It's my time: Mrock's CCIE thread
Comments
-
spiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□Come on Gunny, E-7 ain't lowly...at least in my book BTW Happy 4th of July and thanks to you and Mrock for your service
Hopefully, it goes through. So far my senior enlisted and the money people are on board, just need the other non tech types to grasp it.
And Mrock getting it in on a holiday. I think your persistence will pay off. Happy 4th to you and your family. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Thanks man! You'll get your digits too! And yeah, it's funny..over there a captain (Army Captain, O-3) is a dime a dozen, let alone all of the enlisted ranks. It's definitely a unique place!
Finished Vol III Lab 1. The Vol III labs are a bit different, the tasks are extremely straightforward and they basically tell you EXACTLY what to do..so it's just a test of speed. Each section has an allotted time limit to it, I managed to configure all of the sections completely correct, and finished in this manner:
-Finished layer 2 about 10 minutes early
-Finished IGP about 35 minutes early (1 hr 35 minutes allowed)
-Finished BGP about 8 minutes early (35 minutes allowed..killed a lot of time here jumping around checking BGP peerings. It was a lot of busy work)
Going to watch the IPv6 Multicast video from INE now then call it a day so we can enjoy the rest of the 4th with our family. IPv6 multicast is now my weakest area, so I'm going to push hard to get better at it in the next few days. I'm now thinking I might attempt a full lab Saturday (since I'd like to hit IPV6 labs again tomorrow if possible). We'll see. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Getting ready to start Lab 9. Also woke up late today because I'm sick, but I should be able to get a good 6 hours in today, so hopefully I'll have the lab nearly finished by the end of the day. We'll see!
-
vinbuck Member Posts: 785 ■■■■□□□□□□Haha....two star generals were about the most exciting thing I ever saw, but the guard isn't chock full of 4 star billets. Glad you're getting Uncle Sam to foot the bill. At least I can see my tax dollars going towards something worthwhile instead of IRS movie shoots
I got a little time in yesterday and then took the day off. Will probably lab a bit later today - right now i'm off to find heavily discounted fireworks to add to the arsenal!Cisco was my first networking love, but my "other" router is a Mikrotik... -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Nice! I am thinking about putting on a nice show for the neighborhood next year..once this silly exam is out of the way!
Doing well with Lab 9. Decided to emphasize doing it RIGHT on this lab and not rush it. My goal is to PASS Lab 9 (difficulty of 8, so it's "supposed" to be harder than the actual lab)..granted it might take me 9,10 hours, but I want to make sure my verification is solid. So far it's going very well. Back to labbing! -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Lab 9 has dragged on. It's full of things I rarely configure, such as VRF lite (easy to configure, but the scenario it's implemented in caught me off guard), IPV6 6to4 tunnels, and some tricky as-path filtering. That being said I put in 5 hours today and only ended up getting halfway through the lab. Going to put in a couple of hours tomorrow and hopefully I can either finish it or get close.
It seems the consistent theme here is I need to review IPV6 in general- multicast, IP services (IPV6 netflow always gets me), tunneling, etc.
Good news is once Lab 9 is done I planned on getting back to IPV6 anyway. -
jamesp1983 Member Posts: 2,475 ■■■■□□□□□□Great progress. Keep it up."Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks."
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Thanks James.
Getting light study today and tomorrow. Whatever I got (seems like the flu) has been really stubborn and has actually gotten worse. Going to take today and tomorrow to get a couple of hours in, and get back to it on Monday hopefully. -
down77 Member Posts: 1,009Hope you feel better soon. Don't study too hard while you are sick. Take the time to rest up and feel better!CCIE Sec: Starting Nov 11
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Feeling better now for the most part. Had 3 days off of study- it feels like it's been FOREVER! Going to get some misc labs in tonight since I had a late day at work. I have 6 hours of rack time scheduled tomorrow so I can finish lab 9. On the bright side, today at work was centered around OSPF, so although not technically studying, it has to help toward the lab, right?
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Did some pretty interesting multicast labs tonight. Multicast has been a long battle for me- I'm much better than I was, but now I am working on my ability to quickly troubleshoot multicast issues.
Tomorrow I'm going to get back to Lab 9 as I mentioned. Still haven't got back to IPV6 multicast as I intended to. Sounds bad, but it's not terribly high on my priorities list. Right now I am really pushing to get better with troubleshooting and various other non-core topics.
Going to also dedicate some time this week (hopefully) to BGP. I feel really good on BGP right now, but I need to work on the oddball BGP features..I think one evening worth of labs would help a lot here, nothing too intensive. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Busy day today. Getting ready to kick off Lab 9. Not sure if I'm going to finish it this evening but it's all good. Trying to focus on the correct solutions.
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Got through a bit of Lab 9, but not nearly as much as I'd hoped..was drained after work so it took a while for me to get started. Will work on it a bit tomorrow but my next large block of study time is Thursday, so it'll likely be Thursday when I completely finish the lab and grade it.
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Finishing Lab 9 tonight no matter what! Got 5 1/2 hours reserved this evening so that should be more than enough time. Just realized yesterday that my lab is in just over a month...that means it really is crunch time!
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Scheduled a graded TS lab for tomorrow evening since I think that's my biggest threat to failing the exam. I feel confident I can resolve most issues on the actual lab, but I'm just not sure I can resolve them within 2 hours. We'll see!
Back to labbing today. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Finished TS Lab 1. Wow. Let me start off by saying I knew I missed 3 tickets. They go like this:
1) Multicast ticket. After reading the solution I had the right idea, I just wasn't looking in the right place.
2) Telnet ticket ( I had 5 minutes to troubleshoot it, and ran out of time)
3) Misc ticket ( can't remember right now )
Well, after grading was complete, I found that I missed those 3 and a whole lot more! The grading script gave me a 9/22, but said I did better than 64% of people who attempted it (really?!). After looking at the solutions I realized I was actually not in bad shape, but made some minor errors:
-Solved a ticket that wanted you to basically filter out redistributed routes in an NSSA area- I ended up using 2x distribute-lists to do it. I completed the ticket, but not by the solution guides method.
-Solved a ticket that had CoPP host configured- and caused the router to only accept telnet on one interface. I removed it to resolve the ticket, but the solution was to re-route traffic around the issue.
-Made misc other stupid mistakes
So in the end I had the ability to solve every ticket, but just overlooked what was often the simpler approach. I'm not too discouraged, because from a technical standpoint all of the tickets I fully attempted were solved- I just need to pay more attention to the restrictions and be more creative when solving tickets.
Unfortunately it appears there's only 3 graded TS labs, so I'm thinking I'll do another next week, and another the following week. I may retry the lab I did tonight a week before my attempt or so. We'll see.
Anyway, my countdown app shows 42 days till my attempt, so I'd better get to labbing. -
NetworkVeteran Member Posts: 2,338 ■■■■■■■■□□mrock wrote:I did better than 64% of people who attempted it (really?!).
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Thanks man! It's a little nerve wrecking. I'm in a bit of a panic mode as I've realized there's particular topics which I am not nearly where I'd like to be. The good news, is I've embraced the idea of the CCIE (including lab attempts) as a journey..meaning if I fail, I wasn't prepared..I get back to labbing, and re-attempt. Ideally I'd pass the first time, but the only thing that'll come out of a fail is I'll be forced to learn more things..so I'm trying to keep that in mind.
-
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□9/22 is what I got on my first INE TS lab. Glad to know that was a GOOD score.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Thanks for that Zartan, makes me feel like I'm not in TOO bad of shape. I still am in an uphill battle with the time I have left- but I'm working hard at getting ready.
Labbed IPV6 redistribution/tunneling earlier. Now labbing some multicast scenarios (implementing odd scenarios w/ AutoRP/BSR, as well as MSDP..testing, troubleshooting, etc). This is an area I need a lot of work on from a troubleshooting standpoint, so I'm hoping it'll help my TS skills. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Got some really solid MSDP config/TS labbing in tonight. Configured a network from scratch, setup MSDP, and played with SA filters as well as misc MSDP commands I found in the configuration guide. Ran into a problem that was driving me nuts- MSDP RP #1 (connected to the active source) was operating fine, and MSDP RP #2 was receiving the SA messages, but wasn't receiving the PIM Join on it's RPF interface. Then I realized I forgot to configure PIM on the inter-AS connections (kind of a major part!). Good practice though.
Going to go through some CoPP and various management control labs in the INE Vol II labs (picking out individual tasks to work on). I understand how CoPP works and can configure it, but I tend to miss details in my config, so I need to work on getting it perfect. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Getting some multicast in today. Haven't updated this thing much, been either studying or spending time with the family. Gotta get some serious hours in the next 30 days!
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Doing some security labs today. Primarily Zone-based firewall. I keep circling around to these topics (multicast, ZBF, IPv6) in hopes I'll be able to fly through them on the lab. We'll see! Feeling better with ZBF. I think overall ZBF is really easy, it's just a matter of remembering the various steps (off the top of my head):
-defining security zones (zone security ZONE_A, zone-security ZONE_B)
-defining zone-pairs (zone-pair security A->B source ZONE_A destination ZONE_B)
-configure matching criteria with class-maps (class-map type inspect TELNET, match access-group 100/match protocol, etc)
-configure actions via policy-maps (policy-map type inspect POLICY, class TELNET, inspect/drop/pass)
-assign interfaces to zones (zone-member security ZONE_NAME)
Then verify with "show zone security" and "show zone-pair" -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Played with using ZBF to police traffic- too cool! I think it's awesome to add another tool to the arsenal. If I was told now to police traffic but use the interface level "service-policy" command I could use the ZBF!
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□On an unrelated note, finally decided what TCLSH script I'm going with for the lab. I have a hard time memorizing some of the methods, so I like this one..it's simple, and works:
tclsh
foreach address {
x.x.x.x
x.x.x.x
} { ping $address }
That's it! -
jamesp1983 Member Posts: 2,475 ■■■■□□□□□□On an unrelated note, finally decided what TCLSH script I'm going with for the lab. I have a hard time memorizing some of the methods, so I like this one..it's simple, and works:
tclsh
foreach address {
x.x.x.x
x.x.x.x
} { ping $address }
That's it!
That is the script I used as well. You can do a sh ip alias on your devices and then copy them into notepad to make a complete script."Check both the destination and return path when a route fails." "Switches create a network. Routers connect networks." -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Out of habit (for work) I'm hooked on using "show ip int br | excl una" to capture all active IP addresses on a box. I actually use it all the time to check interface statuses..just to filter out the non-L3 interfaces and quickly check to make sure relevant L3 interfaces are up/up.
-
vinbuck Member Posts: 785 ■■■■□□□□□□Glad i'm not the only one who does this! I use that command string more than I use sh run
I typically type it as
"show ip int br | e un"Cisco was my first networking love, but my "other" router is a Mikrotik... -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Funny thing is I rarely see anyone use that command (filtered IP interface brief command), oh well..their loss
Labbing tonight. Doing some really slick stuff- to be specific, I implemented reflexive ACLs in conjunction with dynamic (lock and key) functionality...so this is how I set it up:
R1
R2
R3
R1 can reach out to R3 on any protocol (and it can return, due to the reflexive ACL). BUT, R3 cannot initiate any telnet connections..UNLESS R3 telnets to R2, in that case, a dynamic ACL entry is added to the inbound ACL, and then R3 CAN initiate telnet connections.
Pretty cool- I have used both reflexive ACLs and dynamic ACLs in labs before, but never together. It helps my understanding of them by seeing them used in conjunction somehow. Always a good thing!
Back to labbing! -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□Well, as soon as I posted the last post, I tried to repeat the same results, but using ZBF and dynamic ACLs. No go! I ran into an issue because the inbound ACL is processed before the inspect/CBAC engine- so even though I've set all traffic from R1 to be inspected, the inbound ACL gets processed (which has a "Deny all except lock and key entry" in it- so that's not going to work. Oh well!
Trying to focus on the security topics at the moment because I think these will be hit without doubt in the TS section.
This discussion has been closed.