Anthony's CCIE R&S thread

EricsLearning

I am using routers, switches and firewalls with the same option so config replace wasn't an option since the ASAs don't support the command. I will definitely take a look at your new version though.

OfWolfAndMan

Hi guys.

It's been a couple of week. Was working on process with buying a house the past twoish weeks, so have been busy sorting finances, making sure inspections are done by the right people, making sure to find the right house, getting a realtor, broker, etc. All that fun-filled adventure.

I still had some time to work on things, but not nearly as much. Moreso reading about taxes and hidden costs so we know what we need to go in with.

ANYWAY, got tired of the CSRs for a bit. The configure replace seems to crash the router, whether I automate it or not, so may need to setup an alternate approach for later. For now, using the IOSv nodes on VIRL. They do what I need, can fill the initial configurations with the scenario related stuff, and less resource overhead, but seemingly more stable (And there seems to be some DMVPN features I didn't have on the CSR that I do on IOSv).

Finished Routing TCP/IP Volume 1 about two weeks ago. Started the QoS book yesterday but haven't done any reading in between that time.

I got all of the DMVPN labs knocked out. That was some fun stuff for sure. Very cool technology, and some more practice with refreshing on IOS IPSec configurations. Not too much reading aside from the first couple of chapters of the QoS book (Enjoyable so far). Finished the policy routing labs as I thought it'd be good to brush up on that. Tonight will entail some QoS labs regarding marking and classification.

Let's see, did some updates to DMVPN notes, as well as adding some links to my link listing for solutions. I would like to knock out the QoS book in a matter of about two to three weeks. While it is about a 700 page book, a good chunk of it doesn't apply since the current IE seems to focus heavily on the MQC.

Goal for this week: Finish a few chapters of the QoS book (MQC, Classification and Marking, Queueing Chapters), do some QoS labbing.

That's it for now, folks.

OfWolfAndMan

Last few weeks:

-QoS book is finished. Notes taken. Anki cards to follow
Skipped QoS topics:
*AutoQOS
*Anything mentioning Frame Relay
*Link Efficiency Tools (Although good reads about header/payload compression in places)
Additional reading required outside of the book:
*NBAR (See links in Onenote)
Worthy Mentions:
*ECN feature for WRED (Not mentioned in many places, but on the blueprint)
-Half of the QoS labs completed.
-Multicast Book started

Note-taking changes
-Modifying configurations in onenote to create a more modular, easier to read approach. This will take some time, but make browsing for configuration-specific stuff easier, as I have distributed commands specific to a topic, which appears clunky to me personally
-Porting the notes into a well structured word format (Including ToC, table of tables/figures) when done. This will make printing the notes and making manual scribbles easier since Onenote lacks providing an efficient page break feature when printing or exporting to PDF
-Providing direct links to RFCs whenever mentioned

Labbing:
-Complete QoS labs, while working in Multicast Labs

Modifications to reading list:
-Adding a chapter or two from QoS end-to-end network design for modern use cases (Bit more modern than the cert guide on design approach)
-Need to read a chapter out of IWAN to cover the topic for PfR (Performance Routing)
-Additions to the Excel spreadsheet I have for good links

r_balest

A quick silly question, how do you bring your books around to read?

I'm using public transport and sometimes I have to stand and there's no chance I can lug that Jeff Doyle's heavy book around.

I tried to copy several pages only, but that quickly becomes troublesome as well

Note: I can't use tablet as my eyes get tired looking at the combination between screens and texts for long period

OfWolfAndMan

r_balest wrote: »

A quick silly question, how do you bring your books around to read?

I'm using public transport and sometimes I have to stand and there's no chance I can lug that Jeff Doyle's heavy book around.

I tried to copy several pages only, but that quickly becomes troublesome as well

Note: I can't use tablet as my eyes get tired looking at the combination between screens and texts for long period

r_balest,

This is my thought on the matter: Reading and writing notes is obviously next to impossible when you have to stand, so having to think of how to make an efficient strategy of time in this situation would go something like this:

-Since I make flash cards with Anki, and Anki has a mobile app, I could go through the flash cards
-If possible, keep mobile versions of the book for active review
-Reviewing your notes. Onenote has a mobile app. Not all other note-taking options do

Past that, you are obviously limited to what you could do, but those are the few that come to mind when I am stuck in a tight space with little room.

On a related topic, there is a really good learning strategy course free on Coursera here:

https://www.coursera.org/learn/learning-how-to-learn

Very good course, and some tools in there as well. It has really enhanced my study routine and helps me retain information more easily.

r_balest

OfWolfAndMan wrote: »

r_balest,

This is my thought on the matter: Reading and writing notes is obviously next to impossible when you have to stand, so having to think of how to make an efficient strategy of time in this situation would go something like this:

-

Thanks for this, however I'm still confused about how to read books on the go. Especially our cisco books generally are thick and heavy.

Do you use digital version of all the books you're reading?

OfWolfAndMan

r_balest wrote: »

Thanks for this, however I'm still confused about how to read books on the go. Especially our cisco books generally are thick and heavy.

Do you use digital version of all the books you're reading?

I use digital versions when in a situation like that. Obviously, I can't afford having both digital and paperback, so I keep some paperback, some digital, and the rest goes to the credit of Safari Books.

OfWolfAndMan

Checking in. Still working on Multicast reading and labbing. Just need to knock out the IPv6 multicast section, and I'll be done with multicast. The rest has been multicast labbing. Also, some packet analysis related stuff to study certain headers.

OfWolfAndMan

Long time, no post.Finished all relevant IPv6 material. That was somewhat of a drag, but it was fun learning how the engineers of IPv4 improved upon their original design.Have been doing some review the last couple days, and read through the evolving technologies document once. I will be taking notes the second read around, as it's a new spectrum of material, so it doesn't hurt talking two reads to obtain an appropriate level of familiarization.My upcoming goals:Flash cards to make:-IS-IS structure of NETReview:-IP SLALearnfR-Evolving Tech-EEM-6RD-6PE/6VPEAnyone have a good solid document on EEM? Guess I could go find a Cisco config doc, but never hurts to ask for recommendations.

Ismaeljrp

Found this blog from INE.

I personally have only used EEM to clear NAT translations automatically when wan link fail-overs occure on networks with VoIP phones since for reasons I don't understand IP phones just stick to old nat entries. Never could get TAC involved to figure it out so just created the EEM script to clear them.

OfWolfAndMan

Ismaeljrp wrote: »

Found this blog from INE.

I personally have only used EEM to clear NAT translations automatically when wan link fail-overs occure on networks with VoIP phones since for reasons I don't understand IP phones just stick to old nat entries. Never could get TAC involved to figure it out so just created the EEM script to clear them.

That's a great overview. Have been doing some labbing with it and also looking through INE's workbook on it. Fun stuff. Probably will consume the rest of my weekend, alongside ACI components

carterw65

You have in your signature block you are taking the written in August. Have you scheduled it yet?

OfWolfAndMan

carterw65 wrote: »

You have in your signature block you are taking the written in August. Have you scheduled it yet?

It was a rough date. September is looking more realistic right now. Been caught between network automation stuff and other life matters...

Might as well check in though. At this point, I moved all my notes into a word format with table of figures/tables and a ToC. Looking to be about four parts and over 200 pages. Time to run through all of them and add comments for things that need more detail. Past that, more flashcards and Boson practice study. Nothing else to report aside from finishing up ACI/PfR notes, along with some EEM.

OfWolfAndMan

It's been a while since I reposted here. Been a really busy last couple of months. Many new things for the better, unquestionably! However, it did not deter me from my studies, only delayed them a bit.

As of yesterday, I passed the written with a passing score. If you want my opinion, I thought it was a pretty fair test. I would also say that don't slack off on not studying those more obscure technologies in the blueprint, as it might come back to bite you .

As for the lab, I will begin today starting out with a few labs, and go from there. I currently have INE's ATC workbook as well as Narbik's Tshoot CCIE book (Which I haven't even touched yet). I will probably start by delving into the switching technologies, since a ran through all routing related stuff last time around.

Also, my lab has evolved. Originally, I had CSRs, but got tired of their instability, so now I'm running IOSv instances in ESXi without VIRL. I have a python script I use to automate my lab environment, and I've got it to work quite efficiently for the most part. If you'd like to see it, check out my Github (I had posted it earlier in this thread I believe, but it's been updated enough to reiterate):

https://github.com/OfWolfAndMan/CCIE-Lab-Automation

ninjaturtle

Congrats mate!! I've been mia on the site, but I've now returned. And I return to great news from you! That's awesome man!!

bharvey92

OfWolfAndMan wrote: »

It's been a while since I reposted here. Been a really busy last couple of months. Many new things for the better, unquestionably! However, it did not deter me from my studies, only delayed them a bit.

As of yesterday, I passed the written with a passing score. If you want my opinion, I thought it was a pretty fair test. I would also say that don't slack off on not studying those more obscure technologies in the blueprint, as it might come back to bite you .

As for the lab, I will begin today starting out with a few labs, and go from there. I currently have INE's ATC workbook as well as Narbik's Tshoot CCIE book (Which I haven't even touched yet). I will probably start by delving into the switching technologies, since a ran through all routing related stuff last time around.

Also, my lab has evolved. Originally, I had CSRs, but got tired of their instability, so now I'm running IOSv instances in ESXi without VIRL. I have a python script I use to automate my lab environment, and I've got it to work quite efficiently for the most part. If you'd like to see it, check out my Github (I had posted it earlier in this thread I believe, but it's been updated enough to reiterate):

https://github.com/OfWolfAndMan/CCIE-Lab-Automation

Fantastic work Wolf and congrats on the CCIE Written pass! When are you looking for the Lab date?

Unfortunately my CCIE studies have slipped a bit, and I need to recertify my CCNP (which I'm sitting in 3 weeks actually) before I pick it up again

Good luck with your studies and keep up the great work!

OfWolfAndMan

Thanks guys!

Alright, so checking in first week after running labs. Relatively easy this week (It was all system management stuff).

Just an FYI, I am currently using INE's workbook. I do have one from Narbik's site as well, but it is explicitly troubleshooting, which will come later.

A few key topics that were labbed:

- NTP
- SNMPv2/3
- Configuration Archive
- CDP
- Syslog

I have created an Excel spreadsheet which contains the following fields in each tab (Each tab contains a whole section from the lab, so in this case, system management, BGP (Probably will need to be broken down into multiple tabs), OSPF, etc).

Command Topic | Example Configuration Commands | Config Command Notes | Example Show commands

---

So having the config command notes is nice in the case I need to note something specific, if it's an obscure command that needs to be explained, or more specific things.

I was thinking about using mind maps in this process, but I'd only see it useful in certain situations i.e. order of operations when configuring something such as Flexible netflow.

Lastly, I created a "Default configurations" section to entail commands that are in a running config by default, but only appear when typing "show run all". This may not be needed for all commands, but I could see it being useful in certain cases if I need to take notes about the command.

That's all I have for now. Will check in next week

OfWolfAndMan

Weekly check-in. Finished the IP Services labs, as planned. Participated in active review on Sunday. I find this to be a great workflow for myself personally. Main topics covered:

- HSRP
- VRRP
- Object tracking for HSRP
- Various TCP services/legacy security-problematic services i.e. UDP/TCP small-servers
- NBAR protocol discovery
- A variety of NAT scenarios, including
* Basic NAT
* PAT
* Reversible NAT
* NAT with route maps
* Static policy NAT
* NAT TCP load distribution
* Static Extendable NAT

For the variation in each of these NAT scenarios, I found it appropriate to build a mind map in how each is crafted. I find the mind map approach for certain things such as command sequence for a particular technology useful. In addition, mind maps are just awesome in general for this kind of thing.

That's it! Nothing too crazy, although I have to say all the NAT scenarios were fun to see.

This week: Security. I have already gone through some of the AAA labs today, hopefully this should be a one-week move through the labs.

After week four (The fourth set of labs), I will be undergoing a broad active review of the last four lab section I have gone through to keep fresh. This is an additional piece to my methodology moving forward.

OfWolfAndMan

Another week of fun. Plenty of labbing fun. This week was Security. Key topics included:

- AAA Authorization and Authentication
- Standard ACLs
- Extended ACLs
- Time-based ACLs
- Even octet matching ACLs (This was an interesting one. Something I'll need to look back at again later)
- Specific ACL functions i.e. fragments, established TCP connections, etc
- uRPF for mitigating packet spoofing
- Using PBR with ACLs for filtering (The only thing I found useful adding PBR was specifying packet size)
- NBAR for matching URL extensions
- VLAN filtering for IP/Non-IP traffic (AKA VACLs. NOT an SVI ACL)
- Port Security
- DHCP Snooping
- IP ARP Inspection
- IP Source Guard
- Control Plane Policing
- VTY Line access control
- BGP TTL Security Mechanism

There were a couple other labs, but they mostly wrapped into the aforementioned topics.

I started the QoS labs this morning (Which will be a greater degree of effort this week in comparison to the first three weeks. The material is a bit deeper). Fortunately, I have gone through these labs once when I was working through the written, so that should help retain a good pace, but we'll see.

As for my mind map I've been using for certain topics I find useful for mapping out, here's the link:

CCIE Lab Topics -- XMind Online Library

Just to reiterate, I also am reposting the link to my onenote notes here. Check in the section "Lab notes" under "Readme". It contains all my progress as well as my schedule if you want an idea on shaping an approach.

https://1drv.ms/u/s!Apb-qyBHn-lncomCp0gstw3M-UI

I need to update the lab automation scripts as well. I will be sure to provide a link to those once they're updated.

OfWolfAndMan

Finished active review this morning. The QoS week was nice, but easier to run through considering I've gone through it a couple times before. A couple key things to remember about this section:

- Single rate, three color policer = CIR with conform, exceed and violate actions
- Dual rate, three color policer = CIR and PIR with conform, exceed and violate actions
- CIR and PIR rates are specified in BITS. Bc/Be values are specified in BYTES
- QoS policy enforcement is only applied after tunnel encapsulation on GRE/VTI tunnels, therefore the "qos pre-classify" interface command should be used to work around this problem
- The MQC is hierarchical and provides a degree of modularity for flexible service policies

This week, switching! Looking at the topics, most of these I am very good at, so this week should be a cake walk (Except for MST and Smartport Macros. I've used MST once in the past).

Also, I configured my four-week active review (Reviewing the last four weeks of materials). Helps more with memory retention in my experience.

OfWolfAndMan

Good day everyone,

This week was all switching. Fortunately, my physical equipment was able to support all lab configurations, so that’s easy peasy for me. I spent about four hours this week fixing my console server since I tried pushing a firmware upgrade to it and it bricked on me, so I had to recover it via console. No worries though. Many of these labs were pretty straightforward. Nothing I haven’t touched before, with the exception of a few:

• Smartport Macros (How have I NEVER used this before?!) [] * One note on this. The syntax has changed since older versions. The new syntax is:

  [I] define interface-range [range name] [interface range] [/I]
  

• VTP Prune-Eligible List
• Protected Ports (A deprecated, very rigid feature-set capability that was used prior to PVLANs). Not really sure where I’d ever use this if I had PVLANs as a feature

I have updated my schedule to complete the entirety of my labbing schedule (As of now). I added in Narbik’s Tshoot workbook as well as the Cisco 360 Practice Assessment ($99 on Cisco. Recommended to me by someone who took the lab). You may find that in my one note workbook.

This coming week entails IP Routing and Redistribution section. I can’t imagine I will spend more than a few days on the IP routing section, so I will probably be focusing half of my efforts on the only three redistribution cases in the INE workbook (And Narbik’s Redistribution stuff in the Bridging the Gap book), as I can imagine it will be a section I should keep very tight attention to.

I ordered the bridging the gap book, as I’ve been recommended that. Although I have Safari Books, I really prefer a hardcover for something with the detail it does (I took advantage of the Black Friday deal on that one ).

bharvey92

OfWolfAndMan wrote: »

Good day everyone,

This week was all switching. Fortunately, my physical equipment was able to support all lab configurations, so that’s easy peasy for me. I spent about four hours this week fixing my console server since I tried pushing a firmware upgrade to it and it bricked on me, so I had to recover it via console. No worries though. Many of these labs were pretty straightforward. Nothing I haven’t touched before, with the exception of a few:

• Smartport Macros (How have I NEVER used this before?!) [] * One note on this. The syntax has changed since older versions. The new syntax is:

  [I] define interface-range [range name] [interface range] [/I]
  

• VTP Prune-Eligible List
• Protected Ports (A deprecated, very rigid feature-set capability that was used prior to PVLANs). Not really sure where I’d ever use this if I had PVLANs as a feature

I have updated my schedule to complete the entirety of my labbing schedule (As of now). I added in Narbik’s Tshoot workbook as well as the Cisco 360 Practice Assessment ($99 on Cisco. Recommended to me by someone who took the lab). You may find that in my one note workbook.

This coming week entails IP Routing and Redistribution section. I can’t imagine I will spend more than a few days on the IP routing section, so I will probably be focusing half of my efforts on the only three redistribution cases in the INE workbook (And Narbik’s Redistribution stuff in the Bridging the Gap book), as I can imagine it will be a section I should keep very tight attention to.

I ordered the bridging the gap book, as I’ve been recommended that. Although I have Safari Books, I really prefer a hardcover for something with the detail it does (I took advantage of the Black Friday deal on that one ).

Hey Wolf,

How are you planning your schedule in regards to labs? Do you literally strict yourself to a couple of days on each section? Or smash through workbooks until you get the section done?

OfWolfAndMan

bharvey92 wrote: »

Hey Wolf, How are you planning your schedule in regards to labs? Do you literally strict yourself to a couple of days on each section? Or smash through workbooks until you get the section done?

Generally, I dedicate about a week to the sections I don't consider too massive (Something I considered massive that I allocated 2 weeks to was the BGP section considering there are 60 labs in total for just the INE workbook). However, there are a couple sections I will squeeze into one week if I find that one section will be more than done before the end of the week. So I allocated QoS for one week (I have ran through those labs before, so it may take others a bit longer), for example. BGP I have allocated for 2 weeks (For INE's part) but the larger labs (i.e. full scale, troubleshooting, etc) I will generally allocate some more time to. The dates I put in my notebook are an estimate, and not necessarily the rule. I may get done quicker on some topics, while some take much longer. Having a plan and deadlines is the big thing for me. If I don't have a structured plan (No matter how inaccurate it is), I can get lazy. Also, allocating active review time is extremely useful. Regarding my day-to-day tasks, I will split the labs up evenly over the six days I am not involved in active review. So if there are 18 labs in the section. I do three a day, and become good at those three. If they're too easy, I can add on a couple more and allocate additional time to active review on Saturday or focus more on weak spots. I am experimenting currently with active review of a section (Or two) once a week, and then review of the previous 3-4 sections every 4ish weeks. Every 8-10 weeks (Based on the schedule), I will allocate a whole week to active review of a large chunk of previous topics to keep them fresh enough in my mind (Which typically covered the last 8-12ish sections). Also, the mind map is really a great help for active review. Puts things in a nice perspective for me.

dontstop

When you read TCP/IP Illustrated, did you read it to study (write notes, test yourself on the knowledge) or just to expose yourself to the information (uncovering things you didn't know you didn't know)?

OfWolfAndMan

dontstop wrote: »

When you read TCP/IP Illustrated, did you read it to study (write notes, test yourself on the knowledge) or just to expose yourself to the information (uncovering things you didn't know you didn't know)?

TCP/IP Illustrated volume 1 is more than just a book. It is a bible. A haven of the most in-depth information on TCP/IP (Especially on TCP) without reading the dry material known as RFCs, which you may find yourself falling asleep, snoring and drooling on your desk not too long after initiating your attempt to read them (Unless you have the right attitude when reading them). If you want to become a master of packet analysis, diagnose some common problems slow networks (Or even those less explainable issues you may encounter), and even learn some core pentesting approaches, then this is your book. I did read it to cover the subjects that relate to the CCIE written (Which is not all of it, but lots of good pieces in there that tie into the written). I have read the whole book before, and it is an undying gem, although there are some parts that are a bit obsolete (Namely the encryption part).

dontstop

Very nice. So when you're reading it are you taking notes? Or just reading it like a story book and what you remember you remember?

OfWolfAndMan

dontstop wrote: »

Very nice. So when you're reading it are you taking notes? Or just reading it like a story book and what you remember you remember?

Notes are good to be taken (That’s what I did). Again, reviewing the exam topics, you’ll know what needs to be learned and what can be skipped. I also personally like to use mind maps if needed.

OfWolfAndMan

Last week entailed the IP routing section and redistribution. I have to say, redistribution was REALLY fun. I've dealt with similar situations, but it's nice seeing many of those problems in one place (When labbing of course).

Some key takeaways:

- Using the egress interface exclusively on a static route without a next-hop IP will consume greater memory due to proxy ARP usage and is not recommended.
- GRE tunnels should not have their tunnel/source addresses advertised over the tunnel due to recursive routing
- ODR is not in the blueprint, but for some reason I still did the lab
- There are many ways about fixing a redistribution issue, depending on the situation. Most common things to configure will be adjusting metrics, administrative distance, or configuring/dropping route tags depending on the situation (Control plane/data plane loop)
- Knowing the redistribution seed metrics for a routing protocol is very important. Seriously.

I finished the RIP labs for this week early last week before going over active review. Nothing too special (It is RIP after all). I will be finishing up the RIP labs tomorrow and then continuing onto Narbik's PPP labs. I may also consider looking at Narbik'sredistribution labs if I have time this week.

That's it for now. Also, I updated my script to support multithreading, so the scenario configuration for my 10 routers went from 7-10 minutes to under a minute, so I'm happy about that.

OfWolfAndMan

Another successful week!

Finished RIPv2 pretty swiftly, and somewhat quickly. The one thing I’d say needed some extra proactive involvement were the filtering methods. Lots of fun to be had there. The second part of the week was all PPP. Unfortunately, I lost almost a day due to realizing I didn’t have serial interface availability, so I spent a few hours spinning up a GNS3 VM on my server. Once it was up and running, things were peachy for the most part.

With PPP, there were a few key points that were relevant for remembering:
- authentication can be one-way or mutual. Only one side has to agree on the credentials provided (Although with CHAP, the secrets have to match). Two-way authentication would require separate session configurations.
-PPPoE has two special people interfaces. One for client (Dialer), one for the server (Virtual Template). I found it important to be sure to remember this, as well as the configuration sequence.
-MLPPP has a special interface as well (The multilink).

This week is something a bit more interesting: EIGRP. I’m excited for the named instances for sure.

Lastly, my script has been upgraded further to support multithreading on almost all of the functions, making things MUCH faster.

OfWolfAndMan

Hey guys, another successful week. Labbed it up with EIGRP all last week. One thing I will say is be sure you know your names mode well and how things are placed differently from classic mode. I definitely will say I actually like it more personally, but just my opinion. Another thing I’d like to say is get to know your numbers enough for manipulating the EIGRP metric properly, primarily for unequal cost load balancing.

Also, another thing I learned is there is a commmand you can use to manipulate hop count limitations of the EIGRP messages. I mean, I knew it was a thing, but wasn’t aware EIGRP has it.

This week is multicast. So far on track for the most part. I’ve had quite a bit of experience with multicast in the past, and my one recommendation is getting to understand the flags and information in the sshoq up mroute command. Makes troubleshooting/diagnosis much easier in the real world. Anyway, that’s it for this week.

My one problem has been reloads on my IOSv instances. There seems to be corruption that’s occurred on two instances so far (And I’ve had them configured for several months, but the CSRs never gave me this trouble). If this continues, I may consider just going back to the CSRs. For now, sticking with IOSv as it’s quicker on reload. I have some scripts I wrote for changing lines in the scenario configs in bulk, so if anyone’s
interested, let me know and I’ll throw it up on my Github or something.

Thats it for this week.