Starting CCIE Written. Just had "the talk" with Mrs. Zartan.
Comments
-
spiderjericho Registered Users, Member Posts: 896 ■■■■■□□□□□Knowledge being dropped. MD5 is just for nonrepudiation and integrity. Anyone ever mess around with certificates in a IOS router/switch?
-
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Going through the solutions now and I make a lot of little mistakes that come from not paying complete attention to the requirements or being fast and loose with the verification. Good on the technology so far.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Just putting some thoughts down for later...
Layer 2: Had this mostly down pat, although I looked up private VLAN config on the DocCD. Made a stupid mistake and forgot to config one of the Vlan 28 ports with portfast and bpduguard because my handwriting was messy and I missed it on the diagram I drew...
BGP: Nailed this. Was pretty easy though, especially if you've gone deeper in WB I.
MPLS VPN: Easy tasks. Wish they were all like this.
IPv6: I was able to complete the multicast tasks, with a lot of fumbling around at the CLI. Need to review WBI for this. Funny story. I had R5s LAN interface shutdown to verify something in a previous task (BGP I think) and I forgot to bring it back up. Spent more time than I should have trying to figure out why R5 was receiving routes via the tunnel, but R4 wasn't.
Multicast: You can't catch RPF failures with debug ip pim. 5.2 took me longer to complete because I was scratching my head trying to figure out why R5 wasn't receiving the RP-discovery messages from R3. You can use it to verify you're receiving announce or discovery messages, but not that they are being dropped. Gotta remember to stick with debug ip mpacket. 5.3 was tricky to verify. I knew the config cold, but apparently if you statically join an interface to a group that should be igmp filtered, it was still responding to pings from R3. The output is different if you show ip igmp group though. Can't remember if it was the Uptime or Expires field.
Security: The ACLs were easy. Don't recall ever seeing the ip mask-reply command though.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Forsaken_GA Member Posts: 4,024Zartanasaurus wrote: »Just putting some thoughts down for later...
MPLS VPN: Easy tasks. Wish they were all like this.
Most of the MPLS they throw at you is pretty easy, though once in awhile it can really screw with you. Lab 4 I believe, is a bit of a bear, where they ask you to configure a hairpin vrf. That one is not easy, unless you do that kind of thing on a regular basis.Multicast: You can't catch RPF failures with debug ip pim. 5.2 took me longer to complete because I was scratching my head trying to figure out why R5 wasn't receiving the RP-discovery messages from R3. You can use it to verify you're receiving announce or discovery messages, but not that they are being dropped. Gotta remember to stick with debug ip mpacket. 5.3 was tricky to verify. I knew the config cold, but apparently if you statically join an interface to a group that should be igmp filtered, it was still responding to pings from R3. The output is different if you show ip igmp group though. Can't remember if it was the Uptime or Expires field.
Other helpful hint - no ip mroute-cache on the interface if you're not seeing what you expect on the interface (or nothing at all) with debug ip mpacket detail -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Back to WBI to go over the topics I was weak on.
IPv6: PIM & MLD, PIM BSR tasks
IP Services: 4 tasks on IP Accounting, 2 tasks on WCCP
System Management: 2 tasks on RMON, 5 tasks on EEM Scripting
Gonna do the QoS tasks tomorrow.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□This week I finished up the remaining recommended WB 1 tasks for things I was weak on in Lab 1.
Completed Lab 2. The QoS work I did helped tremendously and I was much more comfortable in the lab. Getting better at catching mistakes with verification but I still left 5 points on the board with stupid errors. The other stuff I missed on I was generally in the right ballpark. Had no clue on the AToM task since all the material from INE says to not worry about it. Unlike Lab 1, I finished with plenty of time to spare. Probably done in about 5 hours so I went back and did some extra verification.
I did the entire lab on GNS3 with 7206 routers. The only thing about those is they don't seem to like FastEthernet subinterfaces. I can swap the router out in the topology with a 3725 and there's no issues. No clue on this one, but the benefits seem to outweigh the drawbacks. Being able to sit for 6 hours at my own pace is going to allow me to get through WB II much faster. If the start times were more flexible, I could use their rentals, but it's pretty much 9PM start time or nothing on a workday since 6PM is cutting it too close. I just bought 500 tokens a few weeks ago too, but I guess I won't be using them. Using my own equipment, I can easily start at 7PM and work until midnight any night I want to do a lab instead of waiting for Saturday/Sunday.
Added Cisco Frame Relay Solutions Guide to my Safari Bookshelf and read the first 3 chapters. I would HIGHLY recommend this book to CCNA candidates. Chapters 1-4 is all they'd need to get a good understanding of the topic most candidates struggle with. Chapters 5 and up deal with CCIE level topics such as FRTS, FRF, PPPoFR, CBWFQ/LLQ and FREEK. The book also appears to be a good resource for CCIE candidates who are still in the stage when they are reading for theory and not so heavy on the CLI/labbing yet. It still might have value as a reference book at that stage. I'm going to try reading a chapter or two a day at work when I have the time.
I haven't finished the CEF book yet and I'm not sure when I will.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Forsaken_GA Member Posts: 4,024Zartanasaurus wrote: »I did the entire lab on GNS3 with 7206 routers. The only thing about those is they don't seem to like FastEthernet subinterfaces. I can swap the router out in the topology with a 3725 and there's no issues. No clue on this one, but the benefits seem to outweigh the drawbacks. Being able to sit for 6 hours at my own pace is going to allow me to get through WB II much faster. If the start times were more flexible, I could use their rentals, but it's pretty much 9PM start time or nothing on a workday since 6PM is cutting it too close. I just bought 500 tokens a few weeks ago too, but I guess I won't be using them. Using my own equipment, I can easily start at 7PM and work until midnight any night I want to do a lab instead of waiting for Saturday/Sunday.
I'm rather annoyed with INE at the moment as well. Went to go schedule my next Mock Lab, only to find it says scheduling will be available 'soon'. When I contacted support, they couldn't give me anything timewise as to when it would be available again, which was quite alarming. Given that I'm months away from a lab attempt, issues like this have the potential to disrupt my work flow in a very non-good way. I sent them a rather detailed response detailing my dissatisfaction, and basically told them fix this crap within the next two weeks, or I'm dumping them for another vendor. We'll see if it actually makes a difference, but my willingness to recommend INE without reservation is pretty much gone. -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Anyone know of an equivalent command to show ip aliases for ipv6?Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Forsaken_GA wrote: »I'm assuming you're using this to get a quick list of all IP's configured on the box? If so, then sh ipv6 interface brief is a good enough equivalent, it's output is fairly terse and will show everything configured, since having more than a single interface address is a natural state of affairs in ipv6.
If you're actually trying to alias tcp connections to other ports on ipv6 and then display them... then I've honestly got no ideaCurrently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□10 days since my last check in! Haven't had any downtime at work lately, so no new reading. I did complete Lab 3 last Saturday. I continue to do well on TS, and make stupid mistakes in config. In fact, I did all of TS in one hour. According to the forums, INE TS labs are easier than the real thing, so I can't get too much confidence in this.
I usually make mental notes during the lab if I think a question was unclear and would need proctor clarification then head over to the IEOC forums afterwards to see if others agreed with me. They have those word clouds in each sub forum that show the most used tag, and the question I thought was most unclear, 2.3, showed up in giant bold letters in the word cloud. I read the question to mean prefixes being originated in AS 54, but in the SG, they apply the no-export community to any prefix learned from BB1/BB3. Of course in the verification section, they use show ip bgp regex _54$ to verify the routes being received, which was the regex I used in my as-path access-list. I believe (and a lot of others on the IEOC forums) believe that the way I did it was the proper answer.
My solution to 2.2 was also different than the SG, but it works technically. The SG used a route-map to tag the routes at R6 and R1/R2 matched the tags and set the metric to 1. I just used a route-map on R1/R2 that matched the specific routes and set the type to E1/metric 1 to guarantee R5 would choose the proper next-hop. Not sure what the "best" solution is there, but I didn't get the points anyway because I forgot to set the auto-cost on SW1/SW2. 4 point stupid mistake. Also lost 4 points on 2.1 for two stupid mistakes. 1) I forgot to set the masks to /32 on the R4/R5. Also used authentication-key instead of message-digest-key on the last part. The worst thing as I was reading that question I said to myself "okay I have to use message-digest-key on this one" and I turn around and use the wrong one anyway.
Didn't pass, but I didn't feel like I got blown out of the water either for a difficulty 8 lab. I eventually figured out all the OSPF timers on 2.2 between sh ip ospf to see what the defaults were, and just ? under the ospf config mode, but I had never heard of the one that wasn't lsa group pacing.
Not feeling great, but not feeling dejected either. I'm still 36 weeks away from completing their training course and my goal is to get that down to something like 24-25 weeks. I should have a lot of down time at work starting in November and lasting until January between 4 weeks of vacation and holidays. I haven't kept up the pace I started with for the initial 3 months, but it's definitely time to kick it up a notch. I've been coming home from work more tired, but that's no excuse. I need to go into the weekends with 4-8 hours of Vol 1 review work completed and use Saturday/Sunday for doing full scale lab practice and review. Today will be my first Vol 3 lab. I'm curious to see what these short, focused labs look like.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□I haven't scored myself yet, but that seemed super easy and fast. Finished in 2 hours. I probably should do a quick TCL ping script to make sure I didn't miss anything though.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□TCL ping script did catch an error I made. Scoring confirmed this thing was super easy though. Are all 10 like this?Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Last week I didn't do any of the recommended WB I repetitions for stuff I had missed in the first two labs. I took yesterday as an opportunity to catch up on some of that. Also did all of the BGP tasks for aggregation, conditional advertisements and route injection. I should be able to finish the rest of the review over the next two days and be officially "caught up". I'm also going to get back to scheduled Q&A repetitions as there have been a few times when I've forgotten some theory that would be helpful for the lab.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Gotta start getting back in the habit of keeping this updated.
Nothing major today. I have 18 QoS tasks to go over for things I missed or felt unsure of in Labs 1-3. I took about an hour and knocked out 11 of them. Even if it's only an hour or two after work, it adds up and I've gotten away from that.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□As it turns out, the reason why dot1q encapsulation wasn't working between switches and GNS3 was that I had chosen Linux Ethernet NIO for the cloud instead of Generic. As soon as I made the switch, it automagically started working. At least with the 3725. I wasn't even able to get ISL working for the 7206s, but I'm going to try that now...
ETA: That fixed it!Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Did WB3 Lab 2 and WB2 Lab 4 this week as well as some WB I review. I still haven't done any Q&A review, but it's in the works. Plus I need to start updating it with tidbits I'm finding from the labs.
WB3L2 was slightly more difficult than L1, but not by much. I only graded TS for WB2L4 which was another pass. I continue to finish TS well within the 2-hour mark with little difficulty. I'm curious what the "advanced" TS labs are like. I feel 90% confident for 54 points in the config portion. We'll see what happens.
With any luck I'll take full advantage of the 3-day weekend and complete WB2L5 as well as some WB1 review tomorrow. I'm at a point when I'm starting to feel like I can pick up the pace and get more labbing in after doing the minimum for the last few weeks. If I can knock out L6 during the week, I'll be in good shape for the weekend. Maybe 2-3 weeks away from my 1st graded lab.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Fully graded Lab 4 and I ended up where I expected. And the hairpin VRF thing.... W T F ?
Came up with somewhat of an action plan for how I want to spend my time reviewing WBI. Books 10-13 aren't included as part of the warm-up phase, and I find myself having to go back and refer to these more than anything. Instead of messing around 1-2 tasks at a time, I break each one down into 3-4 sections of material that I'm unfamiliar with and I'm going to complete as many sections as I can during the weekdays. I'm also putting my Q&A into Anki for automatic repetitions for something to do on these days I don't feel like sitting at the CLI.
I picked 33 of the 44 Security tasks and broke them down into 3 sections. I finished 15 of the tasks. Read through the Cisco docs on CBAC, and went back over Petr Lapukhov's explanation of the various ways Cisco sends BPDUs to add some flash cards on mac address-list matching. If I can finish WBs 11-13 this week, I'll be pretty happy heading into the weekend for Lab 5. At the very least there will be fewer goofy things to get surprised with.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Completed WB 11 on Security. ZFW is such a pain. Not because it's so difficult, but it requires a lot of typing. Read a bunch of Security from the Doc CD. When I was trying to find information on ICMP type codes, IP Protocol IDs, I came across this old INE blog post that was dedicated on how to find various things on the Doc CD.
Addresses, Protocols and Ports is great. ICMP Types, IP Protocol IDs, and IPv6 Address Types all in one document.
44 flash cards specific to Anki. Not enough time to go through them tonight, but it's first on my list tomorrow.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□2/3 through WB 12 on System Management. A lot less configuration intensive than Security. I've already reviewed the remaining tasks in this WB except for auto-install, so it should be quick and painless to close this one out. Only added a handful of flashcards to Anki for this topic.
Holy crap it's been 5 months since I started this thread! Where does the time go?Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Weird. Configuring ntp commands is causing my routers to lock up. It doesn't happen until after they are synced. I never had this problem with 3725s.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Finished WB12: System Management. Completed Lab 5. Doing better, but still not there yet.
Lab 6 tomorrow. Next week is going to be 2nd repetitions for Security & System Management. I was going to mix in a little of the IP Services WB each day as well so I'd be done by Thursday, but I decided to dedicate that time to getting through as much of QoS as I can instead.
Next weekend will be "light"; 2 WB3 labs and 1 WB2 lab. My plan was to save WBI stuff for the weekdays, but I am hoping to knock out most of Multicast Friday/Saturday along with the WB3 labs.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Completed Lab 6 TS and got through half of config before I stopped to watch football. Still got 4 hours left on the clock. I'll try to work on the WB I stuff at work and finish the lab tomorrow night before MNF.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
WiseWun Member Posts: 285Thanks for sharing the SuperMemo link, does it work? Makes sense by writing down questions. I do it the other way around and write in my own words which is a lot easier to remember since I wrote it!"If you’re not prepared to be wrong, you’ll never come up with anything original.” - Ken Robinson
-
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Finished Lab 6 last night. Did really well, but the lab seemed particularly easy compared to stuff they've thrown out before. One thing that INE lacks is official responses to threads questioning the SG. It would be nice if someone would come in and say "yeah you guys our right, the SG is wrong" or "No that's wrong and here's why".Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Lab 7 is pretty rough...
I'm not going to take another VOL2/3 lab until I do what needs doing in VOL1. Thankfully there aren't many marquee NFL games tomorrow until the Sunday Night game.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□About 60% done IP Services in VOL1. So many different NAT options... Looks like Cisco is messing with the links to the DocCD again too.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Rep 1 of IP Services = complete.
Rep 2 of Security = 33% complete.
Up to 209 flashcards in Anki. Got about 200 more to get entered in from various Word docs.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Rep 2 of Security = 67% complete.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□Almost a full month since my last update!
Like I said, I wasn't going to do anymore VOL2/3 labs until I had gone over some of the things that were hitting me again and again in the labs, mainly QoS, Security and Network Services. I think they need a dedicated workbook for redistribution.
I got through several reps of WBs 11-13 and I narrowed each down to about 10-15 tasks that I will keep up with periodically.I've been through VOL2 labs 8-10 and VOL 3 labs 3-5. VOL3 seems like it's been neglected for years.
Almost done "Core Training". VOL3 labs 6-8 and VOL4 labs 1-2 followed by Mock Lab 1 which I have scheduled for the 28th of this month.I'm already ahead of the game for "Advanced Training" because I've already picked my way through about half of the QoS WB over several repetitions. If I keep to my schedule, I will get through the 5 VOL3/4 labs and have about 8 days for VOL1 reps heading into the mock lab.
I've also been thinking about a bootcamp. I've really grown to like the INE instructors through their videos, but they don't offer any 5-day bootcamps like the other vendors. I was checking the dates on Narbik's site and I just so happened to schedule a week's worth of vacation for his bootcamp in December. I'm kind of torn about the RoI of a bootcamp. It's the cost of 2 lab attempts.Based on my remaining timetable, I should be taking the real thing some time in March. Seems farther away than I had thought.
Also up to 400 flashcards in Anki. Time for a new 3-ring binder as well. Before each lab, I print out all the diagrams and tasks. It's slam full now.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Zartanasaurus Member Posts: 2,008 ■■■■■■■■■□I have a new 3-ring binder now.
Finished VOL 3 labs 6-8, VOL 4 labs 1-2. Still on target to do mock lab 1 on the 28th.
Not completely on schedule for Vol 1 reviews, but you get what you can get. Starting a deeper dive into multicast, IPv6 and MPLS this week. It's a tall order, but with nothing else scheduled on Saturday, I should be able to get some good makeup time in.
Here's the remaining schedule:
End-to-End QoS Network Design by Tim Szigeti and Christina Hattingh.
Week 25: VOL1 QoS
Week 26: VOL1 QoS
Week 27: VOL1 QoS
Week 28: VOL1 QoS
I don't think this will take 4 weeks, since I'm already through half of it for various reasons and I've been banging certain concepts into my head with flashcards. No rush though.
Week 29: VOL2 Lab 11
Week 30: VOL4 Labs 3+4
Week 31: VOL2 Lab 12
Week 32: Mock Lab
This is really 3 weeks spread out over 4 in their schedule. I've done every VOL 2 lab up to this point as an 8-hour lab. No more VOL 2 TS labs, which are replaced by VOL 4 TS labs (which are much much harder BTW). It's still 8 hours total and on a good weekend I knock out two labs on Saturday and Sunday.
Week 33: VOL2 Lab 13
Week 34: VOL2 Lab 14
Week 35: VOL3 9+10
Week 36: VOL4 5+6
Same deal here. Can knock out weeks 33-35 in a weekend, and week 36 during that same week day. This is a week's worth of work.
Week 37: VOL2 Lab 15
Week 38: VOL2 Lab 16
Week 39: VOL2 Lab 17
Week 40: Mock Lab 3
Week 41: VOL1 Missing Topics
Week 42: VOL1 Missing Topics
Week 43: VOL2 Lab 18
Week 44: VOL4 Labs 7+8
Week 45: VOL2 Lab 19
Week 46: VOL4 Labs 9+10
Week 47: VOL2 Lab 20
Week 48: Mock Lab 4
Might as well add the remaining VOL 4 labs to their VOL 2 counterparts as more 8-hour sessions. Looking this all over, I can probably finish it in 13 more weeks. So I could be ready for the lab in mid-January. But that doesn't leave me any room to re-schedule if I get behind. But the upcoming vacation time I have should put me way ahead of schedule. I think I'll schedule for mid February and see how I feel about this a month from now.
Still pondering Narbik's December bootcamp in RTP...Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8%