1st CCIE lab attempt blog and help for candidates.

Turgon

Success on upgrading the second 3550 to EMI at last!

The trick was to cd into the directory on flash containing the IOS version I wanted to tftp. Then I issued the command to make the IOS available through a tftp-server running on the router..

tftp-server flash:c3550-i5q3l2........

Then hop on the switch that requires this IOS and issue the copy tftp flash command specifying the IP of the switch hosting the EMI version and the name of the file. It copied across nicely.

Next I specified the boot commands to ensure the EMI version was loaded after a reboot.

boot system flash:c3550-i5q3l2..

As well that ends well. I can now proceed with the rest of IPExpert lab "R"

Turgon

With the switch upgraded carried on with lab 36 configuring OSPF on the switches and fine tuning DR priority for a couple of VLANs as well as costs for OSPF routes received from neighbors over Frame.

Turgon

Tuesday - Section 36 Lab "R" Continued on Home Rack

A couple more hours on the home rack working through the advanced OSPF configuration section and watching the debugs as I go. Fine tuning dead interval and removal of unavailable LSAs from LSDB using lsa-group-pacing. Now looking closely at the different OSPF authentication passwords used between hub and spokes over frame relay, the virtual links to switch 2 and the remaining OSPF tasks.

Turgon

The Virtual links have not come up yet. Numerous possibilities. I have spotted one loopback ip address typo and need to debug and look for other clues. But rather than rush now and deny myself a good troubleshooting experience I shall return to this problem patiently tomorrow. 9pm and its been a very long day at work and on the home lab. A decent session practicing today.

Turgon

Virtual links working now so my second switch finally has OSPF neighbors and routes. Patiently troubleshooted things hop by hop at layer 1, 2 and 3. Ran debug ip routing and other debugs. Spotted the issue. No IP address assigned to an essential VLAN on the switch which is also used by a network statement in the OSPF process. So no datalink OSPF is aware of for the virtuallinks. Everything came up like magic after that was fixed. Marvellous.

Turgon

Advanced OSPF section complete. I will look closely at the routing tables again in the next session. I'm down a couple of backbone routers so need some cables. OSPF summarisation tasks went in tonight. Note to myself to check a summary in the solution which appears wrong.

Turgon

Saturday evening. Obtained Cat5e cables from the store for my backbone routers. I may put in a couple of hours tonight setting those up.

Turgon

Sunday afternoon. Im presently finishing off the backbone router configurations and fixing any problems with switch port assignments to VLANs and anything else I come across. Looking closely at the redistribution parts of this lab now and running debugs. The RIP section is mostly working but no RIP routes appear in R2 for some reason. Distribute list to only allow even routes to R1 from BB1 working nicely now. Once again debug ip rip and debug ip packet detail are very helpful to fix problems.for example ..On R1 bad source for a RIP update was reported and this helped me identify a VLAN assignment for a switchport which was incorrect. R1 E1 was found to be in the wrong VLAN. Putting it in the same VLAN as the backbone router was the fix.

Now examining redistribution situations for the rest of the afternoon in this lab.
We have..

R2 RIP->OSPF (TAG)
OSPF->RIP (metric 4)

R6 CONN->EIGRP (Metric)
OSPf 1 ->EIGRP (Metric)
CONN -> OSPF
EIGRP->OSPF

R9 EIGRP 900 -> EIGRP 100

This should keep me fully occupied today. There some tunnels lurking in the scenario also.

Turgon

A few hours configuring NTP, Logging, Frame Relay Traffic Shaping, Wrr-queue on a 3550 switch and CBWFQ

Turgon

Conversion of Custom Queuing to CBWFQ went well although version 12.3 forced me to define protocols using access-lists. Next up some overdue Multicasting and Security configuration practice.

Turgon

Multicasting section on the practice lab Friday night was a good referesher with no big surprises although I learned some new commands. I will look at the mroute output more closely soon. ip pim sparse-dense-mode, choice of RP, igmp fine tuning, filtering RP announcements and ip pim bidir looked at.

I intend to go back to this section and spend a whole evening playing with shows and debugs just to concentrate on multicasting.

Saturday evening now and Im about to look at and lab up the security section of this lab on my home rack.

Turgon

Sunday morning and evening.

Completed the security and advanced security sections on the practice lab. A satisfying section with solutions that made a lot of sense to me. The suppression of local IP addresses when a traceroute is peformed by using an ACL called by a route-map used by a local policy and routing the flows to null interface. Clever.

The restriction to telnet from one router to another by having username and password requirement but also using autocommand to allow onward connection to another router. icmp log-input permitted in an ACL on an interface to ensure FR L2 circuit IDs are seen in debug traces.

I was unable to get the IPSec VPN Tunnel up between R1 and R9 due to IOS version but I understand how the solution meets requirements. The 'big' ACL requirements list for R2 condensed down into a solution that made sense. Various security features on switches demonstrated: protected ports within a VLAN, discarding of ethertype-6000 frames using mac access-group noe6k in and switchport port-security sticking on a mac-address and IP address.

I find the security sections flow quite well, as did multicast and QoS. Next up is BGP and having not labbed BGP for a few weeks I expect to go slowly with it in a dedicated session.

Turgon

Spent a few hours looking over the BGP section prior to labbing up tomorrow evening.

The BGP section of the latest lab offers some refreshers. Some of the things learned include:

Beware of confederations. These may be implied as opposed to required.
Locate possible route-reflector candidates.

For peerings consider update-source loopback, ebgp multihop and next-hop self. You may require multiple statements for a single peering.

As to the above consider peer-groups

cluster-ids to be unique to avoid routing loops

Change the origin code using a route map after a neighbor statement

BGP teardown - bgp fast-external-failover

Check next hop reachability of installed prefixes = bgp scan-time

Filter-list on neighbor statement are useful to accept prefixes orginated by specific routers/AS - use ip as-path access-list 1 permit *reg exp*

Important to watch out for sync requirements. Also check the IGPs when determining lack of BGP table i.e BB2 will reach 7.7.7.7/24 subnet via BB1 (BB1 and BB2 in same AS 500) check that BB1 is receiving 7.7.7.0 announcement from it's ebgp peer R2 in AS200

While I have been very busy at work of late I have managed to get some hands on in throughout the course of November. Thankfully I have three weeks leave coming up which should free up lots of time for a battery of hands on labs before year end. I expect to be working hard on switching/IGP and BGP right through to early January now.

Turgon

Switching work today - SVI's, HSRP, ACLs, Portchannel, OSPF and static arp.

Turgon

Sunday. Back on homerack working on BGP. Will post findings when done.

shednik

Good to see you're still going strong turgon

Turgon

Thanks Shednik,

The Everest metaphor for this lab attempt is rather apt. Basecamp (the written pass) is now impossible to see below me. I still have many hours of climbing ahead of me to reach Camp 1 but after a lot of tough climbing it's getting easier now. Just gotta keep going.. I'm certainly in a higher place than I have ever been before that's for sure!

Now where is my iceaxe

Not far to camp 1 now.

Turgon

Monday labwork.

More BGP with emphasis on use of community attribute to stop advertisement of prefix to other AS. Use of maximum-prefix to advertise a number of routes instead of full BGP table and aggregate prefix with no-export community attached. Finally closure on a really intense lab exercise on the homelab lab 'R'. Much was learned over the last few weeks working that one. I am now preparing for my next lab in the workbook and a remote rack session one evening this week. Interestingly the earlier labs now look like cake compared to the one I have just completed.

Turgon

Lab 'F' No 24 in IPexpert.

I have now read through this entire lab and made notes and will configure using remote racks.
A good spread of IOS features this one; HSRP, DHCP, NTP, SNMP and Syslog. QoS over FR using CBWFQ and a useful multicast refresher. More hands on now.

Turgon

Thursday evening Lab 'F'

Ran out of time on my remote rack session to debug a problem between BB1 and R1. R1 not receiving RIP announcements necessary for R1 to have the route it needs to BGP peer with BB1's loopback. No BGP prefixes received from BB1. Such is life. On to Lab 'G' next.

Turgon

Friday lab 'G' Section 25

Reading through the lab now and making notes. Will do the switching and IGP sections on remote racks today. Starting to make more detailed diagrams as I go. Lab questions make a lot of sense.

Turgon

A flighty Friday night session where all interfaces are given IP and the frame-relay cloud made operational using p2p subinterfaces and /30's between routers in the cloud. Configurations saved so I can copy configs quickly and carry on with the next step (IGPs) in my next session.

Turgon

A little time configuring the three switches in this lab scenario. Switching is coming together more fluidly these days. Need to read up on MST again.

Turgon

A couple of hours completing the IGP sections RIP/OSPF over frame and EIGRP. Some filtering using prefix list and the distance command. Useful time running debugs and checking the effect of redist by looking at show ip rip database and sh ip route. Shut an interface down and watched the routing table change as the RIP routes were replaced by OSPF routes due to no interface then running RIP due to the shutdown. (The RIP routes had precidence over the OSPF routes because the distance of OSPF had been altered to 140).

I may carry on with the lab tommorow and focus on the redundancy, multicast, QoS and IPservices sections but if so I would really like to study the routing behavior in more detail.

Overall good progress and with leave due over Christmas Im still on target to complete labs F,G,H,I,J and K before year end.

Good!

Turgon

Today was my last day in the 'office' until the 7th January. Hooray. Now I have time to spend with the family over Christmas and New Year without the distraction of the 9-5 job. At the same time this opens up time during the best hours of the day to study for a change, instead of the evenings after work and the weekend time I have put in over the course of this year. I spent a good deal of evenings and weekends prepping for the written test which I passed beginning of April this year and since then its been practical preparation using a wide range of resources but mostly the IPexperrt workbook, my home rack and remote racks.

On the professional front it's been a long year as a contractor, other than the occassional public holiday when I can't work, for my client I have worked everyday this year. I have had no days off sick at all. I did take two weeks off while my son was born. So basically no vacation this year. So it's been nose to the grindstone at work, busier than ever at home, and busy evenings and weekends preparing for my first lab attempt. It has all been worthwhile though.

While I have plans to continue ramping up the rack hours over the holiday (I make it 187 hours racktime logged since May this year!), I will be taking stock on the theory and reflecting on what I have learned. Of particular interest to me are all forms of route filtering and the use of ACL's across the IOS space. I will definately be revisiting the earlier labs in IPExpert and looking closely at the various ways to filter routes across IGPs and BGP.

All in all it promises to be a good end to the year. There is just one small piece of work I need to finish for my client before the new year a network design document but I can knock that out in a few hours spread over the holiday. I was hoping to finish this on my last day but troubleshooting a fibre link in a datacentre today absorbed the afternoon. The engineer noticed inconsistency on the ports. A nonegotiate problem on a Cat5000 port prevented the link to a new switch from coming up. Changed to negotiate at the Cat5000 end and all is well. Gotta love PAgP and CatOS.

I degress. Back from real world to CCIE. I'm scheduled to sit the lab in April. It's unlikely I will be ready by then but we will see. The main thing is to ensure before I catch the flight to Brussels I have not short changed my preparation. I am not going to do the lab for the experience. I don't buy into that.

Turgon

Christmas holidays have opened up some valuable extra study hours for myself. Today I will carry on with some note taking I began a couple of days ago. I have exercise books dedicated to various CCIE topics. At the moment Im documenting the redistribution and route filtering solutions to some of the earlier multiprotocol labs in IPexpert. Timeconsuming but useful. I also expect to be back on the remote racks this week to finish a couple more scenarios.

Turgon

Spending time today specifically looking over and documenting the multicasting scenarios for the first seven IPExpert multiprotocol labs.

Turgon

A couple of hours washing up the redundancy, NAT, IPsec, AAA and QoS tasks on Section 25 Lab 'G' in IPexpert. A good deal clarified and some new things learned thanks to the solutions. The components seem to be falling into place and when Im stuck a glance at the solution shows up things that really make sense. Now it's more about making sure everything works as I go along and getting some momentum going. I will be doing stricter labs going forward now against the clock, trying to configure what I can and leaving anything Im not sure about. I expect marks to be poor at first as there is still much to learn and more that requires practice but we shall see. Looking over the solution, notetaking and bookmarking the DocCD should be time wellspent once a lab attempt is complete. It should assist me in following practice labs being able to think more clearly about possibilities and homing in on useful parts of the DocCD. 2007's efforts have been very helpful towards my study goals, it's been a useful gentle tour around the block during the course of this year- 189 hours racktime and about the same time put in on workbook scenario studying, groupstudy, book reading and notetaking etc...so about 360 hours..add to that about another 100 for the written earlier in the year...now in 2008 I shall be working with that base experience and knowledge and building momentum with my practice labs.

GT-Rob

sounds like things are going solid for you. I know what you mean about momentum, just have to keep pushing and only look back to see how far you have come.

Sorry if you posted earlier, but do you have a rough time goal to be ready for your first attempt?

Turgon

Im scheduled for April but may bump it back to June or July. The main thing is to be fully prepared for my first attempt. Much depends on the time I can invest in my studies throughout January and the progress during that month.