Taking the switch exam

BroadcastStorm · March 2011

Hi Guys,

I am going to take the switch exam, I've used the following resources so far.

1. FLG read the whole book.
2. Lab Companion - Practice this twice on a physical lab.
3. Video Nuggets - Watched 2 - 3 series of Video Nuggets.
4. The additional material Dave H. posted on his blog.
5. Practice exam on Cisco's website.

- IP SLA
- HSRP Tracking/IP SLA Tracking
- Syslog
- SVI Automatic State
- VACL/RACL/PACL
- Planning
- Switch Security
- PVLAN

So far this are the areas people were complaining about, and I will redo lab practice for this before going in, I am sure this exam will trick me in ways I haven't imagine.

Any last minute advise etc. before I take this exam will be greatly appreciated.

Thanks!

tomaifauchai · March 2011

I hope you included dot1x in your Switch Security section!

Good luck mate

BroadcastStorm · March 2011

tomaifauchai wrote: »

I hope you included dot1x in your Switch Security section!

Good luck mate

Thanks for posting this, I almost forgot about this.

Now that you mention I also have to reinforce AAA.

PsychoFin · March 2011

Yeah, when I took (and failed) switch, there was a lab that hurt slightly

Good thing that you were already aware of Hucaby's blog, then I won't mention it.

Oh, and Jeremy's SWITCH nuggets are excellent. If you already own the BSCI you can get it for $99

Cheers,
Fin

BroadcastStorm · March 2011

Hi Guys, of all the technology I mentioned above, does anyone have a lab resource, I have to say the Cisco Official Lab companion is missing a great deal, it's very small in content and did not get the bang for my bucks given I paid 35 $ for it.

The Dot1X was in there but was missing a great deal, if you do kindly provide the link.

Thanks!

QHalo · March 2011

I haven't read that far in the OCG or FLG books, but if it covers it well enough you could create your own labs to cover the topic fully. I find creating my own labs helps me understand more than just the topic I'm configuring but configuration of the overall components needed to perform the lab itself.

pitviper · March 2011

BroadcastStorm wrote: »

The Dot1X was in there but was missing a great deal, if you do kindly provide the link.

There can't be that much to Dot1x from a SWITCH exam perspective - The switch side config is pretty straight forward. The server side is a bit of a bi-a-tch. I'm running an ACS 5.0 (eval) server in the lab for TACACS+/RADIUS. Figured that I would setup an end-to-end Dot1x lab... and it turned into an entire weekend detour!

BroadcastStorm · March 2011

pitviper wrote: »

There can't be that much to Dot1x from a SWITCH exam perspective - The switch side config is pretty straight forward. The server side is a bit of a bi-a-tch. I'm running an ACS 5.0 (eval) server in the lab for TACACS+/RADIUS. Figured that I would setup an end-to-end Dot1x lab... and it turned into an entire weekend detour!

I spent sometime configuring Dot1x Authentication between a Switch and Directly plugged host, the idea was that the login credentials will be used for authentication, and the switch has the credential defined and of they match it should turn the port on but didn't had any success doing so, on Windows 7 the service "wired autoconfig" has to be enabled.

"The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X"

I am thinking along the lines of fully implementing a TACACS/Radius server to play around DOT1X wired authentication.

BroadcastStorm · March 2011

QHalo wrote: »

I haven't read that far in the OCG or FLG books, but if it covers it well enough you could create your own labs to cover the topic fully. I find creating my own labs helps me understand more than just the topic I'm configuring but configuration of the overall components needed to perform the lab itself.

Thanks for the info, there are sample configuration on the topics in FLG that I practiced, personally I prefer an end to end lab scenario some of the samples in FLG are using a different IOS, or my 3550 doesn't support the commands.

I am starting to wonder if I should knock out the end to end lab scenario on the Tshoot lab manual book, this is probably going to be a win win

QHalo · March 2011

If you can get access to a secure ACS installation, which can be run off of a windows server 2003 VM (I have one), you could do an end-to-end as mentioned above. It might make your eyes bleed though but that's part of the fun!

down77 · March 2011

BroadcastStorm:

My SWITCH attempt is tomorrow and I'm spending tonight reviewing the labs in the SWITCH Lab manual on my gear. I have the following at my disposal:

2 x 3550-24PWR-EMI
2 x 3750X-24P-S (on loan, thank you to my channel partner)
1 x 1841

Labs I am concentrating on since I don't do them often enough:

Dot1x
IP CEF Troubleshooting (overkill for SWITCH IMO)
IP SLA
HSRP/VRRP/GLBP elections (well I do this regularly BUT... can't hurt to lab)
Layer 2 Security (DAI, DHCP Snooping, Port Security)
Private Vlans
STP (RSTP, MST especially)
VACLs

For the radius server I am just planning to use Win2k3 IAS on a virtual since I have it up and working already.... and I'm too lazy to custom configure Free Radius on a linux server tonight!!!

BroadcastStorm · March 2011

down77 wrote: »

BroadcastStorm:

My SWITCH attempt is tomorrow and I'm spending tonight reviewing the labs in the SWITCH Lab manual on my gear. I have the following at my disposal:

2 x 3550-24PWR-EMI
2 x 3750X-24P-S (on loan, thank you to my channel partner)
1 x 1841

Labs I am concentrating on since I don't do them often enough:

Dot1x
IP CEF Troubleshooting (overkill for SWITCH IMO)
IP SLA
HSRP/VRRP/GLBP elections (well I do this regularly BUT... can't hurt to lab)
Layer 2 Security (DAI, DHCP Snooping, Port Security)
Private Vlans
STP (RSTP, MST especially)
VACLs

For the radius server I am just planning to use Win2k3 IAS on a virtual since I have it up and working already.... and I'm too lazy to custom configure Free Radius on a linux server tonight!!!

Goodluck tomorrow, let us know how it went.

Don't forget to include HSRP Track, and IP SLA HSRP Track, at first I thought they work the same but they don't.

Chipsch · March 2011

So maybe i am just a little off in the head but what i like to do is take a block of technologies and just throw them into a lab and make it work. Once it works, break it. Maybe throw a funky access list on there that could block the HSRPv2 multicast address or udp port it talks on. Debug and figure out why it isn't getting through. This will reinforce those details that can easily be forgotten.

Syslog is pretty straightfoward so not much there.

ip sla is a very involved ip service imo. A lot to cover there so not to sure how detailed the switch blueprint goes. Assuming it is only looking for minor configurations such as setting up a monitor session for ipicmpecho or jitter and maybe a responder on the remote end. Play with, it's loads of fun. Track the sla and perform an event on that.....

Personally as enjoyable as the core of routing and switching is i really get involved in the services section. So much to leverage there.

Best of luck to you.

larue38462 · March 2011

down77 wrote: »

BroadcastStorm:

My SWITCH attempt is tomorrow and I'm spending tonight reviewing the labs in the SWITCH Lab manual on my gear. I have the following at my disposal:

2 x 3550-24PWR-EMI
2 x 3750X-24P-S (on loan, thank you to my channel partner)
1 x 1841

Labs I am concentrating on since I don't do them often enough:

Dot1x
IP CEF Troubleshooting (overkill for SWITCH IMO)
IP SLA
HSRP/VRRP/GLBP elections (well I do this regularly BUT... can't hurt to lab)
Layer 2 Security (DAI, DHCP Snooping, Port Security)
Private Vlans
STP (RSTP, MST especially)
VACLs

For the radius server I am just planning to use Win2k3 IAS on a virtual since I have it up and working already.... and I'm too lazy to custom configure Free Radius on a linux server tonight!!!

Good luck tomorrow. I'm taking it myself at 1:30 tomorrow...maybe we'll both have positive results.

BroadcastStorm · March 2011

larue38462 wrote: »

Good luck tomorrow. I'm taking it myself at 1:30 tomorrow...maybe we'll both have positive results.

Goodluck to both of you, let us know how it went...

mikej412 · March 2011

Good Luck Everybody!!

tomaifauchai · March 2011

Good luck, with the exam and the windows manipulation

BroadcastStorm · March 2011

tomaifauchai wrote: »

Good luck, with the exam and the windows manipulation

Seriously though a 24" screen costs 200 $ nowadays, some of this exam center uses 17" CRT, they need to set the resolution where I get to spread all the windows, this should be basic ughhh, just clicking and finding this window in a haystack will already take some of my time...

*BB* · March 2011

tomaifauchai wrote: »

Good luck, with the exam and the windows manipulation

LOL! No joke!
Read this one...
move this one...
resize it...
move it again...
resize it again...
where did that window go?
OK, may now I can actually start the lab.

I'm retaking it on Saturday as well. Good luck everyone!

lrb · March 2011

Best of luck guys!

tndfr · March 2011

the way to train for Cisco's window manipulation skills (cisco should be ashamed of themselves) is to set your window resolution to 800x600 and open multiple packet tracer window.

to be honest with you for the amount of money we're paying this is unacceptable.

Taking the switch exam

Comments