CCNP Madness

Well, it's official. I am off to the CCNP journey! I have actually already briefly skimmed some of the material in the previous months when getting bored of the CCNA Security material. I am starting first with ROUTE to knock out the test I have the least knowledge on. My materials are:

-The Simplified books
-The Chris Bryant vids (For depth)
-Cbt Nuggets (For Jeremy's energy)
-Lab manuals

I also purchased a a lab, switch exclusive, for around 450 total. It contains a 12U rack, mountable power strip, 3 2950s, a 3550 and a 3750, along with plenty of 3 ft prefab cables.

As of now, I have gotten through the CBT Nuggets vids on EIGRP AND OSPF. Did the labs, and am done with the EIGRP chapter and a third of OSPF in the Simplified book. I'll go for more labs this weekend. Starting WGU in the beginning of August, so I'm willing to bust out many hours to finish ROUTE before that time.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

tomtom1

OfWolfAndMan wrote: »

I gotta say: Route tags will make life A LOT easier in a commercial network.

It's nice when things you study have a direct use in production networks eh

As for the PBR part, and the exam, small tip, just remember that the ip policy command is always placed on the interface that is receiving the source traffic. Also make sure the debug command (debug ip policy access-list) is in your memory. Might come in handy when labbing (or in production) with PBR and things aren't going your way.

OfWolfAndMan

It's nice when things you study have a direct use in production networks eh

Agreed!

So, just checking in. Finished the Chris Bryant vids and the Simplified book. Configured a IPSec VPN and did some basic PPPoE configurations. Thankfully, I learned a lot of the VPN theory from the CCNA Security (Except for the manual configuration), so I understood the theory side of it. As for the DSL theory and cable technologies, that's old theory to me (Again, except the configs). For this coming week, I will be doing a lot of labs as I go over my notes and the material once again (OSPF and EIGRP should be easy. Gonna be mainly hitting IPv6, PBR, BGP w/ path control and IP SLA. Then I'll also go over the VPN and Tunnel configs a couple more times as they're new to me). If I feel I am where I should be, the test will be scheduled at the end of this month (Or possibly a week prior).

OfWolfAndMan

Been doing some labs from the Simplified book. 6to4 tunnels, OSPF over NBMA and advanced EIGRP. Anyone have a good page for VRF such as case studies and some additional labs? I'd like to look a little more into it

OfWolfAndMan

The last couple of days has been lots of labbing with OSPF and BGP and overview in the Simplified book of the two routing protocols. LOTS of path control in BGP i.e. AS path prepending, MED attribute usage, weight modification, route origin, etc. Lots of attribute mods. One thing I am on now though is the as-path command. I understand the concept of it, but the characters at the end of the command i.e. ^-+()* I'm having a hard time grasping where they go in the command. Is there a page that might have a good explanation on this?

OfWolfAndMan

Found this. Starting to make some more sense now. At least most of the characters:

as-path - CCIE Blog

OfWolfAndMan

Back again. Been reviewing over OSPFv3 and BGP attribute selection. I've been doing quite a few labs including lots of BGP (Even got to learn about backdoors!), played with some more EIGRP, OSPF with LOTS of path manipulation. However, I am getting stumped on this EIGRP PBR lab, mainly because I see no packets incrementing in the route-map configuration when I do a special ping. Everyone has EIGRP neighbors, EXCEPT between R2 and R3 (Not really relevant at this point). F0/0 on R2 and R3 are advertised, but are a passive-interface in the EIGRP config. The lab wants it so any packets with a size of 0 to 500 and 1000 to 1500 bytes going to the 150.3.3.0 sourced from the 150.1.1.0 subnet are sent to the next hop of R2. All other packets take the normal path. Here is the config on R1 for the path selection:

#ip access-list extended 101
#permit ip 150.1.1.0 0.0.0.255 150.3.3.0 0.0.0.255
#route-map MATCHMTU permit 10
#match ip address 101
#match length 0 500
#set ip next-hop 10.0.0.2
#route-map MATCHMTU permit 20
#match ip address 101
#match length 1000 1500
#set ip next-hop 10.0.0.2
#route-map MATCHMTU deny 30
#interface F0/0
#ip policy route-map MATCHMTU

The problem is, whenever I ping from source F0/0 on R1 with a size of 0-500 or 1000-1500, I don't see any packets output in the route-map.
#ping 150.3.3.3 source F0/0 size 300
#ping 150.3.3.3 source F0/0 size 1200
#show route-map
route-map MATCHMTU, permit, sequence 10
Match clauses:
ip address (access-lists): 101
length 0 500
Set clauses:
ip next-hop 10.0.0.2
Policy routing matches: 0 packets, 0 bytes
route-map MATCHMTU, permit, sequence 20
Match clauses:
ip address (access-lists): 101
length 1000 1500
Set clauses:
ip next-hop 10.0.0.2
Policy routing matches: 0 packets, 0 bytes
route-map MATCHMTU, deny, sequence 30
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes

Am I missing something?

EIGRP_PBR.jpg

fredrikjj

try using the debug ip policy command on the router that performs the PBR. It should give more information on what's going on.

OfWolfAndMan

Alright so I did that, and source ping from R1's f0/0 interface. Got NOTHING.

Now, if I do a ping from R4 with the appropriate size, then it does work. I guess it doesn't really matter if the interface itself can anyway. As long as the hosts' traffic gets routed appropriately.

fredrikjj

The problem that you are having is probably that locally generated traffic isn't affected by the ip policy interface command. It must be incoming from another device. If you want to PBR local traffic you need the global command that I've forgotten that exakt syntax for.

tomtom1

fredrikjj wrote: »

The problem that you are having is probably that locally generated traffic isn't affected by the ip policy interface command. It must be incoming from another device. If you want to PBR local traffic you need the global command that I've forgotten that exakt syntax for.

ip local policy, right?

OfWolfAndMan

What about #ip local policy route-map MATCHMTU?

Source: Cisco website

Edit: TomTom you're right! I would give you more rep but looks like I already gave you some

OfWolfAndMan

OK I know I'm jumping ahead of myself, but this request is more so for work as we recently implemented QoS and multicast configs. Is there a good video course I could check out in the future that may make it easier to understand for not only my real world benefit, but also for when I do SWITCH?

OfWolfAndMan

Also another question: In the SWITCH material, they seem to mention dynamic vlan configuration and VMPS. As VMPS is not used and Mac Authentication Bypass seems to be the modern thing, why even mention it?

OfWolfAndMan

Been reviewing over both the book and the Chris Bryant videos while labbing like crazy. Will be scheduling my test for the end of the month next week hopefully. Was supposed to do it last week but customer support was a little confused on my intentions, as my Pearson Vue account is not working, and I told them I wanted to schedule over the phone, but they insisted on trying to fix my account again, and still with no success. Anyway, will be over-viewing branch technologies today as I believe this is one area I could use some more practice. Anyone who insists, please feel free to start quizzing me, particularly those that have already taken the test.

tomtom1

I could write up some practice questions for the ROUTE material if you're up? Would be a nice refresher for my TSHOOT which combines SWITCH and ROUTE (need to clear SWITCH) first though.

OfWolfAndMan

Absolutely! Currently configuring a gre over ipsec tunnel. Making it even more difficult by using NAT on both sides of the tunnel, routing it over a public IP medium. I expect it to help me understand VPN tunneling a little more by getting some hands on. I am also currently working on configuring my home router as a VPN server for OpenVPN so I can remotely work on my home switch lab from anywhere. I believe this task will help me do that.

OfWolfAndMan

Scheduled the exam for the 30th! Time to touch up on BGP communities, PBR, and a little more VPN labbing, then overviewing everything once more, followed by some more labs!

OfWolfAndMan

Test is on Wednesday guys! Will be doing a good amount of final overview this weekend. Labbing as well and will be writing notes AGAIN for ultimate retainability. I feel confident in just about everything except maybe BGP communities. Feel free to quiz me!

OfWolfAndMan

Test tomorrow guys! Doing some last minute overview tonight. I feel confident on all topics, and yes, I memorized the EIGRP default metric and BGP path selection attributes

OfWolfAndMan

Well guys, that test was extremely challenging! Thankfully I passed though... Barely. 806. Looks like I'll be starting my SWITCH studies in a few days!

Staunchy

Congrats Wolf best of luck with SWITCH. I am starting with ROUTE now again want try get it before old exams retire

Danielh22185

Congrats on the pass. You seemed to knock Route out pretty quick!

networker050184

Congrats!

OfWolfAndMan

Thank you everyone!

Daniel, I think I put in close to two months for the ROUTE, however I had begin skimming through some of the material multiple times before finishing up the CCNA Security. In addition, it did help to deal with IGPs at work. When I was at work, I had a switch lab setup with ip routing enabled as we couldn't use GNS3. At lunch (Some days), I would go home and study or lab. After work and after the gym, I would allocate time accordingly to the Pomodoro technique (As I would go for two hours and burn out eventually if I didn't pace myself) with my studies. On weekends, I would get a good 8-12 hours over those two days. I was committed as this will probably be the hardest of the three for me.

OfWolfAndMan

OK so I had already read through a good 50 pages of the SWITCH book at the end of ROUTE, and had the VLAN videos and VTP videos watched for Chris Bryant's. Just finished up VLANs/VTP in the Simplified book this morning and have finished some of CB's spanning tree videos last night. A LOT more detail and depth on spanning tree than the CCNA, but the foundation makes things a lot easier to understand. Thankfully I currently am dealing with a network using VTPv3 so getting my hands on lab equipment (Even though I have a 3560 with version 15 at home if need be) will be easy. I love VTP mode off!

mistabrumley89

I prefer VTP to be off as well. Usually we just have a baseline we can copy/paste, so worrying about VTP isn't a real issue. Local VLANS FTW.

Oh, and congrats on the pass. The route exam was really really tough. I think you will find SWITCH to be a much smoother ride.

ninjaturtle

OfWolfAndMan wrote: »

OK so I had already read through a good 50 pages of the SWITCH book at the end of ROUTE, and had the VLAN videos and VTP videos watched for Chris Bryant's. Just finished up VLANs/VTP in the Simplified book this morning and have finished some of CB's spanning tree videos last night. A LOT more detail and depth on spanning tree than the CCNA, but the foundation makes things a lot easier to understand. Thankfully I currently am dealing with a network using VTPv3 so getting my hands on lab equipment (Even though I have a 3560 with version 15 at home if need be) will be easy. I love VTP mode off!

This will be perfect for you ----> Free Cisco Catalyst Switch Lab

Lab galore! Cheers!!

OfWolfAndMan

Thank you, Ninjaturtle!

Update: I just completed the videos for all Spanning-Tree concepts (to include Backbonefast, Uplinkfast, Root Guard, Loop Guard, BPDUguard/filter, Portfast, RSTP, PVST, MST, etc). I had never heard about the STP diameter concept before, but found it quite interesting. In addition, I just finished etherchannel this morning, and I believe channel-group 1 mode on will be my universal etherchannel command for the most part. Flex links is also a brand new concept to me, and I'm kinda curious as to when it could be used. It seemed somewhat similar to an FHRP setup, except for the fact FHRP seems it's more appropriate for a L3 switching edge (Or redundant router setup), while flex links seem more appropriate on the downstream switches at the distribution layer on a L2/L3 setup. Labs will be coming soon.

I have actually had my switching lab for a couple of months thankfully, prepping in advance of course. Thanks to Veritas_Libertas and Jahsoul, every switch with the exception of one I got off of Ebay. My topology currently consists of: 1 3560 w/ version 15, 1 3750 with PoE, and 3 2950s. I also have a rack to make things a little more organized

fredrikjj

Flex links is also a brand new concept to me, and I'm kinda curious as to when it could be used.

It converges faster than RSTP. Like 50 ms vs. 100 ms. So if you need that and also can't use some multi chassis link aggregation technology (though tbh I'm not particularly familiar with MLAG convergence if a link fails - I'm just assuming that it's fast) you could use flex link and deal with the increased complexity of deploying a feature that's pretty obscure and isn't completely plug and play.

Read this: Cisco Flex link | Daniels networking blog
Then read this series: Flex Links: The Beginning (Part 1/3) | rekrowteN | Networker

I believe channel-group 1 mode on will be my universal etherchannel command for the most part.

You probably want to use LACP for the most part since it has failsafes built in that the "on" mode doesn't. On is just for forcing the bundle with devices that haven't implemented LACP.

OfWolfAndMan

Read this: Cisco Flex link | Daniels networking blog

I see where you're coming from now. I didn't see it before, as the redundant link design in the place I work at is between the core and the distribution, not access to distribution.

You probably want to use LACP for the most part since it has failsafes built in that the "on" mode doesn't. On is just for forcing the bundle with devices that haven't implemented LACP.

Agreed. Now that you mention it, I remember LACP having a backup for 8 additional ports binding into an etherchannel. Quite efficient.

Update on the studying: Finished the LAN security section in the videos and the book along with the MLS sections. LAN security was a little bit of overview of some of the stuff I learned from CCNA Security (Dynamic ARP inspection, DHCP snooping, port security). A few new things to me were PVLANs (I could find that very useful for security purposes), VLAN ACLs (Which would seem useless of preventing particular users from accessing other users in the same VLAN. Isn't that one of the reasons for VLANs, aside from broadcast segmentation? If you're preventing interVLAN traffic, I could see that.), and a little bit about 802.1x (We use ISE at work, so I am somewhat familiar. Supplicant is a word they love to use over client.). MLS is not a new concept to me, especially the config, but I did learn a few new things in that section too: Fallback bridging (Genius way of bridging IPX/Appletalk without it needing to be routed), a little more detail about CEF, and something that's a flashback from my NA Security studies, the data and control planes. Next week I will be focusing in on FHRPs and hopefully finish up on the smaller sections like Multicast, VoIP, QoS, and Wireless. Depending, I may just finish FHRPs and then go straight into labbing, as I find these last topics a little less broad in this course.