day. First, my day started off with someone crashing through my lawn, due to ice on the roads. So after digging someone out of my lawn, I was able to get into Lab 1 again, albeit late. Things seem to go smoother today, but I still ran into some weird switching issues. I don't know if this is due to Dynamips, or due to "patch-work" switching by using NM-16 Ethermodules on a 3600 router. I've always done switching on switches, so this is kinda a new to me.

I can't reiterate enough that if something isn't working (and your using Dynamips and not actual switches), save and reload your "switches". After learning the hard way, this has fixed almost every one of my weird switching issues. I've never ran into issues like this using real catalyst switches.

Today's topics covered mostly routing, which I'm very familiar with. That later end of chapter 3 covered redistribution which I am very weak in as I've never had to redistribute between different routing protocols. Hopefully I can reinforce my redistribution skills through the labs. It's interesting with the way the ask questions, and the solutions I come up with. One question asked "that other hosts on a segment between two OSPF routers not intercept the OSPF traffic". My solution was authentication, but the solutions document was to use ospf host network addresses. In the real lab, is only one solution correct? Also beware, sometimes the solutions document suggests legacy way to do something that is not much simpler. For instance you can use a interface statement such as "ip ospf 1 area 0" to advertise a network (without using a network statement) instead of clumsy redistribute commands.

Another tip, always statically set your router id's within each routing process and always set these to the same address as any available static loopback address. This will save you trouble later. Also, always read the ENTIRE TASK before doing ANYTHING. I learned the hard way when I completed the first step in a particular task across all routers, only to get down to step 3 and have to re-do all that work again! Sigh!

Going through the labs is definitely taking longer than I first imagined. This is partially due to my weaknesses in some areas, partially due weird switching issues with dynamips and partially by design. After I finish a task, I immediately check the solutions document. As some one else pointed out, what is the purpose of going forward, or waiting until the end? The purpose of the practice labs is to learn and hone your skills. I'm spending about 4- 6 hours a day and I've only made it through the first lab, which is a difficulty 5. I imagine as I make it through the remaining labs, I will pick up the pace as I become more familiar with the topics at hand, and with the way the questions are asked.

I plan to take the next three months to make it through both workbooks. I don't plan on studying on the weekends, mostly so I can spend the most amount of time with my family. So 4-6 hours a day, 5 days a week should take me about 2-3 months. I've also got to make time to setup our CCIE lab at work, so a few trips to D.C. every month will take time away from my studying. After I complete the first two workbooks, I plan to tear into the 3rd workbook using the lab at my workplace. Once I complete that, I plan to actually schedule the lab as I've heard you need to book your appointment several weeks/months in advance.

Once my appointment is scheduled, I want to take the Internetwork Expert mock labs. These mock labs are graded which should give me a good idea of how ready I am. I also plan to use the Cisco CCIE Lab Assessor to guage how prepared I am.

Well, that all for now. Now I've got to help my wife with dinner, play with my son, do some laundry, and clear the snow from my driveway!