Getting ready soon

hurricane1091

Nearly done Chapter 9, will finish tomorrow. Going to start watching videos of the previous chapters as I continue on through the book since I'm over half way done.

Labbed the stub areas and saw what happened to the routing tables after they were configured. The LSA types make a ton of sense now. Also did the route filtering and prefix filtering, which I had a little issue on but it was good to see. I had a loopback at 12.0.0.0/8 and was trying to prevent that from being advertised into another area, but because it's a loopback it was reallly being advertised as 12.0.0.1/32 and I was not blocking it. Denying 12.0.0.1/32 or 12.0.0.0/8 le 32 fixed that issue. It's been really good stuff.

My plan going forward is to keep reading and making up my own labs as I go along while watching videos from previous chapters. I think when I get to the end with the routing protocol authentication stuff, I'll go ahead and re-lab everything I've done so far (but not as in depth) as a quick refresher and go over all my notes and go take the test. I think the end of March is still a good deadline.

hurricane1091

I am completely done with Chapter 9 and on to the (very long) Chapter 10. I re-read all of my notes today as well. I feel very comfortable with everything so far (admit I am weak on IPv6 still but did lab some of it at end of Chapter 9). I have actually done redistribution but I must not know much if there is that much dedicated to it lol.

My plan was to start the CBT nuggets today. I am unsure of my plan though. I was going to start from the beginning and continue to read Chapters 10-17, and by the time I finished that I would be caught up to date on the videos for previous chapters and then watch those. But maybe it makes more sense to watch the videos for upcoming chapters and revisit older ones later?

I might re-do this lab tomorrow as well and get it ready again and throw in a 4th router. I would then just reconfigure OSPF and do NSSAs I guess and use EIGRP elsewhere. I just have prefix list and stuff going on right now, so I need to get rid of those so they do not create confusion. It will really hammer in OSPF and EIGRP again though and get me feeling really solid about it.

hurricane1091

Stripping all the OSPF route filtering from my lab and adding an EIGRP area since I am starting Chapter 10 today - which is route redistribution. Watched CBT nuggets videos on DMVPN/GRE, and the IPv6/RIPng video.

Also, I finally got back to my DMVPN lab at work and have figured out a solution/migration path to the new design. It will work 100% during the migration process and we will have a true 100+ site DMVPN environment.

hurricane1091

Here is my new lab set up for Chapter 10 and beyond. The ISP cloud is really just the 3650 switch, and it looks a little unpractical with the EIGRP 100 area in between R1 and R2, but without adding more equipment this serves the same purpose.

Nans

Hi Hurricane,

I also started my CCNP recently, I recently completed my masters degree and am still looking for a job. I am into chapter 8 now. Will keep n touch all the best.

hurricane1091

Good luck, you should join the Google Hangout for here! I am still on Chapter 10 - half way thru. I am on Video 6 out of the 38 on CBT nuggets, and will finish a few today hopefully.

I am busy at work once again with this DMVPN lab. I am trying to get the zone based firewalls to work. We *could* create a 100ish line long ACL for inbound internet traffic (allowing each hub site's public IP) OR we could get this ZBF to work and only allow ISAKMP traffic in from any host. Which should be secure since you're not going to be able to form a tunnel with us. I am struggling with this though. ZBF were talked about on the CCNA Security but I have never done it.

Nans

woaaaw, man you do a lot of stuff..!! Yes i have read the CCNA security book and never had a chance to take the old exam. I am about to complete the chapter 8 and will catch up with you by the end of the week may be ..! I am jobless so couldn't pay for nuggets so I bought bryant's bootcamp on udemy. Done with EIgrp and most of the OSPF videos in there. Sure, Thanks I will send you a PM with my email address to join the hangout session.

hurricane1091

I'm fortunate that my boss designed such a good network and I get to work on projects like the one I am currently working on honestly. I started out here doing all the IOS upgrades, do a lot of the new circuit cutovers, and recently opened up a new office and began re-designing our DMVPN environment. It was really just a constant progression. About the CCNA Security, I only really started to study for it because I knew I was going to go back to school and get my BS from WGU, and it would transfer in. So I studied for it and then took it like the first week I started WGU. It honestly was not very valuable. Any ZBF knowledge I got out of it is mostly gone, and no one uses CCP.

hurricane1091

Finally done Chapter 10 just about (like 3 pages left). Very time consuming and difficult labbing everything. I changed my topology a bit and made an OSPF area NSSA and was getting frustrated with a redistributed route not coming in. I eventually realized that it was a type 5 LSA from the router that would be forwarding along the information, because it was learned originally from a router that was redistributing into a normal OSPF area. Now, I went and redistributed from the NSSA router and it created a type 7 LSA.

Half the stuff I lab I swear is not practical, I really wonder where some of this stuff comes into play. I would be surprised I guess.

koz24

hurricane1091 wrote: »

Half the stuff I lab I swear is not practical, I really wonder where some of this stuff comes into play. I would be surprised I guess.

Probably in the CCIE lab is where they hit you with a bunch of 'gotchas'. For CCNP these workbooks purpose is that they over-prepare you so that when you get to the real exam, the basic stuff on the exam is a walk in the park.

hurricane1091

koz24 wrote: »

Probably in the CCIE lab is where they hit you with a bunch of 'gotchas'. For CCNP these workbooks purpose is that they over-prepare you so that when you get to the real exam, the basic stuff on the exam is a walk in the park.

I believe you for sure. On the CCIE lab they probably ask the craziest stuff that you'll probably never see in your life.

Nans

hurricane1091 wrote: »

I believe you for sure. On the CCIE lab they probably ask the craziest stuff that you'll probably never see in your life.

LOL, cant stop laughing..

hurricane1091

I have no idea what they ask but even in the CCNP book they propose scenarios you likely won't see (but could). Like when you have RIP redistributed into EIGRP redistributed into OSPF and then run into routing issues due to AD. That makes sense, but I could go my entire life and never actually encounter that.

Anyways, starting Chapter 11 and working through the CBT EIGRP videos. Progress continues slowly.

hurricane1091

I finished Chapter 11 and some more EIGRP videos in the CBT nuggets series. On to Chapter 12 and some more EIGRP videos. Definitely wants Chapter 12 and the EIGRP videos done this week. That should be no problem. If I start Chapter 13 and the OSPF videos, then this is a great week. Once I finish OSPF videos and the BGP chapters, I'll really be seeing the light at the end of the tunnel.

Labbed the IP SLA stuff today which was not a problem because we are already doing that stuff and I have seen it before. Messed around with PBR and did an instance of it in my lab, nothing crazy. I feel good so far. I think I'll review everything in my notes once I finish Chapter 12 and EIGRP videos before going forward.

hurricane1091

I gave a demo of my DMVPN + NHRP + ZBF design today at work and it was a success. Have some small things to work through and then come up with a finalized implementation plan to roll out across 100+ sites, but I feel good about how it is going.

Going to do Chapter 12 today and hopefully finish the EIGRP videos.

hurricane1091

I did Chapter 12 during lunch, will try to finish EIGRP videos tonight. Chapter 12 should of been fast but I was being stupid and could not get NAT to work, and then realized it was because traffic was going thru the GRE tunnel. So, it was simple after that.

I also observed that if you do not put "overload" at the end of your nat configuration, but send multiple packets out, it seems to just add that command in there. It seems odd, and if anyone reads this I am hoping for an explanation.

It could also occur as a result of identifying an ACL instead of an IP address actually - which could make more sense. Interesting stuff you observe doing this sometimes.

hurricane1091

Going to starter Chapter 13, which is BGP (along with Chapter 14). This is something I basically know very little about so I foresee it being slow and painful. OSPF videos are also in the queue.

hurricane1091

I am going to finish Chapter 13 today. I had to add a 4th router to my lab. 2 to mimic internal routers in the same AS, and two for separate ISPs in different ASs. This is close to our production environment. I'm going into this with basically minimal knowledge except how to map neighbors. I'll probably stop the videos for now as my lab has just been completely re-wired. Easier to finish book and then watch rest of the videos and read notes and re-lab some stuff.

hurricane1091

No progress made unfortunately. Fell really under the weather but going to try and get back at it tomorrow. March 26 is my goal still I'm thinking if that is available.

hurricane1091

I'm alive again but not 100%. I built a terminal server and hooked my lab up to that since it's up to 5 pieces of equipment now and probably will just continue to grow. I need to finish Chapter 13 tomorrow and get on Chapter 14. I want the entire book done and labbed by March 4, then I'll resume the videos and re-read notes and re-lab it all and hopefully be good to go.

My lab is set up to logically have 2 separate ISPs, each with 1 link back to the "HQ" routers who are running iBGP with each other. This should be a useful setup...

hurricane1091

Done Chapter 13. I actually knew some stuff from turning up new circuits. Chapter 14 will be big and then I'll really need to hone in and focus. I predict Chapter 14 will be a lot of labbing.

hurricane1091

Working through Chapter 14. Ran into an issue in my lab when trying to use the loopback IP as the update source and neighbor IP. The "allowedas-in" command is needed but not 100% grasping it yet. A lot of these concepts are not totally hard to figure out since we are doing them at work.

hurricane1091

I am not liking this loopback idea. I am seeing obvious problems here when I do a "show ip bgp" and something isn't totally kosher with this lab. I've tried researching and end up on CCIE blogs.

Like, I obviously DON'T want to see multiple routes to my own loopback address. I cannot even fathom where this would truly come in hand to be fair. Definitely not in the environment I have set up in my lab, nor our work environment really. If a link between iBGP peers fails, it's not the end of the world to be fair. The best path may suffer but as long as a default route to the ISP exists, it will still make its way out.

There probably is a benefit though in large production environments - I do not doubt it. I am just unaware/unexposed.

hurricane1091

Nearly done chapter 14. Taking forever. Learned a lot though. Did some good lab work influencing the routes with local preference and weight but I was already somewhat familiar with that from work. Added synchronization to my lab and watched it fail which was interesting. Tried to look into why this once was a necessary/desired function but got a little lost. Did some good route filtering too. I said I had no knowledge of BGP but the correct answer I guess is that I had no knowledge of how BGP actually worked. I did set up our ASR MPLS routers that run BGP and cleaned up ACLs for route filtering. We utilize local preference on them and I went back and checked out some stuff (a lot of it was just copy-paste from the MPLS routers I was replacing with ASRs).

I'm getting a lot of this but I'm getting tired as well. I end up going very deep into our own network, which is indeed complex and sophisticated.

Tomorrow I need to get back to my DMVPN lab and make certificate based authentication work. I have a concern with it as one of our sites only has a primary circuit, and my concern is once I change the ISAKMP profile to use certificate authentication instead of PSK, the tunnel will drop and it won't be able to the CA (I am not planning on us using the DMVPN hub as a CA in production). I am assuming if I enroll with the CA while PSKs are being used then I will be good. For all other sites, they can reach the CA over the primary MPLS circuit. This is a major change with over 100+ branches, it needs to be well thought out (in addition to the DMVPN redesign rollout).

Anyways, I am seeing the light at the end of this tunnel. I am going to try to finish the book next week, then burn through the rest of the videos and re-read my notes and lab anything up again I'm weak at. Maybe even skim thru the book once more.

hurricane1091

Current plan is to finish the book this week, and hopefully finishing the videos next week. Need to get note cards to remember stuff like OSPF LSA types, EIGRP K values, etc. Still eyeing March 26 but we'll see. I feel reasonably good so far.

hurricane1091

Done chapter 16, on to 17. Chapter 16 was not bad, I've had SSH set up in my lab so that was nothing new. We do VTY access management at work as well and AAA, so nothing crazy there. I'm going to begin the videos where I left off once I am done the book this week, and then definitely go back and re-lab stuff.

Notes to myself:

Make note cards - reference things like LSA types, E1 vs E2 routes, EIGRP K values, etc. I know I need to be 100% with those things for the exam, and it is something easy to forget.

Re-lab: IPv6, just generally pretty weak on it still. Need to practice route filtering more for EIGRP and OSPF. Good with ACLs and route maps (due to work) but not so good with Prefix Lists. Need to go back and understand CEF more to refresh, and re-lab redistribution but I feel good with it. March 26 remains the target still.

hurricane1091

March 26 is not available at any locations near me in NJ. There's a place I've gone to in PA that has it, but it's a rough area and I always get confused driving there. Going to see if my boss will let me leave work early during the last week of the month some time to go take it near my house.

hurricane1091

Done the book! Reloaded an old lab from the redistribution chapter to do the authentication stuff. Was already familiar with BGP authentication.

hurricane1091

Finishing Chapter 9 review today. Have been making flash cards and relabbing stuff along the way. Will finish reviewing notes and videos by next week, then begin just flash card cramming and hopefully taking the exam 3/31.

hurricane1091

Working through Chapter 11 in my notes now and watching the videos on it. Spent a ton of time re-labbing stuff in chapter 10. Realized I had a lot of confusion with stub area types. I worked through a lot of them but still slightly confused. I don't understand why this NSSA doesn't change the type 7 and send it as a type 5 to another OSPF area that is not configured as any type of stub. Is this normal? I feel like it should get it.

Not officially scheduled, but I should be taking the test 3/31. I feel pretty good, been working through some sample questions and my flash cards.