[300-115] CCNP Switch - here we go

2

Comments

  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    NEODREAM wrote: »
    Hope your progress is going well. Following this has motivated me to begin my studies for my CCNP:Switch!


    Good luck and continue on!

    I'm happy to hear this :)

    I was inspired by seeing other people's threads about this so went ahead and decided to tackle Switch. It's more easier to get into studying these things now compared to a couple of years ago. Putting together a lab or simulating one's more affordable (well, for most of the topics anyway) and there are a lot of options for study material.

    Best of luck with your studies!
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    I was hopping things might get a bit more "lightweight" nearing the last sections of the blueprint / OCG but man...these last chapters, there's a lot of meat to them.

    Just digging around FHRPs and these are SO cool but still require a lot of careful tweaking / tuning to get right.

    I just watched a CBT video discussing potential issues when STP meets FHRPs which, when I learned these redundancy concepts, I didn't even consider but man do you need to carefully consider every little active link / data flow when planning for gateway redundancy or load-balancing.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    +1 point for CBT, Jeremy specifically on tackling AAA (802.1X indirectly) in their SWITCH stuff.

    Jeremy actually goes through the process of setting up a RADIUS service on a fresh Win2003 server install and doing AAA using that.

    Great to be able to lab ALL this stuff out not just the Cisco switch bits; y'know, seeing all the pieces click into place.

    Gonna try to use this for 802.1X as well.

    Note to self:

    Hardcoding the switch interface which originates requests toward the RADIUS server:

    Switch(config)#ip radius source-interface Eth X/Y

    if requests go out to the RADIUS server from SVI/L3 IP addresses other than what the RADIUS server is configured to accept, AAA will fail to work.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • shortstop20shortstop20 Member Posts: 161 ■■■□□□□□□□
    +1 point for CBT, Jeremy specifically on tackling AAA (802.1X indirectly) in their SWITCH stuff.

    Jeremy actually goes through the process of setting up a RADIUS service on a fresh Win2003 server install and doing AAA using that.

    Great to be able to lab ALL this stuff out not just the Cisco switch bits; y'know, seeing all the pieces click into place.

    Gonna try to use this for 802.1X as well.

    Note to self:

    Hardcoding the switch interface which originates requests toward the RADIUS server:

    Switch(config)#ip radius source-interface Eth X/Y

    if requests go out to the RADIUS server from SVI/L3 IP addresses other than what the RADIUS server is configured to accept, AAA will fail to work.

    A good tidbit to remember. The same applies to TACACS, TFTP and FTP requests, among others I'm sure.

    These can all be specified via the "ip _____ source-interface _____" command.
    CCNA Security - 6/11/2018
    CCNP TShoot - 3/7/2018
    CCNP Route - 1/31/2018
    CCNP Switch - 12/10/2015
    CCNA R/S - 1/14/2015
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    So after struggling about 10 hours or so with 802.1X authentication I finally managed to get it working in GNS3 with IOU and Win2003 Server running IAS.

    What was giving me headaches was that even though my Windows IAS server would work fine for RADIUS authentication it would simply fail for 802.1X ports.

    Main things I did to get this working:

    - the "dot1x port-control auto" command doesn't work with the latest IOU version; had to use "authentication port-control auto" & "dot1x pae authenticatior" at port leve

    - Windows IAS "Remote Access Policy" included the following conditions "NAS-Port-Type=Ethernet" and "Windows-Groups" = whatever my user's account group was (TelnetClients in my case); left everything checked in the Profile's "Authentication" tab along with leaving "Service-Type=Framed" and "Framed-Protocol=PPP"

    - I used a Win XP SP3 machine with the WiredAutoConfig service enabled; MD5 Authentication enabled under the LAN adapter in VMware

    - port authentication would outright fail to authenticate even though I checked the user/pass combo 1000 times, even managed to log into the switch as a RADIUS user (not a port-based authentication user)

    - after tweaking a million settings around, I came across an Error with Reason code 19 in the Windows Event Viewer telling me that my Windows XP was trying to use CHAP and that the RADIUS server (Win 2003 in my case) needs to have "reversibly encrypted passwords"

    - after some reading around, I managed to find where I can get this done in Windows 2003 Server; it's under "Local Security Settings" -> Account Policy -> Password Policy -> Store passwords using reversible encryption; Obviously it was set to "Disabled" so i flipped the switch to "Enable"

    - I tried 802.1X again but still failed this time; I suspected it might be something wacky after this change so I just changed my 802.1X user account's password; tried it again and BANG - it worked! :)

    ...this really gave me a run for my money. The Cisco side of things was easy...the server side was though (Win Server isn't necessarily my strongest skill)
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • ImYourOnlyDJImYourOnlyDJ Member Posts: 180
    While reading up on IP SLA, I stumbled across the Embedded Event Manager which basically allows you to use EEM to monitor the state of a tracked object (which in turn monitors an SLA probe) and generate Syslog messages if the object goes Down or comes back Up. Not on the CCNP blueprint but very cool stuff to have at hand - increases the appeal of being able to use IP-SLA and object Tracking to keep a close eye on the network.

    For example, if IP-SLA probe 1 runs an icmp-echo test and Object 5 would be monitoring this probe, the config for pushing Syslog messages on probe/object failures would look like this:

    !
    track 5 ip sla 1 reachability
    !
    event manager applet Track_My_SLA
    event track 5 state down
    action 1 syslog msg "Your IP_SLA probe is dead"
    !

    ..and this will basically trigger syslog &/or SNMP messages to let the admin know what's going on.

    I really like this feature. Onto RSPAN now!
    Embedded Event Manager is very powerful stuff. You can have it reconfigure your router based on certain events even if you've lost remote connectivity with it. Stuff like changing a WAN IP address can be difficult remotely (need to change IP and default gateway and if you change one of these you lose connectivity without the other) but in theory you could do it with EEM. APIC-EM uses EEM to configure iWAN remotely because once you add the VRF to the interface you lose the IP configuration (and hence connectivity).
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Embedded Event Manager is very powerful stuff. You can have it reconfigure your router based on certain events even if you've lost remote connectivity with it. Stuff like changing a WAN IP address can be difficult remotely (need to change IP and default gateway and if you change one of these you lose connectivity without the other) but in theory you could do it with EEM. APIC-EM uses EEM to configure iWAN remotely because once you add the VRF to the interface you lose the IP configuration (and hence connectivity).

    wow

    Nice!..indeed a very powerful element of IOS.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • geo555geo555 Registered Users Posts: 2 ■□□□□□□□□□
    guys I need to retake ccnp switch exam very soon. I study the original cert guide book by david hucaby.
    what is the ocg?
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    geo555 wrote: »
    guys I need to retake ccnp switch exam very soon. I study the original cert guide book by david hucaby.
    what is the ocg?

    Well

    It's the same book. OCG = Official Certification Guide
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    So on the topic of VACLs, it looks like you can config these without any trouble in GNS3 and IOU but they don't take effect. Neither Boson Netsim nor Packet tracer can do VACLs.

    Storm Control's another feature that's currently unavailable in any emulated / simulated environment so had to lab that up on some real gear.

    On another note, Private VLANs work like a charm in GNS3 and L2 IOU so that's the upside of things.

    Still have 3 more topics to go:

    - DHCP Snooping
    - IP Source Guard
    - Dynamic ARP Inspection

    ...getting closer to the end of the syllabus/OCG. Going to work through the switching topics in the TSHOOT book afterwards and be doing more labs. I feel confident on these last sections I went through but need to go back and review everything a couple of times as MST and some other topics are starting to get blurry the closer I get to wrapping things up.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • Richard_ParkerRichard_Parker Registered Users Posts: 4 ■□□□□□□□□□
    Hi Negru,

    Could you tell me where I can download the necessary .bin files for relevant routers\switches and the relevant lab files to import into GNS3?

    Would be much appreciated.
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Hi Negru,

    Could you tell me where I can download the necessary .bin files for relevant routers\switches and the relevant lab files to import into GNS3?

    Would be much appreciated.

    Hey Richard,

    IOU images you'll have to find for yourself, sorry. Use some Google-fu and I'm 100% sure you'll get them.

    You'll need the GNS3 VM deployed inside VMware Workstation, Player or ESXi (don't use VirtualBox), then you need a license file uploaded to the GNS3 VM so that you can run those IOU (L2 and/or L3) images. It's called an iourc license file and you'll also have to rely on Google-fu to find out how you can get one.

    After you have these, just install GNS3 1.5.2 or 2.0 (wait until it goes public, the beta for 2.0 is still buggy) on your PC, point it to the GNS3 VM's IP address and you'll basically be using GNS3 like a GUI, the GNS3 VM will be the back-end so to speak.

    Hope this helps.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • Richard_ParkerRichard_Parker Registered Users Posts: 4 ■□□□□□□□□□
    Hey Richard,

    IOU images you'll have to find for yourself, sorry. Use some Google-fu and I'm 100% sure you'll get them.

    You'll need the GNS3 VM deployed inside VMware Workstation, Player or ESXi (don't use VirtualBox), then you need a license file uploaded to the GNS3 VM so that you can run those IOU (L2 and/or L3) images. It's called an iourc license file and you'll also have to rely on Google-fu to find out how you can get one.

    After you have these, just install GNS3 1.5.2 or 2.0 (wait until it goes public, the beta for 2.0 is still buggy) on your PC, point it to the GNS3 VM's IP address and you'll basically be using GNS3 like a GUI, the GNS3 VM will be the back-end so to speak.

    Hope this helps.

    Thanks very much for the info Negru, it helped a lot.
    I have got GNS 1.5.2 running now locally on my PC and have put in some routers by downloading the IOU images from the internet. When you say L2 or L3 images do you just mean specific switch and router models?

    Whats the benefit of running GNS3 in Vmware workstation over local pc?. I have vmware workstation so thats an option.

    I never applied an iourc license file. Will I get away without?.
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Thanks very much for the info Negru, it helped a lot.
    I have got GNS 1.5.2 running now locally on my PC and have put in some routers by downloading the IOU images from the internet. When you say L2 or L3 images do you just mean specific switch and router models?

    Whats the benefit of running GNS3 in Vmware workstation over local pc?. I have vmware workstation so thats an option.

    I never applied an iourc license file. Will I get away without?.

    Hi,

    - IOU = IOS on UNIX; basically they got the IOS code and compiled it for UNIX

    - L2 and L3: layer 2 (switching) and layer 3 (routing). Yes, we can now do switching (and a lot of it) inside GNS3. The only CCNP topics I couldn't lab in GNS3 were Stackwise, sections pertaining to supervisor redundancy and switching database management (SDM) stuff; VACLs also don't work right although you can pretty much configure them all the way

    - There are 2 different components to GNS3 nowadays: one is the GNS3 application which you install on your native host operating system (ie. Windows 10), the other one is the GNS3 VM (virtual machine). The most confusing bit is this last one because prior to it, people just installed the GNS3 application, loaded some IOS images and then ran their sims (while tanking their CPUs and memory because Windows is not the ideal platform to emulate IOS devices). The GNS3 VM is nothing else than a Linux virtual machine that offloads the emulation "engine" from your Windows host OS; Linux is a lot more efficient at emulating these devices. You install GNS3 VM in VMware but the GNS3 app. stays on your host OS.

    - You won't be able to run IOU images without an iourc license file; they won't boot up and you'll get an error in the GNS3 console

    Have a look at this: https://www.linkedin.com/pulse/setting-up-cisco-l2-l3-devices-gns3-152-ccnaccnp-preparations-yee ...Might get you going.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • Legacy UserLegacy User Unregistered / Not Logged In Posts: 0 ■□□□□□□□□□
    An alternate to that iourc license file is paying for Virl and using the images given by cisco into gns3. Setting it up that way is extremely easy.
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Just wrapped up the switching material study. Have to say, I enjoyed it more than I thought I would seeing how switching was my least favorite part when I did my CCNA studies.

    I'm now going to crack open the TSHOOT book to go through all switch-related topics; might complement my existing notes while I'm at it. Then, I'm going to lab every topic up again, watch the SWITCH videos I have and hopefully sit this thing somewhere mid-February.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • ande0255ande0255 Banned Posts: 1,178
    Do you have a wordpress blog like the one in my title, that you can tag certain topics, so you can sort through your studies by topic / title?

    If you do I would appreciate you posting a link up, your writing style looks very similar to my posts, only it's a thread on techexams rather than a wordpress blog :)

    Lemme know!
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Unfortunately I don't have one yet but it might be a good idea putting one together.

    I have a lot of notes from my other studies as well so I might put a blog together one of these days.

    Looked through your blog and I like your style.

    Might try to start one when I begin ROUTE studies etc. What I liked about this forum is the fact that people can participate so in the event that I run into a snag or anything, there's a higher chance someone could step in & help out.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Cracked open the TSHOOT OCG and the SWITCH section of the book is around 335 pages long although 125 pages apply to ROUTE as well (sections about tools and methodology for troubleshooting etc).

    Going to get some reading done today hopefully. Kevin Wallace seems to have been a contributor to the TSHOOT OCG so I think the quality is going to be above the SWITCH OCG.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • bodokidbodokid Member Posts: 24 ■■■□□□□□□□
    What videos are you using? Or just icon_study.gif the books and lab the concepts? Did you tried the learning portal from Cisco? Bafta icon_wink.gif
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    I started off with the OCG and videos from Kevin Wallace and Jeremy Cioara. Then about mid way through my studies I was given access to switch vids by INE and I just can't recommend those enough.

    I have nothing on TSHOOT just the OCG but that should be enough for going over any switching topics there for filling in any cracks in my knowledge.

    Multumesc :) Will post back once I've sat the exam no matter the result.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • Richard_ParkerRichard_Parker Registered Users Posts: 4 ■□□□□□□□□□
    Thanks I got it going eventually.
  • ande0255ande0255 Banned Posts: 1,178
    Unfortunately I don't have one yet but it might be a good idea putting one together.

    I have a lot of notes from my other studies as well so I might put a blog together one of these days.

    Looked through your blog and I like your style.

    Might try to start one when I begin ROUTE studies etc. What I liked about this forum is the fact that people can participate so in the event that I run into a snag or anything, there's a higher chance someone could step in & help out.

    I'd definitely suggest a separate blog or webpage to demonstrate your studies and problem solving, I've had employers (hiring managers) read mine before they even looked at my resume, then finally spoke to me. If you can write formally, explain breaks and fixes through brief explanations and router output, they eat that stuff up.

    I never figured anyone would give a crap about me linking to it on linkedin, but if you can present it semi professionally, you can turn a web page into a portfolio / organized set of notes.

    I'd give you more rep for checking out my blog but it says I already got ya :) Hope you enjoy it and it helps out any struggling CCNP candidates (and to hold myself responsible for studying).
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    Exam is now scheduled for 10:00 hours on the 13th of February :)

    Reviewing in full swing now.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    3 mode days to go.. starting to get a little anxious. Been reviewing topics (structured and at random), drawing flash cards, watching vids and labing stuff up. Really hope to bag it on the first go.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • bodokidbodokid Member Posts: 24 ■■■□□□□□□□
    13 February? still is not Friday icon_biggrin.gif good luck Tudor!
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    bodokid wrote: »
    13 February? still is not Friday icon_biggrin.gif good luck Tudor!

    :)

    Yeap, the 13th. Figured it's as good as any date :P Thanks for your kind words. Will post back on Monday.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    And we have ourselves a pass! :) (860 out of 1000)

    Some thoughts about the exam:

    - Some questions (just a few) are very oddly worded; I feel like they've been written by someone who's native language isn't English or simply wasn't sure about what he/she was asking questions about

    - Passing score is pretty high so you can't go into this one without either having years of experience in switching or doing some serious studying (or both)

    - I got a whole bunch of f'in trivia-like questions. I sat my share of Cisco exams until now but this one takes the cake..honestly, I understand sneaking one or 2 in there to confuse the candidate etc. but some of the questions I got really went deep into some topics that neither the OCG, INE course, CBT course or Kevin's course covered.

    - The sims were a blast (really enjoyed them). Very good / concise wording and requirements. Commands are limited but enough to do what's required of you. Tip my hat to Cisco for these.

    - I got an additional 30 minutes extension because English isn't my native language but I clocked out just when this extension period started (nature started calling ruthlessly so I had to wrap things up quickly either way :)). If you're not too good with English you'll find yourself struggling with getting all of this done within the existing time constraints.

    I'm very happy to have managed a pass on this one :) On the other hand, I'm a bit concerned about ROUTE and the quality of the questions / wording seeing how ROUTE is almost twice the size of SWITCH (material wise)..
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
  • bodokidbodokid Member Posts: 24 ■■■□□□□□□□
  • negru_tudornegru_tudor Senior Member Member Posts: 473 ■■■□□□□□□□
    bodokid wrote: »
    Felicitari!! icon_cheers.gif

    icon_cheers.gif

    Thank you!

    I'm really happy to have passed this one. Don't know why but I felt a lot better after passing SWITCH than I did any of the Cisco exams I took so far. I think mostly due to the fact that I feel as though switching has always been my weakest area.
    2017-2018 goals:
    [X] CIPTV2 300-075
    [ ] SIP School SSCA
    [X] CCNP Switch 300-115 [X] CCNP Route 300-101 [X] CCNP Tshoot 300-135
    [ ] LPIC1-101 [ ] LPIC1-102 (wishful thinking)
Sign In or Register to comment.