Switching Finished

Finished switching labs from IPEXPERT. Also finished the Switching labs from Advanced workbook which we got at the bootcamp. Have started with Labs and videos from IPEXPERT BLS. Once i finish both of them then i will start RIPV2 labs from Soup to Nuts and then finally finish RIP by doing the labs from advanced workbook.

Study day 3 Switching

This morning i finished all my switching labs from Narbik's Soup to nuts. Also watched the switching videos from IPEXPERT BLS. Tonight i am going to finish the Bootcamp workbook which i got from Narbik's bootcamp. A lot of new things came out of it. The labs are really good and i have much better handle on switching. I always used to take switching lightly and used to concentrate more on Routing. But now after doing the labs and watching videos it was an eye opener. Once i finish the bootcamp workbook i will do IPEXPERT switching labs. Hopefully switching will be finished by the end of Sunday.

Back to Study Mode

Finally got back into the Study Mode. As i am still awaiting for my books to arrive from the courier company ( Customs are holding onto my baggage and i had to fill some forms) so i thought i cant waste my time waiting for the workbooks to arrive. So i started with the IPEXPERT BLS video. It is divided into five parts and each part is equivalent of one day at the bootcamp. So i started with Day 1 and picked up Frame-relay saw the video. Then i did few labs on Frame-relay. I had a free session with Proctor labs so i thought it is a good idea to get used to their system and also do some labs to make the best use of it. The system is easy to understand and quite straightforward. So finally i finished Frame-Relay. Tommorrow it is switching and i am sure it will take more than a day to finish the videos and finish the exercises which come with it.

Trip to India ends today

Today is my last day in India. I fly back to Auckland tommorrow morning. The trip has been great. Also went to US to attend my bootcamp in this trip. After coming back from my bootcamp havent studied anything as had just two days to pack all the bags and other stuff which i have to take away. One suitcase full of CCIE books. Will start updating my blog on my study once i am back in Auckland.

DAY 5

Couldnt update the blog yesterday had to catch a flight just after the class. Last day we did Multicasting. Narbik as usual makes it look so easy. Then Narbik bought us some Armenian food. Overall my experience has been very satisfying. I learnt a lot of new things during this 5 day bootcamp. Learnt a lot of things which will make me a better engineer. As Narbik says that if you know ( i should say understand) his workbooks cover to cover you will pass the exam. I am flying out of US tonight and wont be able to update the blog for next two days. But will update again of how my lead up to the exam is going. Narbik gave us some really good tips on how to study before attempting the lab. I am planning to do my lab exam in august and before that will attend Narbik's bootcamp in Sydney which is free for the students who have attended a bootcamp before. Great way to revise everything again.

Workbooks provided with bootcamp

1) Soup to nuts ( You get this when you sign up for the bootcamp) you are expected to finish this before you start the bootcamp.

2) Advanced CCIE Routing and Switching Work Book ( 5 workbooks 1 for each day) : You get this workbook during your bootcamp which is specially made for the bootcamp.

3) You get another workbook during the bootcamp which has got some more complex labs


That is a lot to digest in 5 days but you can work on them according to your study plan. I would really recommend this bootcamp to anyone who wants to prepare for this CCIE Routing and Switching.

Day 4 Narbik Bootcamp

Today did some RIP labs. It looks so easy when Narbik is explaining the stuff on the whiteboard but as soon as you leave the class and go back to the hotel and try to finish the labs which are in the workbook so suddenly start thinking how did he do that. You really need to know a lot before you start doing all those labs. But the quality of labs if really good. I am really impressed with the way he has taught in the last few days and i feel that i will be a better engineer. Another day and a half to go and then i fly to SFO.

DAY 3 BOOTCAMP NARBIK

Day 3 of the bootcamp. Today we are doing BGP. Half way thru the day and already learnt so many new things. The class will finish around 4.30 -5 then we start doing the labs which according to Narbik are RIDICULOUSLY EASY. Narbik is taking us out for lunch. So we are going for lunch now. Rest after the lunch.

Narbik bootcamp Day 1

Finished Day 1 of Narbik's bootcamp. Man it is intense. Narbik gave us 5 workbooks and two bootcamp workbooks. One for everday and if you get time then try doing some labs from the bootcamp workbook.Really tired today....but it is worth it. Today we covered switching and frame relay. Too many things which i havent even seen before plus the examples which he gives are really great...Will try to update everyday but not sure whether i have that energy to do that at the end of the day...

Narbik Bootcamp

Getting ready for my bootcamp on Dec 1 - Dec 5 in Pasadena. This morning i got my SOUP to NUTS workbook. Quite big workbook about 800 pages of Q & A. Good timing that i am in india at the moment for holiday so got the whole workbook printed for under $30 including binding. Will get my IPEXPERT workbooks printed as well as the estimated cost of getting them printed in colour is just $65 as compared to what they charge $250.

Will start my Soup- nuts workbook tommorrow as it is already 11:57 PM and had a busy day today which included shopping , eating lots of YMMMMMMY food and last but not least OSPF. Finished OSPF from IPEXPERT workbooks. A great relief. But now my focus will be soup to nuts as i am aiming to finish it by 26th December as i fly on 28th and i need 27th for travelleing from Chandigarh to Delhi ( 4 hours by train).

Certifications Connect - Becoming a CCIE (Video on Demand)

Found this really interesting VOD on sadikhov forums. The Video on Demand has got Q & A and also there is a Virtual Tour where they show you what you can expect during the exam. Really nice.

http://tools.cisco.com/cmn/jsp/index.jsp?id=42187&redir=YES&userid=(none)

Register for CCIE TV: CCIE Program Updates October 23, 2008

Watch a live presentation done Learning@Cisco Product Marketing Managers David Bump, Mary Ng and Sanjay Mehta. David Bump manages the Cisco 360 Program and the Service Provider curriculum. Sanjay Mehta manages the Wireless Certifications and Curriculum. Mary Ng manages the Unified Communications Curriculum and is the Project Lead for CCIE Security.

Date: October 23, 2008Time: 8:00 am PST, 11:00 am EST, 15:00 GMTDuration: 1.5 hour

Agenda:

The program will focus on the following objectives. After the presentation portion of the show, we’ll be taking live calls from YOU – the viewer— during our Q&A session. You may also submit questions electronically.

Objectives:

• CCIE Program Overview• CCIE 360 Program• CCIE Mobile Testing Labs• CCDE Updates• Security Lab Updates• Brand new curriculum!!!


You can register for this event using the following link

https://cisco.hosted.jivesoftware.com/docs/DOC-3164

Source: Cisco Learning Network.

Cisco Advisrory VI :Cisco IOS Software Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability

Summary

A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases.

Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable.

This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml

Cisco Advisory V: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

Summary

Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches.

To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.

Cisco Advisory IV :Cisco IOS MPLS VPN May Leak Information

Summary

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.

Workarounds are available to help mitigate this vulnerability.

This issue is triggered by a logic error when processing extended communities on the PE device.

This issue cannot be deterministically exploited by an attacker.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml

Cisco Advisory III :Multiple Multicast Vulnerabilities in Cisco IOS Software

Summary

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.

Note: The September 24, 2008 IOS Advisory bundled publication includes twelve Security Advisories. Eleven of the advisories address vulnerabilities in Cisco's IOS software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each Advisory lists the releases that correct the vulnerability described in the Advisory. Please reference the following software table to find a release that fixes all published IOS software Advisories as of September 24th, 2008:

• http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
  
• http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml

Cisco Advisory II :Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities

Summary

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.

Cisco New Advisories

Vulnerability in Cisco IOS While Processing SSL Packet

Summary

A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Cisco has released free software updates that address this vulnerability. Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.

CCIE R & S BLS

Bought the Blending learning from IP EXPERT. Managed to buy it for $999 US. Downloaded few workbooks from the online account until i get my HardDrive full of goodies. The first look on the BLS is good. They have decent workbooks and you can practice all of them using their Racks if you dont have the rack at home. They are running some specials on Rack Rentals where you get 30 % extra for any rack rental they buy.

Finally Decided

So today i finally decided that i need to clear my brain of all the clutter about what i am going to do while i am away on holidays. I am going back home (India) for holidays ...But wait i still have nearly two months before i go on holidays. So i finally pulled the plug and came back to reality that i need to start preparing for my CCIE before i do that Narbik's bootcamp either in Sydney/US. Have been bit busy at work and the rest of the time wife has been dragging me to accompany her to the shopping centres so that she can buy all those gifts. But finally today i am feeling a bit proud of myself that i have finally got my time table ready.

HSRP

HSRP uses a priority scheme to determine which HSRP-configured router is to be the default active router. To configure a router as the active router, you assign it a priority that is higher than the priority of all the other HSRP-configured routers. The default priority is 100, so if you configure just one router to have a higher priority, that router will be the default active router.

All hosts on the network are configured to use the IP address of the virtual router (in this case, 1.0.0.3) as the default gateway. The command for configuring the default gateway depends on the host's operating system, TCP/IP implementation, and configuration.

---

Note The configurations shown in this case study use the Enhanced IGRP routing protocol. HSRP can be used with any routing protocol supported by the Cisco IOS software. Some configurations that use HSRP still require a routing protocol to converge when a topology change occurs. The standby router becomes active, but connectivity does not occur until the protocol converges.

---

The following is the configuration for Router A:

hostname RouterA

!

interface ethernet 0

ip address 1.0.0.1 255.0.0.0

standby 1 ip 1.0.0.3

standby 1 preempt

standby 1 priority 110

standby 1 authentication denmark

standby 1 timers 5 15

!

interface ethernet 1

ip address 3.0.0.1 255.0.0.0

!

router eigrp 1

network 1.0.0.0

network 3.0.0.0

The following is the configuration for Router B:

hostname RouterB

!

interface ethernet 0

ip address 1.0.0.2 255.0.0.0

standby 1 ip 1.0.0.3

standby 1 preempt

standby 1 authentication denmark

standby 1 timers 5 15

!

interface ethernet 1

ip address 2.0.0.2 255.0.0.0

!

router eigrp 1

network 1.0.0.0

network 2.0.0.0

The standby ip interface configuration command enables HSRP and establishes 1.0.0.3 as the IP address of the virtual router. The configurations of both routers include this command so that both routers share the same virtual IP address. The 1 establishes Hot Standby group 1. (If you do not specify a group number, the default is group 0.) The configuration for at least one of the routers in the Hot Standby group must specify the IP address of the virtual router; specifying the IP address of the virtual router is optional for other routers in the same Hot Standby group.

The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.

The standby priority interface configuration command sets the router's HSRP priority to 110, which is higher than the default priority of 100. Only the configuration of Router A includes this command, which makes Router A the default active router. The 1 indicates that this command applies to Hot Standby group 1.

The standby authentication interface configuration command establishes an authentication string whose value is an unencrypted eight-character string that is incorporated in each HSRP multicast message. This command is optional. If you choose to use it, each HSRP-configured router in the group should use the same string so that each router can authenticate the source of the HSRP messages that it receives. The "1" indicates that this command applies to Hot Standby group 1.

The standby timers interface configuration command sets the interval in seconds between hello messages (called the hello time) to five seconds and sets the duration in seconds that a router waits before it declares the active router to be down (called the hold time) to eight seconds. (The defaults are three and 10 seconds, respectively.) If you decide to modify the default values, you must configure each router to use the same hello time and hold time. The "1" indicates that this command applies to Hot Standby group 1.