Cisco Is Excellent

MACattackMACattack Member Posts: 121
Wow, I watch and finish the CBT Nuggets and Train Signal for 2 weeks it's so EXCELLENT.
I understand how VOIP works implementing Voice gatways, SRST stuff, H323 use.
Also QOS topic is very very usefull to me, and the must must for network admin is NBAR tool of CISCO for 6 months looking for how to block limewire and other peer to peer that use dynamic port, now it solves my issues.

Anyway, i am writing I am now taking my exam this coming december 642-812 and until now I need a good good reference for WIRELESS as it is the most main topic in exam. I already failed twice got 690 something in my first attempt, second attempt is 749 almost 69 more to pass the 804 passing score.

I hope someone of you could give me a good reference although I know the theory part but the how to is the most difficult part for me due to no hand's on experience but I applied the thoery using 3rd HW vendor like Linksys , netgear, dlink and it helps me understand how to implement but the how to... hope someone will respone to my post.

Thanks...... I eat cisco, I sleep cisco want to finish this CCNP by next year MARCH before my Wedding.

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    When I did the BCMSN for the wirless protion I used the Cisco Docs on wireless. There is a lot of information there. Bounce it off the exam objectives to narrow down what you should read. Good luck on your next attempt!
    An expert is a man who has made all the mistakes which can be made.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Starting with the CBT videos is a great way to study.

    I usually watch CBT videos, then read the book, then read internet docs (like Cisco's site) then lab it all. By then I feel confident enough to take the exam.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Aquabat [banned]Aquabat [banned] Inactive Imported Users Posts: 299
    i can't even understand half of the people that post on here.
    i herd u leik mudkips lol
  • sir_creamy_sir_creamy_ Inactive Imported Users Posts: 298
    Aquabat wrote:
    i can't even understand half of the people that post on here.

    And just think, these are the people you'll have the pleasure of interacting with on a daily basis in IT!
    Bachelor of Computer Science

    [Forum moderators are my friends]
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Aquabat wrote:
    i can't even understand half of the people that post on here.
    Ah, you're in the CCNP forum -- perhaps if you studied the subjects you too could speak CCNP. :D
    :mike: Cisco Certifications -- Collect the Entire Set!
  • MACattackMACattack Member Posts: 121
    Maybe you in wrong world dude....
    icon_eek.gif

    I would like to check this topic to all, with regards to security using DAI, IPSG.

    It is always mentioned in cisco press book that I should enable ip dhcp snooping if I am googing to use DAI and IPSG.

    If I could remember in Cisco press by david hucaby there is a certain portion that is not clear with me in IPSG.

    Like in hucaby, it mentioned only to DROP the packets not put the errdisable state.
    In cisco press the other author I forgot, it will be put in errdisable state.

    Please correct me if I am wrong, maybe when using IPSG using static binding it will only drop. But when using dynamic binding using dhcp snooping as it will put the interface in errdisable state due to all ports by default is UNTRUSTED.

    In DAI also will apply the above mentioned.

    Am i right? I forgot when trying this to the new 3560, sorry to ask I am in remote area so just spending reading this book.
  • MACattackMACattack Member Posts: 121
    When configuring DAI, follow these guidelines and restrictions:

    •DAI is an ingress security feature; it does not perform any egress checking.

    •DAI is not effective for hosts connected to switches that do not support DAI or that do not have this feature enabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast domain, separate the domain with DAI checks from the one with no checking. This action secures the ARP caches of hosts in the domain enabled for DAI.

    •DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings in incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP packets that have dynamically assigned IP addresses. For configuration information, see Chapter 28, "Configuring DHCP Snooping."

    •When DHCP snooping is disabled or in non-DHCP environments, use ARP ACLs to permit or to deny packets.

    •DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.

    •A physical port can join an EtherChannel port channel only when the trust state of the physical port and the channel port match. Otherwise, the physical port remains suspended in the port channel. A port channel inherits its trust state from the first physical port that joins the channel. Consequently, the trust state of the first physical port need not match the trust state of the channel.

    Conversely, when you change the trust state on the port channel, the switch configures a new trust state on all the physical ports that comprise the channel.

    Thanks for the time reading I found what i need. TY

    •The operating rate for the port channel is cumulative across all the physical ports within the channel. For example, if you configure the port channel with an ARP rate-limit of 400 pps, all the interfaces combined on the channel receive an aggregate 400 pps. The rate of incoming ARP packets on EtherChannel ports is equal to the sum of the incoming rate of packets from all the channel members. Configure the rate limit for EtherChannel ports only after examining the rate of incoming ARP packets on the channel-port members.

    The rate of incoming packets on a physical port is checked against the port-channel configuration rather than the physical-ports configuration. The rate-limit configuration on a port channel is independent of the configuration on its physical ports.

    If the EtherChannel receives more ARP packets than the configured rate, the channel (including all physical ports) is placed in the error-disabled state.

    •Make sure to limit the rate of ARP packets on incoming trunk ports. Configure trunk ports with higher rates to reflect their aggregation and to handle packets across multiple DAI-enabled VLANs. You also can use the ip arp inspection limit none interface configuration command to make the rate unlimited. A high rate-limit on one VLAN can cause a denial-of-service attack to other VLANs when the software places the port in the error-disabled state.
Sign In or Register to comment.