Passed v5 written - my thoughts

Starwars

The "always" option is a new sub command, if it's available in the ios use it, otherwise you have to config a new RID.
It wasn't available in v4 using ios 12.4(15)T , but it will probably be available in v5.

lrb

Starwars wrote: »

The "always" option is a new sub command, if it's available in the ios use it, otherwise you have to config a new RID.
It wasn't available in v4 using ios 12.4(15)T , but it will probably be available in v5.

Sweet - I don't remember seeing the command when I was looking at doing the v4 a few years ago.

Completed another 2 hours tonight:

1) Some speed work with DMVPN Phase 2/3 and IPsec

2) BGP aggregation from INE and Narbiks workbooks - ran into a wierd IOU bug when using as-set with advertise map; nothing I did seemed to remove one of the component routes' attributes from the summary until I reloaded the router.

3) DHCP Snooping and DHCP option 82 from Narbik's workbook.

lrb

3 hours tonight and I am officially done labbing for the day after a domino effect of VPN issues at work which caused most of our customers to experience almost 10 minutes of downtime because of a couple of poorly configured Juniper T routers.

1) Completed all of the NSSA labs again from the INE workbook

2) Did some VRF lite configuration with OSPFv3 and BGP

3) OSPF default routing from Narbik's workbook and INE workbook.

4) EIGRP traffic engineering from INE v5 workbook.

It doesn't matter how many times I go through unequal cost load balancing labs, I always seem to get myself stuck trying to figure out the right bandwidth and/or delay values in questions such as "configure unequal cost load balancing such that path X is used 5 times as much as path Y". If i get a question like this on the exam I'm saving it until last Feeling pretty good with going through all of the individual topics again, my L2, IGP, BGP, MPLS, DMVPN, and multicast I think is strong so I really need to hammer some services/security/optimization some more.

lrb

2.5 hours tonight:

1) Watched INE videos on NSSA traffic engineering, DHCP snooping, DAI, and IP source guard

2) Did the remaining L2 security labs for port security, VLAN filters, and MAC ACLs

3) Reviewed all of the INE labs for 802.1D enhancements.

I remember when I started studying for my CCIE that there was just so many things to know but over the last few weeks everything has really come together. For anyone who is just starting out with their studies just take the blueprint one topic/section at a time. Make a commitment that this week I will learn about OSPF features X,Y, and Z and stick to that commitment and make sure that you can know which verification commands will prove the correctness of your work..

I'm going to go over INE's v5 troubleshooting lab and config lab on the weekend and simulate a real lab attempt (1 monitor, US keyboard, 8:30 - 5, no music, etc) and see how i go.

I see that Narbik is releasing his v5 troubleshooting lab guide about a week before game day so I might purchase it and use my time off to complete all of the labs

lrb

2 hours tonight:

1) Wanted to hit some weaker areas again today: EIGRP unequal cost load sharing, DAI with static DHCP snooping bindings (keep forgetting that these are configured in enable mode rather than config), and DHCP snooping with all the different ways to do option 82 (custom remote-ID/client-ID strings for example; allow option 82 with a zero giaddr field on the DHCP server, etc)

2) Played around with the IOS DNS server which I somehow have missed in my studies to date. Pretty easy and the doco isn't too bad for this feature either. I tried for a bit to get the split-DNS feature working with DNS views and view-lists and finally got it to work in IOS 15.3 (couldn't get it to work on my 2911 or 1841 with which are running earlier releases)

3) Did Narbik's lab on NAT on a stick and boy I really hate this feature

lrb

Just completed the INE labs - got the TS questions done in just under 2 hours and the config section in just over 4.5 hours, meaning I would have had just under an hour or so to go through my verifications again. I wouldnt say either section were overly hard, the longest part for me was trying to correlate the interfaces on the INE diagram to the IOU interfaces using CDP. Nothing really tricky, I just have to remember the questions in full before starting to type out my configs in notepad. On the DMVPN I had under the Tunnel af-interface the command no-next-self but the question specified later that Phase 3 was required so I had to take this command off and add the commands for the redirect/shortcut. I'd hate to miss out a 5 point question because I left a command on the hub router which had no real effect on traffic flow but would mean that the IGP was controlling the spoke-to-spoke communications rather than NHRP (and therefore not strictly phase 3)

EdTheLad

lrb wrote: »

the longest part for me was trying to correlate the interfaces on the INE diagram to the IOU interfaces using CDP.

I generally use a script to convert the ports in the initial configs to my IOU topology, i keep a copy of this script open in a text file on my pc to quickly check a port if needed.

lrb

Yep that's a good idea - I might do that tomorrow. Hopefully INE actually start getting their infra ready for these labs to be available to the customers so I don't have muck around with IOU netmaps for these types of large labs.

Finished off tonight with some more MPLS VPN labs from Narbik's v5 workbook for about an hour so not a bad today. About 8 hours all up.

lrb

Took a bit easier today as I had to travel interstate tonight. Did 2 hours of uRPF, NTP, and Multicast (PIM modes, DR/DF election, and troubleshooting RP failures). As I'm away for most of the week I'm going to read through the INE R&Sv4 Vol2 workbooks and try to do as much of the configuration in notepad without actually being on a device.

lrb

So I wanted to do a few quick INE labs for Accept-RP and Accept-Register for PIM and the Accept-Register one took me the full hour to finish. Why? Well when you configure the ACL that defines the list of valid sources on the RP, the CSR setup INE uses for the v5 labs completely ignores this and the RP creates the SPT to the source anyway. Tried all kinds of filtering and other stuff to stop the non-valid sources from succesfully having themselves with registered with the RP only to scroll down the page to the footnote which indicates that yes there is a problem with the CSR routers where they simply just sent the traffic out all PIM-enabled interfaces anyway, and hence the Accept-Register configuration has no effect other than a trap being sent when an invalid source tries to be registered with the RP.

lrb

INE now has the full scale lab rack rentals available now for 8 tokens/hour it looks like.

Network_Engineer

Thanks! I logged on and reserved my full scale lab rack rentals for the next 60 days.

lrb

4.5 hours tonight on the road:

1) 1.5 hours on the TS lab #2 - not as tough as TS lab #1 but definitely stretches your knowledge. The rack rentals for the full scale labs was very unreliable too even after I tried a few different Internet services at my hotel. My sessions kept dropping every 5 minutes so I switched to using the web telnet client on their site about half way through.

2) 3 hours on IPv6 routing protocols from INE's workbook and some from Narbik's.

vram

lrb wrote: »

Anyone going to Narbik's 10 day bootcamp in Sydney Australia in november?

I remember seeing the bootcamp sched in November a couple of months back but when I checked 3 weeks ago it was already gone. Does it mean the class was cancelled or the class was already full? Are you going in Nov or was it re-sched for May next year?

lrb

Yeah I noticed that! I think May is probably too far away for me personally. I have my first lab attempt next month, and if that doesn't result in a pass I will try to take it again in December on the last week for lab sits.

Took last night off from hardcore study and just played around with some OSPF areas, redistribution and NSSAs in IOU. Have INE's mock lab #2 scheduled from 1pm to 6:30pm tonight, heading out for dinner, and then back to do some QoS labs tonight for 3 hours. I haven't done a whole lot of QoS review lately so I tonight should be a good refresher, especially on sub-rate's, policing, etc. I'll post again later tonight with how the mock lab went.

lrb

Just completed INE's mock lab 2 today which took me the complete 5.5 hours to do, including verification etc. I found this one a little easier than number 1 but it took me longer to complete for some reason. For the life of me I couldn't get NTP authentication to work between the peers so I took it off so that I wouldn't break an earlier task and just accepted that I would have dropped the 3 points for NTP security, which is better than dropping 6 points for NTP altogether.

Off to dinner now before some QoS later tonight might even chuck some NTP authentication in there as well.

lrb

Got home late tonight so I only managed 2.5 hours.

1) Shaping, HQF, CBWFQ, and classification labs from INE - nothing too hard here, just had to remember all of the token bucket formulas. Since they removed L2 QoS from the lab, QoS doesn't seem so intimidating as it once was.

2) IPv6 redistribution and IPv6 traffic filters. I wonder if there is some really obvious reason why Cisco omitted some of the protocols from being listed by default in the IPv6 ACL? For example you cannot go sequence 10 permit ospf in the IPv6 ACL because ospf is not a keyword, so instead you either have to remember that OSPF is protocol 88 or use something like debug ip packet to find out the protocol number.

lrb

Just completed 1.5 hours of INE's mock TS lab #2, and only completed 4 questions correctly I know these TS mocks are rated 7 and 8 but man they are killing me at the moment!

lrb

Just completed another 3 hours of IP services / management:

1) NTP authentication, access contorl, multicast NTP, broadcast NTP. This is one area where I think you could easily lose points if you forget a command like trusted-key so be make sure to verify that authentication is definately working using the command show ntp assoc detail | inc auth to make sure you see authenticated in the output.

2) Logging, config archive/rollback, and some other misc logging features with ACLs.

3) About an hour of practice with filtering using IPv4 ACLs, IPv6 traffic filters, using PBR for filter, and time-based ACLs

lrb

2 hours tonight:

1) INE labs on BGP backdoor and all the different variations of BGP aggregation

2) Went over both Narbik's and INE's NTP authentication labs (even though I did them last night too) to reinforce this, plus I also wrote out the configuration for the entire labs with pen and paper before jumping on the routers. I swear if I get a question on NTP auth in the exam I better nail it now!

3 weeks and 2 days now.. getting kind of excited!

lrb

3 hours tonight of PE-CE routing including RIP, EIGRP SOO, OSPF down bit, OSPF VRF-Lite capability, and OSPF sham links.

Before configuring any of the tasks in the INE workbook I drew out the topology and wrote down what a route update should look like at each point in the process (on the originating PE-CE link, PE-PE, destination PE-CE link). I will finish the BGP SOO lab tomorrow night before having another run at the a TS mock lab.

lrb

Another 3 hours last night:

1) Narbik's workbook for EIGRP SOO labs and BGP PE-CE routing with SOO.

2) INE labs for NetFlow, which don't actually work on CSR so I had to make up a similar topology in IOU to practice these.

3) Created my own lab for doing IPv6 NLRI over BGP IPv4 transport and played around some more next hop modification.

4) Watched the INE IPv6 BGP ATCv5 video. Some pretty good explanations by Brian for most of this topic except he kept blaming the IOS-XE version he was running when he couldn't get the IPv6 neighbours to establish using link local addresses

Going to take most of tonight off to rest and get ready for 2 hours of TS tomorrow night and two 5.5 hour mock labs on the weekend.

lrb

Only about an hour of labbing last night playing with MPLS VPN multipath with the maximum-paths eibgp command and using different RDs on each PE router. Finished off with some more Internet access with MPLS VPN using Internet in a VRF and route leaking.

7 hours today:

1) Completed a 360 mock lab which took me about 4.5 hours to complete. Much more simple than the INE ones and I would say only 20% of the questions were what I would consider "trickier" topics (OSPF LFA, IPv6 BGP, etc). This was a good lab actually as it made me really concentrate on making sure what I configured matched any sample output in the questions (e.g. make sure R18 has the following OSPF-learned routes in it's RIB) because they may have a clue as to the configuration required. In this case, prefix suppression was required to knock out advertising the transit link routes.

2) Watched two videos on MPLS VPN troubleshooting from INE. These two videos are a must watch I think for the TS component of the lab as he points out some common problem areas in both the data plane and hte control plane.

3) Completed a few homemade labs on EIGRP Add-Path, OSPF LFA FRR, and BGP Add Path. Happy to share if people are particularly interested in these features.

Well... in less than three weeks I'll know if I have done enough to pass!

gorebrush

Best of luck, will be watching this thread!

lrb

Do not waste time watching the NAT video from INE's R&S ATCv5... I will not be getting those 59 minutes back

Lucas21

lrb wrote: »

Do not waste time watching the NAT video from INE's R&S ATCv5... I will not be getting those 59 minutes back

You mean to tell me you watch the VODs on 1x speed?

Thanks for the heads-up though seriously. I've also noticed some of the videos are of a lower quality and in hindsight I wish I hadn't wasted time on them. But that's about 2-4 of almost 150 so not bad eh.

I wish you success in the lab! I've been reading your updates on this thread and you seem very determined.

lrb

Hehe no I usually watch them on 1.2x speed, so it was more like 50 minutes. Normally the ATC videos are pretty good though so I can't complain too much about INE..

.. until later today when I had two issues with their rack rentals.

1) I successfully crashed one of the routers on the INE TS lab by running no af-interface g1.1617 on one of the routers under the EIGRP process, causing a kernel panic resulting in a length reload and wait for everything to come back up and converge. Seeing as I had already done every other ticket I wanted to make sure my configs for this were okay so I couldn't move on.

2) Lab #2 would not load with any of the correct configs. I don't mind if it's one router here and there but the whole rack wouldn't take the initial configs from the rack control panel. Waiting on my 911 ticket to be serviced now...

lrb

Lost about 30 minutes of my rack rental with trying to load the TS #2 lab because it kept applying the TS #1 lab. Eventually I just gave up and loaded a blank config on all the routers and then pasted in all of the initial configs.

6 hours today:

1) 3.5 hours of TS from INE and Narbik's workbook. Narbik's workbooks are much better than INE in my opinion for TS but the labs are all protocol specific, so you already kind of know where to look to find the faults. I.e. in the BGP specific TS labs, you obviously know that you should be looking at the BGP table, advertised routes, route policies, etc, rather than initially isolate the problem area (is it DMVPN? is it CoPP? etc). I will keep doing Narbik's TS labs from now on after my bad experience with the INE labs.

2) 2.5 hours of NAT study from the INE workbook and Narbik's workbook. I really just wanted to go over the trickier topics like NAT on a stick, NVI, HSRP with NAT failover, etc, but I decided to do a complete run through of all the NAT labs. In Narbik's book he mentions that when doing stateful NAT that every router will need to have a unique stateful NAT id configured for this to work, however it worked perfectly fine for me with having the same configured on both routers. I also had some trouble getting NAT on a stick to work in IOU so I had went down to the garage and pulled out some physical kit from my CCNP study days and tested NAT on a stick on these which seemed to work much better.

lrb

Hectic few days at work getting VPLS working between some of our sites which are termintaed on Juniper SRX550's and other sites which use ASR1K's. Worked about 15 hours yesterday and 12 hours today but still manged some decent labbing in.

2 hours yesterday:

1) Went over the harder NAT topics again (route map inside in, NAT on a stick)

2) BGP Add-Path and EIBGP multipath for MPLS VPN. Really like Add-Path, I'm hoping that they touch more on this on the CCIE SP.

And 2 hours today:

1) Went over some more complicated route redistriubiton scenarios using three different IGPs and how my method for loop prevention (route tagging based on source IGP admin distance) doesn't work for all scenarios. This is actually something I picked up from doing INE's mock lab #1.

2) Created a basic PPPoE setup with two remote access concentrators because I wanted to see how IOS handled the case where it recieved two PPPoE Active Discover Offers (PADO).

Turns out work has asked me to help with an ACI design for one of our overseas US customers. Bad part is that I will be flying back the day before my lab which means I'm going to have to use the last day almost entirely for trying to catch up on sleep rather than reading my notes.

jamesp1983

lrb wrote: »

3) Completed a few homemade labs on EIGRP Add-Path, OSPF LFA FRR, and BGP Add Path. Happy to share if people are particularly interested in these features.

Well... in less than three weeks I'll know if I have done enough to pass!

Good luck! I'm interested in those features so I would love to check out your homemade labs.