Monday, March 23, 2009

Nothing much to report..

Well, didn't post anything last week. Decided to take the week off. I wanted to spend some time with my family after a week long bootcamp, plus I would be traveling later in the week so I wouldn't have had a whole week of study time anyway.

I got right back into it today. I am going to spend 1-2 weeks focusing on one technology until I feel I have a better understanding of it. This week, it's RIP and EIGRP. As I go through the workbooks, I am referring to the DocCD for anything that does not immediately click in my head and taking notes. I figured this way, I can really learn and understand the routing protocols. I finished all of the RIP labs today but I am going to go back tomorrow and read the entire DocCD section on RIP as well as re-try some of the labs I attempted today.

I figured I wouldn't bore you with my boring, albeit brief, RIP notes. More to come later.

Friday, March 13, 2009

Narbik Bootcamp Day 4/Day 5

Some more notes for your enjoyment! Day four covered RIP and QoS. Again, both were covered very in-depth. And don't believe that RIP is an old, easy, simplistic routing protocol. Narbik is quick to point many of the nuances of RIP and it's versatility. Remember - the LAB isn't asking you how you do something, but they usually ask if you know the most CREATIVE way of doing something, just to make sure you are well versed in the topics.

The QoS lecture ran most of the day, but again, it was a great lecture. I can't say enough about it. Day five covers multicast and generally wrapping everything up. Narbik is going to let us know how to best attack the lab exam. He is going to give us his suggestion, and if we follow his suggestion, he suggests 70% of us will pass the CCIE on the first attempt. This is great news and I plan to follow his suggestion - whatever it may be, to a T. I am certainly focused on attaining the CCIE and I am not going to let anything stand in my way.

Narbik again suggests that EVERYONE attend his bootcamp a week or two before our lab. I am going to double-up on this suggestion. There is a bootcamp in Columbia, MD the first week of May. There is another bootcamp in Herndon, VA the month of July - right before my exam. Hopefully with three bootcamp sessions, and all my studies - I'll be one of those 7 out of 10 to past on the first try.

Wednesday, March 11, 2009

Narbik Bootcamp Day 2/Day 3

Well after a long day, I didn't get around to posting yesterday. Not a big deal because it's not like I am going to post all my notes anyway. Day two covered OSPF cover-to-cover. Narbik runs you through almost every possible command in OSPF and he explains what the command does and where to apply it. My understand of OSPF, while already pretty good, is much better following Narbik's lecture.

Narbik also covers EIGRP in the same manner during day two. Again, showing you all the commands, how they work and what they do. Again, I understand EIGRP better now than before. Narbik does a great job of making you want to learn about everything, and teaches in a very exciting way.

Day three Narbik covers BGP, again the same manner as OSPF and EIGRP. This bootcamp is worth every penny. I know this post isn't very long, but hey - 13 hours hacking IOS and listening to lectures kinda tires you out. More later...

Monday, March 9, 2009

Narbik Bootcamp Day 1

I promised everyone to post notes on my experience with the boot camp. First, I've got nothing but good things to say. The day started with the typical introductions, with Narbik asking us what our weak points are and how we heard about his class. From there, we started straight into the Advanced Technologies workbook, starting with with basic switching. Nothing really new or exciting but fundamental and essential. Narbik makes his rounds to make sure that everyone is progressing along. After lab time, we take a break for lunch.

After lunch we start into the lecture of switch security. The lecture was great and covered items such as DAI, DHCP snooping, mac access list and vlan access maps. After the lecture, we tore into the advanced switching labs. Again, the labs are top-notch. Narbik is available the whole time for any questions. He will also cover a topic more in-depth if someone has a question about a specific topic. It's during this time that he gives us some more labs covering private VLANs, multicast and others. These are labs he just completed so we are some of the first few people to see these labs. This shows Narbik's dedication to all of his students - past, present and future.

After the switching lab, Narbik starts into the Frame Relay lecture. Narbik doesn't just show you how to do something, he explains EVERYTHING in detail, including all the options for a particular subject. He doesn't just show you how something works, he explains to you how something works.

Well, as I've already said, the materials are top notch, but they would just be another set of workbooks if you did not take Narbik's class. When Narbik teaches, you can tell he cares about his students and shows an enthusiasm in teaching you everything he knows. He encourages everyone to take his bootcamp as many times as needed to pass the lab. He even encourages current CCIEs to take the bootcamp once a year to keep all the knowledge fresh. This shouldn't be a problem since Narbik offers free retakes of his bootcamps.

Well, that is all I got for tonight. I need some rest so that I'm fresh for tomorrow session.

Tuesday, March 3, 2009

Wrapping up for the day..

Well, now that you all (all two of you I guess...) are caught up on my notes, I would like to reflect where I am at now in my studies. I have one section left in the Soup-to-Nuts workbook and that section is IPv6 which I feel fairly comfortable in. I should complete the IPv6 section tomorrow, which will leave me Thursday and Friday to kinda take a break. I'll be leaving for Narbik's bootcamp in Chicago on Sunday. With 50+ hours of dedicated study time next week during the bootcamp, I think a little break is in order.

With a little over two months into my CCIE studies, I would have to say that I feel better now than I did two months ago. I should say MUCH better. Things like redistribution, BGP, multicast and security are now better understood than they were two months ago. That being said, I know I still have a ways to go. I peeked at Narbiks "superlab" that is included with the Soup-to-nuts workbook and I immediately identified areas where I am still weak.

Hopefully the bootcamp will really drill some of these topics into my head. After I complete the bootcamp, I'll be hitting the Advanced Technologies workbooks from Narbik pretty hard. Hopefully after completing those, I can start taking a crack at full practice labs again. I still feel like I am on track for the July 27th test date. Narbik's got another bootcamp the week of July 20th in Herndon, VA (where my company is headquartered). My plan is to attend the bootcamp a second time right before the test on the 27th. The good thing about this is the 2nd boot camp attempt is free, and I can stay with my best friends in Alexandria, VA. My only cost will be gas.

Anyway, enough rambling for now. I'll be sure to post pertinent information from the bootcamp next week in Chicago.

Multicast and ACL...

Multicast

  • "ip msdp peer [address] connect-source [interface]" sets up the msdp peer relationship.
  • bgp and msdp peer ip must match.
  • "ip pim neighbor-filter [acl]" can filter PIM neighbor relationships.
  • "ip igmp helper-address [address]" is an interface level command to forward igmp requests to multicast capable router, much like DHCP.
ACL
  • "ip telnet source-interface [x]" can tell a router which interface to use for telnet access.
  • "autocommand access-enable host" links dynamic ACL to telnet authorization.
  • "clear ip access-template [line] [dynamic ACL name] host [x] port [y].." clears a dynamic ACL line.
  • "autocommand access-enable host timeout [x]" creates dynamic acl timeout for dynamic ACL entries.
  • "access-list 100 dynamic [name] timeout [y] permit ip any any" creates static timeout for dynamic ACL entries.
  • "rotary [x]" is a line command to create a telnet session on 300[x]. ie; rotary 3 creates telnet access on port 3003.
  • "ip reflexive-list timeout 120" is a global command to limit reflexive ACL entries.
  • "ip tacacs source-interface [y]" assigns an interface to use for TACACS source requests.
  • When using authentication default, it does not need assigned to any line/port.
IP Services

  • "ip dhcp ping [packets] timeout [y]" changes DHCP behavior. DHCP will ping [packet] number of times with a timeout of [y] before re-assigning a previously used address.
  • manual DHCP bindings require their own pool.
  • interface level command "standby use-bia" will use MAC burned-in address for HSRP mac.
  • preemption is enabled by default in VRRP.
NAT
  • inside local is local IP of private host on your network.
  • inside global is public IP address that the outside network sees as the IP of your local host.
  • outside local is the local IP from the private network which your local hosts sees as IP of remote host.
  • outside global is public ip of remote host.
  • "extendable" allows you to have to NAT entries for the same source IP address.
  • You can use a route-map to "permit" local to global mappings.
  • You can create stateful NAT translations to assign to HSRP groups by using a mapping-ID.
  • You can create stateful NAT translations and assign a primary and backup NAT router (ip nat stateful..)
  • I hate NAT....
  • I really hate NAT....
  • Why can I not understand the NAT syntax?

Switch QoS

Continuing my notes..

3550 QoS
  • "mls qos min-reserve [queue] [# of packets]" sets max number of packets per queue
  • "wrr-queue cos-map [queue] [CoS]" is assigned per interface
  • "wrr-queue bandwidth [weight Q1] [weight Q2] [weight Q3] [weight Q4]" assigns a weight per queue.
  • "show mls qos interface [x] queuing" is one of the single most important QoS commands on a switch. Shows default/configured QoS settings per interface.
  • "priority-queue out" enables PQ (which is Q4 on 3550) per interface.
3560 QoS
  • "show mls qos maps dscp-input-queue" or "show mls qos map" shows default mappings
  • You assign a queue and a threshold to traffic.
  • "mls qos srr-queue input dscp-map queue [x] threshold [y] [dscp-values]" maps dscp values to a queue and threshold.
  • "show mls qos input-queue" shows weights per queue and threshold.
  • "mls qos srr-queue input threshold [queue [threshold1] [threshold2]"
  • "mls qos srr-queue input-buffers" alters the # of packets per queue.
  • "mls qos srr-queue input bandwidth [queue1] [queue2].." assigns bandwidth per queue.
  • "mls qos srr-queue input priority-queue 1 bandwidth 20" would assign a weight of 20 to priority queue.
  • 3560 has 2 input queues and 1 priority queue
  • "show mls qos maps dscp-output" shows default dscp map for output.
  • "mls qos srr-queue output dscp-map queue [x] threshold [y] [dscp values]" assigns dscp values to output queues/thresholds
  • "show mls qos interface [x] buffers" shows QoS output queue buffers.
  • "mls qos queue-set output [queue-set #] buffers [Q1] [Q2] [Q3].." assigns buffers to a queue-set.
  • "queue-set [y]" assigns an interface to a queue set.
  • "show mls qos queue-set" shows buffers, threshold, etc for each queue set.
  • "srr queue bandwidth [share|shape] [weight Q1] [weight Q2].." - interface level command to assign bandwidth to interface.
  • "srr-queue bandwidth limit [percent] limits bandwidth per interface.
Up next...multicast

Notes Catch-up

I've been sick the last couple of days and although I've made time to study, I have not devoted time to posting my notes. So here are my latest notes from Narbik's StN workbook, starting with QoS.
  • Priority queueing is processed like ACLs - top-down.
  • "priority-list x [interface|protocol|default] queue [tcp|udp|acl]" assigns traffic to a queue
  • "show queuing priority" shows priority queues
  • "priority-list x queue-limit " alters queue sizes
  • "custom queuing queue-list x" creates a custom queue much like a priority queue
  • With custom queuing, bandwidth is allocated by assigning byte-counts in increments of 1500
  • "hold-queue x out"WFQ packet limit for all queues
  • To create a rate-limit ACL using IPP, add binary of IPP levels. binary 01 is IPP 0, bianry 10 is IPP 1, so mask if binary 11 or 3.
  • "show interface | i Internet" shows all IP addresses (except secondary) with netmasks.
  • "sh run | in no\ "shows disabled servers. (note: there is a space after \)
  • rsvp must be done per interface along the path.
  • test rsvp using "ip rsvp sender-host|reservation-host" from config mode.
  • "ip rsvp sender" is used to proxy for another host.
  • "ip rsvp reservation" is used to proxy for another reservation host.
  • "frame-relay de-list x protocol ip tcp 80" can be used to assign protocols (such as HTTP) the de bit. Can be applied by using "frame-relay de-group x dlci y"
  • You can enable "random-detect dscp-based" directly on the interface.
  • ECN marks packets instead of dropping them.
Up next...3550/3560 QoS