Archive for January, 2010

CCNP status check

January 31, 2010 Leave a comment

It is exactly a month since I started my studies and I’m overwhelmed with the number of people who join my little world reading, commenting, subscribing and most important encouraging. As I noted before writing helps me digest the materials, getting the perspective of things while motivating me as I stand here and commit to you. This is also a good way for me to share the knowledge and experience, helping others the same way they help me. So thank you for the support, I’ll work even harder to keep you pleased, pass my exam and write as interesting and focused as possible.

Deep into my final preparations I’ve been going over everything again, reading my study notes, watching few videos (mostly PPPoE and AAA configuration) and working my lab.
I hope I spend my time on the right topics…

Points that popped and I feel worth repeating:
I get the feeling that SDM take a big role on the exam. Watching the videos and reading the Cisco press books I see SDM all over the place (is it the gray pictures in my book?) and expect many questions that are SDM based. Personally it is a good thing as SDM is both familiar and intuitive.

Configuring PPPoE and PPPoA there are few key points to remember (beyond the lab practice):

  • PPPoE uses pppoe-client dial-pool-number 1 command
    PPPoA uses dialer pool-member 1 command
    Right, if you’ll get a configuration task the router will not accept the wrong command but if you get few preconfigured answers you might get it wrong.
  • The study materials did not emphasis setting default gateway as much as they should but do not forget – if the traffic from the internal router is expected to get through the dialer interface you should let the router know about it.
    use the ip route dialer 1 command and never assume that it is preconfigured on the router as Cisco expects you to configure the default gateway and point it to the correct interface.

AAA configuration is also important both for real life and the exam. This is one of those topics that do not get enough attention. It is also a topic that in my opinion will be missing with the new track taking over (TSHOOT exam has a minor troubleshooting radius connection topic).

  • Order matters. aaa new-model command should be configured before any of the other AAA options become available (none of the other aaa options will be available on a real router prior to enabling it). When working on a real router make sure there are no previously configured commands as running aaa new-model will overwrite, delete the existing configuration.
  • I never used TACACS and I assume most of you used Microsoft RADIUS as it is the most common and already in place solution. ISCW does not require any of the advanced parameters that distinguish the two servers and you should not have a problem not having TACACS around
  • When configuring the aaa authentication command make sure you are using the group attribute for the authentication servers:
    aaa authentication login default group tacacs+
    aaa authentication login default group radius
    aaa authentication login default local
    à group is not being used here
    This is intuitive but can be confusing when you see configuration output so do not miss it.

Another parameter that might cause some confusion is MTU.
While the PPPoE dialer interface should be configured with ip mtu 1492, dealing with MPLS we use the mpls mtu 1512 command.

Exam day is around the weekend, I’ll use my time to go over some questions, basic scenarios and definitions using my study notes. I’ll look again at the cable modem topic as I didn’t pay too much attention to it and do not want to be totally lost there.

Only 182 more days left to complete my CCNP


January 29, 2010 1 comment

With everyone talking and blogging about one thing I have to join in with this hilarious revolutionary MADtv piece aired few years ago:

State of the Union – IPSec VPN edition

January 27, 2010 1 comment

After few exciting but informative posts and before I totally lose my mind I’ve decided that if President Obama can take the evening off and tell the nation how he is doing, so can I. If you want to have some fun with Obama’s speech, read the instructions for the State of the Union Drinking Game and call in sick tomorrow.

My company has a DR site in Stamford, CT and I’m the lucky one who maintain it. I’m not complaining here and though I always have tons of work there it is a nice field trip and for those of us who stay at the office at all times, it is a refreshing change once in a while.

Today was my monthly day trip and while riding a cab from the train station to the office I saw a long line, starting a full block before a local theater. It would have surprised me on any day to see such a big crowd because it always feel deserted (maybe because I’m used to Manhattan?) but when you see it at 9am you think something is going on, something is wrong.
A normal person would assume they give something for free or with the economy being so bad maybe it’s the unemployment sign-up day but I’m not normal. After 4 weeks (or maybe I should say only 4 weeks) my brain can only think of security and my thought where:
Who is filtering all this crowd, is it a DoS attack or a valid stream?

You wonder what was the event? wait just few more seconds and I’ll get there but first I have to clear my conscience and do as if I go over my study materials.
I want to look at this crowd which as you’ll discover does need tight security and translate the commotion to the five steps of IPSec VPN configuration:

  • Interesting Traffic
    In our case, People that hold a valid invitation to the event are interesting traffic, they cause the guards (aka router firewall) to check if the doors can be opened. If no one show up to the theater the doors will stay locked.
  • IKE Phase I – Negotiate Hash, Authenticate peers and setup ISAKMP SA
    In our case, The crowd is informed of the basic rules for buying tickets. The act of purchase (or in this case, getting the free ticket) is equal to the binding contract between the router firewall and the peer device.
  • IKE Phase II – setup SA for ESP\AH, negotiate SA parameters. IPSec SA
    In our case, Once the ticket holders (remember, they are the interesting traffic) took their sits the manager of the show informed them on the required behavior. During breaks he reminded them of the expected behavior and if any of them will break the rules the guards would kick them out (aka terminate the session)
  • Data Transfer
    Now this is the fun part, at least for the crowd who gathered in Stamford. The Jerry Springer Show started on stage and the interviews (if that how they call it) are being held. The crowd is now getting the data he was waiting for.
  • Tunnel termination
    This is the easy part – at the end of the show the crowd leave the theater and go home. The guards make sure no one stay in the building (aka terminate all sessions) and lock the doors to prevent newcomers.

If I’ll say that Metro North is like GRE over IPSec (because it is different train types (aka routing protocols) using one rail (aka IPSec tunnel), would you say I study too hard? can I get the rest of the evening off (no email, no blog, no internet) and not feel that I’m not responsible?

Yes I can!

TSHOOT beta – free exam offer

January 27, 2010 2 comments

Following the new CCNP track announcement and to encourage more people to take the TSHOOT exam Cisco offer a great deal on the TSHOOT beta exam

The TSHOOT beta is an early release of the TSHOOT certification exam, which is used to determine the predictive ability of the exam questions.  It is the same length and covers the same topics as the final exam.  Candidates who pass a beta exam receive full credit, however scores on beta exams are not immediately available. Candidates must wait six to eight weeks, until the beta analysis is complete, to receive their scores. The TSHOOT beta exam will be released sometime around February 16 and be available through March 26, 2010 at a discounted price of $50 USD.  As an incentive to schedule, the first 150 beta exams completed will be provided free of charge.  Candidates may attempt a beta exam only one time.  Scores are expected to be released at the end of April.

Use the promo code TSBETA when registering

As of Today (Jan 27th 8pm ET) the exam is not available on VUE’s registration page.
Update: VUE sent me an update about the beta registration

Candidates will be able register and take the TSHOOT exam starting
February 16, 2010 and ending March 26, 2010.

Pay attention to one little catch – you’ll have to wait 6-8 weeks for the result. If you’re already in the process of the current version you will not have time to take ISCW and ONT if you fail the beta exam.

You should also check the Webinar Cisco plan on Feb 23rd 2010

Save the Date- CCNP Customer Webinar, February 23, 2010
Cisco will conduct two webinar events on Tuesday, February 23, 2010 covering the revisions made to the CCNP certification exams and courses. The webinars will take place at 8:00 am and 7:00 pm PST (attendees will only need to attend one of the calls as the content will be identical). Check the Cisco Learning Network in the coming weeks for registration information.

I’ll post the registration link once it’s available on CLN.

New CCNP – the Books

January 25, 2010 Leave a comment

Quick note to followup on Cisco’s announcement from Jan 25th:
Cisco Press released a list of their new books for the new exams.
Training is also available with the major Cisco partners. Prices for ROUTE and SWITCH exams stay at the same level as before.
I did not see TSHOOT training available yet but per Cisco’s announcement video it this class would be 92% lab time.

Update:  Cisco Press has materials for the new CCNP exam already

New CCNP – Official Announcement

January 25, 2010 6 comments

Following all the rumors and speculations Cisco finally released the official announcement.

Cisco has updated its Cisco CCNP® certification for network engineers through a comprehensive process involving customers and partners from around the globe. The revision focuses on the competencies that are needed to plan, implement, and troubleshoot the routed and switched networks of today and is designed to be more predictive of job readiness. CCNP offers a career development path for Cisco CCNA® certified network engineers and a solid foundation for those who are interested in Cisco CCIE®.

The revised CCNP curriculum and exams include the following:

ROUTE v1.0 Implementing Cisco IP Routing – is a five-day instructor-led course in which network professionals learn to plan, configure, and verify the implementation of complex enterprise LAN and WAN routing solutions, using a range of routing protocols. ROUTE v1.0 also covers configuration of secure routing solutions to support branch offices and mobile workers. The course includes more than seven hours of e-learning lessons and demos that students can absorb at their own pace.

This is a replacement for BSCI exam and it does look easier as it only include OSPF, EIGRP & BGP.

SWITCH v1.0 Implementing Cisco IP Switched Networks – is a five-day instructor-led course in which network professionals will learn to plan, configure, and verify the implementation of complex enterprise switching solutions, using Cisco Enterprise Campus Architecture. SWITCH v1.0 also covers secure integration of VLANs, WLANs, voice, and video into campus networks.

This is a replacement for BCMSN exam and generally there are no major changes

TSHOOT v1.0 Troubleshooting and Maintaining Cisco IP Networks – is a five-day instructor-led course in which network professionals learn to (1) plan and perform regular maintenance on complex enterprise routed and switched networks, and (2) use technology-based practices and a systematic ITIL-compliant approach to perform network troubleshooting. Extensive labs provide hands-on learning and reinforce troubleshooting skills. The course includes more than nine hours of e-learning lessons and demos that students can absorb at their own pace.

This is a replacement for both ISCW & ONT exams and looking at it I feel it is an easier exam though we should wait to hear feedbacks.

The new exams will be available March 10th 2010 and the old exam will retire July 31st 2010. You can go over all the exam details at the official CCNP page.
Each of the new exam will be 120 minute long and cost $200 (which allow Cisco to keep the same $600 cost per CCNP candidate)

There are 4 optional paths:

Path 1
642-901 BSCI (Last day to test: July 31, 2010) or 642-902 ROUTE
642-812 BCMSN (Last day to test: July 31, 2010) or 642-813 SWITCH
642-825 ISCW (Last day to test: July 31, 2010)
642-845 ONT (Last day to test: July 31, 2010)

Path 2
642-892 Composite (Last day to test: July 31, 2010)
642-825 ISCW (Last day to test: July 31, 2010)
642-845 ONT (Last day to test: July 31, 2010)

Path 3
642-901 BCSI (Last day to test: July 31, 2010) or 642-902 ROUTE (Available March 10, 2010)
642-812 BCMSN (Last day to test: July 31, 2010) or 642-813 SWITCH (Available March 10, 2010)
643-832 TSHOOT beta (available Feb 16 through Mar 26, 2010)
642-832 TSHOOT (available April 30, 2010)

And the most surprising 2 exam only, Path 4
642-892 Composite (Last day to test: July 31, 2010)
643-832 TSHOOT beta (available Feb 16 through Mar 26, 2010)
642-832 TSHOOT (available April 30, 2010)

Overall and after only a short review of the new details it looks as if Cisco is making it easier to become a CCNP but also focus on real Route & Switch topics which an average CCNP R&S have a real world access to.

CCDP note – as expected, the CCDP track requirements will not change other than the replacement of BSCI & BCMSN exams with the new ROUTE & SWITCH exams. ARCH exam stay untouched.

Cisco provide a video with an overall review on the new track

Study materials are available, Check here for details.

You can use this CCNP Combination Tool to see which exams are required for you to complete your CCNP.

OFF TOPIC – Rack solution for home lab

January 24, 2010 4 comments

Look at this cool rack solution for your home lab

cool rack solution for your home lab

Buy the table at IKEA for $7.99, there are 8 different optional colors.

Attach up to 8 devices – routers, switches and anything else you can think of (instructions).

Put the table in the middle of your leaving room, turn on the power and start running your lab.
Let’s see your wife complaining about your ugly lab!
And when she does, act as if you couldn’t hear her, after all 8 routers make a lot of noise 🙂