It is exactly a month since I started my studies and I’m overwhelmed with the number of people who join my little world reading, commenting, subscribing and most important encouraging. As I noted before writing helps me digest the materials, getting the perspective of things while motivating me as I stand here and commit to you. This is also a good way for me to share the knowledge and experience, helping others the same way they help me. So thank you for the support, I’ll work even harder to keep you pleased, pass my exam and write as interesting and focused as possible.
Deep into my final preparations I’ve been going over everything again, reading my study notes, watching few videos (mostly PPPoE and AAA configuration) and working my lab.
I hope I spend my time on the right topics…
Points that popped and I feel worth repeating:
I get the feeling that SDM take a big role on the exam. Watching the videos and reading the Cisco press books I see SDM all over the place (is it the gray pictures in my book?) and expect many questions that are SDM based. Personally it is a good thing as SDM is both familiar and intuitive.
Configuring PPPoE and PPPoA there are few key points to remember (beyond the lab practice):
PPPoE uses pppoe-client dial-pool-number 1 command
PPPoA uses dialer pool-member 1 command
Right, if you’ll get a configuration task the router will not accept the wrong command but if you get few preconfigured answers you might get it wrong.
The study materials did not emphasis setting default gateway as much as they should but do not forget – if the traffic from the internal router is expected to get through the dialer interface you should let the router know about it.
use the ip route 0.0.0.0 0.0.0.0 dialer 1 command and never assume that it is preconfigured on the router as Cisco expects you to configure the default gateway and point it to the correct interface.
AAA configuration is also important both for real life and the exam. This is one of those topics that do not get enough attention. It is also a topic that in my opinion will be missing with the new track taking over (TSHOOT exam has a minor troubleshooting radius connection topic).
Order matters. aaa new-model command should be configured before any of the other AAA options become available (none of the other aaa options will be available on a real router prior to enabling it). When working on a real router make sure there are no previously configured commands as running aaa new-model will overwrite, delete the existing configuration.
I never used TACACS and I assume most of you used Microsoft RADIUS as it is the most common and already in place solution. ISCW does not require any of the advanced parameters that distinguish the two servers and you should not have a problem not having TACACS around
When configuring the aaa authentication command make sure you are using the group attribute for the authentication servers: aaa authentication login default group tacacs+
aaa authentication login default group radius
aaa authentication login default local à group is not being used here
This is intuitive but can be confusing when you see configuration output so do not miss it.
Another parameter that might cause some confusion is MTU.
While the PPPoE dialer interface should be configured with ip mtu 1492, dealing with MPLS we use the mpls mtu 1512 command.
Exam day is around the weekend, I’ll use my time to go over some questions, basic scenarios and definitions using my study notes. I’ll look again at the cable modem topic as I didn’t pay too much attention to it and do not want to be totally lost there.
After few exciting but informative posts and before I totally lose my mind I’ve decided that if President Obama can take the evening off and tell the nation how he is doing, so can I. If you want to have some fun with Obama’s speech, read the instructions for the State of the Union Drinking Game and call in sick tomorrow.
My company has a DR site in Stamford, CT and I’m the lucky one who maintain it. I’m not complaining here and though I always have tons of work there it is a nice field trip and for those of us who stay at the office at all times, it is a refreshing change once in a while.
Today was my monthly day trip and while riding a cab from the train station to the office I saw a long line, starting a full block before a local theater. It would have surprised me on any day to see such a big crowd because it always feel deserted (maybe because I’m used to Manhattan?) but when you see it at 9am you think something is going on, something is wrong.
A normal person would assume they give something for free or with the economy being so bad maybe it’s the unemployment sign-up day but I’m not normal. After 4 weeks (or maybe I should say only 4 weeks) my brain can only think of security and my thought where:
Who is filtering all this crowd, is it a DoS attack or a valid stream?
You wonder what was the event? wait just few more seconds and I’ll get there but first I have to clear my conscience and do as if I go over my study materials.
I want to look at this crowd which as you’ll discover does need tight security and translate the commotion to the five steps of IPSec VPN configuration:
Interesting Traffic
In our case, People that hold a valid invitation to the event are interesting traffic, they cause the guards (aka router firewall) to check if the doors can be opened. If no one show up to the theater the doors will stay locked.
IKE Phase I – Negotiate Hash, Authenticate peers and setup ISAKMP SA
In our case, The crowd is informed of the basic rules for buying tickets. The act of purchase (or in this case, getting the free ticket) is equal to the binding contract between the router firewall and the peer device.
IKE Phase II – setup SA for ESP\AH, negotiate SA parameters. IPSec SA
In our case, Once the ticket holders (remember, they are the interesting traffic) took their sits the manager of the show informed them on the required behavior. During breaks he reminded them of the expected behavior and if any of them will break the rules the guards would kick them out (aka terminate the session)
Data Transfer
Now this is the fun part, at least for the crowd who gathered in Stamford. The Jerry Springer Show started on stage and the interviews (if that how they call it) are being held. The crowd is now getting the data he was waiting for.
Tunnel termination
This is the easy part – at the end of the show the crowd leave the theater and go home. The guards make sure no one stay in the building (aka terminate all sessions) and lock the doors to prevent newcomers.
If I’ll say that Metro North is like GRE over IPSec (because it is different train types (aka routing protocols) using one rail (aka IPSec tunnel), would you say I study too hard? can I get the rest of the evening off (no email, no blog, no internet) and not feel that I’m not responsible?
The TSHOOT beta is an early release of the TSHOOT certification exam, which is used to determine the predictive ability of the exam questions. It is the same length and covers the same topics as the final exam. Candidates who pass a beta exam receive full credit, however scores on beta exams are not immediately available. Candidates must wait six to eight weeks, until the beta analysis is complete, to receive their scores. The TSHOOT beta exam will be released sometime around February 16 and be available through March 26, 2010 at a discounted price of $50 USD. As an incentive to schedule, the first 150 beta exams completed will be provided free of charge. Candidates may attempt a beta exam only one time. Scores are expected to be released at the end of April.
Use the promo code TSBETA when registering
As of Today (Jan 27th 8pm ET) the exam is not available on VUE’s registration page.
Update: VUE sent me an update about the beta registration
Candidates will be able register and take the TSHOOT exam starting
February 16, 2010 and ending March 26, 2010.
Pay attention to one little catch – you’ll have to wait 6-8 weeks for the result. If you’re already in the process of the current version you will not have time to take ISCW and ONT if you fail the beta exam.
You should also check the Webinar Cisco plan on Feb 23rd 2010
Save the Date- CCNP Customer Webinar, February 23, 2010
Cisco will conduct two webinar events on Tuesday, February 23, 2010 covering the revisions made to the CCNP certification exams and courses. The webinars will take place at 8:00 am and 7:00 pm PST (attendees will only need to attend one of the calls as the content will be identical). Check the Cisco Learning Network in the coming weeks for registration information.
I’ll post the registration link once it’s available on CLN.
Quick note to followup on Cisco’s announcement from Jan 25th:
Cisco Press released a list of their new books for the new exams.
Training is also available with the major Cisco partners. Prices for ROUTE and SWITCH exams stay at the same level as before.
I did not see TSHOOT training available yet but per Cisco’s announcement video it this class would be 92% lab time.
