Update 1
Last night finished doing section 1 (Implement Layer 2 Technologies). So many times in the past i had just ignored this whole section and had moved on. I always used to think that this section is RIDICULOUSLY EASY but it is not and i have learnt a lot of new things in this section. This time i made sure that i finish the whole Section.
1)Read the whole section from the Exam Certification Guide.
2)Watched the VOD from IPEXPERT BLS
3)Did the First 4 Labs from the IPEXPERT RS VOL1-WB-LAB1
Now the next Section is Implement IPV4
Sunday, December 20, 2009
Monday, December 7, 2009
Narbik's Bootcamp
I am really disappointed with Narbik. Not as a tutor but in replying emails. I am close to my lab and wanted to attend (This is retake not a new) his bootcamp in Sydney. First the bootcamp was on but Narbik wanted me to wait and then again it was confirmed that it is on. I was about to pay for my tickets but just thought i will check with him that whether it is on or not. He said he is not sure as few students are from the same company and they have a project on so they will confirm with him. So i asked him to please confirm it in next day or so (Mind you i asked him to confirm it on Dec 1 for which he said he will confirm it in a day or two. Today its 8th December, 8.00 AM (NZ time) and still havent received any confirmations. So all in all i have decided i wont go as to get tickets at the last minute for the 13 th Dec Bootcamp will be very expensive. I dont want to send him another email as i feel bad because i have been sending him quite a lot emails (all of them were about bootcamps anyway) and i also feel bad because i am taking a retake and not paying for the bootcamp again. I am sure a lot of you have been to Narbik's bootcamps and have done retakes and all of you have had great experience, but i think i am not happy the way the whole thing has been dealt with. I have no doubts about Narbik's teaching capabilities and his style of teaching, i just loved it and i got to learn a lot of new things.
I am sure a lot of you will disagree with me as my case might be one off but if you had any experience like that then feel free to contact me and we will talk to Narbik. I am sure he will love all the feedback.
I am sure a lot of you will disagree with me as my case might be one off but if you had any experience like that then feel free to contact me and we will talk to Narbik. I am sure he will love all the feedback.
Sunday, November 22, 2009
My EIGRP Troubleshooting Flashcard
Key things about EIGRP Neighbour Process
The following should match:
EIGRP DUAL Routing Algorithm Concepts
EIGRP DUAL Routing Algorithm – Active Process
May Attempt to get a reply from a neighbour for a total of 6 minutes.
If still no Reply by the end of this process, consider the route stuck through this neighbour.
Likely causes of Stuck-in Active (SIA)
The following should match:
- Hello Types
- K-value
- AS Number
- IP Subnet
- Hello Interval
- 60 Seconds for low speed NBMA
- 5 Seconds for all other interfaces
- 224.0.0.10 ( 0100.5e00.000a)
EIGRP DUAL Routing Algorithm Concepts
- Feasible Distance ( FD) is the minimum distance (Metric) along a path to a destination Network.
- Reported Distance (RD) is the distance towards a destination as advertised by an upstream neighbour.
- A neighbour meets the feasibility condition (FC) if the reported distance by a the neighbour is smaller than the feasible distance (FD ) of this router.
- Command Used to find out FD
- Show ip eigrp topology all-links
EIGRP DUAL Routing Algorithm – Active Process
- Normal (stable) state of a route is passive
- Going active is the normal process for resolving network topology changes
Route becomes active if it is lost (or metric increases) and there aren’t any feasible successors
Going active means sending Queries to neighbours looking for an alternative path.- SIA-Queries are sent to a neighbour up to three times
May Attempt to get a reply from a neighbour for a total of 6 minutes.
If still no Reply by the end of this process, consider the route stuck through this neighbour.
- On the router that doesn’t get a reply after 3 SIA-queries:
Reinitialize neighbour who dint answer.
Goes active on all routes kown through bounced neighbour.
Re-advertises to bounced neighbour all routes that we were advertising.
Goes active on all routes kown through bounced neighbour.
Re-advertises to bounced neighbour all routes that we were advertising.
Likely causes of Stuck-in Active (SIA)
- Bad or congested links.
- Query Range is too long
- Excessive redundancy
- Overloaded router (high CPU)
- Router memory shortage
- Software defects
- Minimising SIA Routes
- Decrease query scope (involve fewer routers in the query process)
- Summarisation (manual or auto)
- Distribute-lists
- Define remote routers as stubs
- Run a Cisco IOS which includes the fix for CSCdp33034
Monday, September 7, 2009
Cisco Security Advisory
Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20090826-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
Revision 1.0
For Public Release 2009 August 26 1600 UTC (GMT)
Summary
Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities.
Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml.
Affected Products
Vulnerable Products
The following products are affected by vulnerabilities described in this advisory:
* Cisco Unified Communications Manager 4.x
* Cisco Unified Communications Manager 5.x
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
Products Confirmed Not Vulnerable
Cisco Unified Communications Manager Express is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.
Malformed SIP Message Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP packets. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities.
The first SIP DoS vulnerability is documented in Cisco Bug ID CSCsi46466 and has been assigned the CVE identifier CVE-2009-2050. The first vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(1) and later.
Cisco Unified Communications Manager 4.x versions are only affected by the first SIP DoS vulnerability if a SIP trunk is explicitly configured. To determine if a SIP truck is configured on a Cisco Unified Communications Manager version 4.x system, navigate to Device > Trunk and choose the option SIP Trunk in the Cisco Unified Communications Manager administration interface. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points.
The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. The second vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), and 7.1(2).
Network Connection Tracking Vulnerability
Cisco Unified Communications Manager contains a DoS vulnerability that involves the tracking of network connections by the embedded operating system firewall. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP.
This vulnerability is documented in Cisco Bug ID CSCsq22534 and has been assigned the CVE identifier CVE-2009-2052. The vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2), and 7.1(2).
Related SIP and SCCP DoS Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities involving the processing of SIP and SCCP packets. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected.
The SCCP vulnerability is documented in Cisco Bug ID CSCsx32236 and has been assigned the CVE identifier CVE-2009-2053. The SCCP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2).
The SIP vulnerability is documented in Cisco Bug ID CSCsx23689 and has been assigned the CVE identifier CVE-2009-2054. The SIP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2a)su1.
Top of the section Close Section
Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.
Workarounds
There are no workarounds for the vulnerabilities in this advisory. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
Advisory ID: cisco-sa-20090826-cucm
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
Revision 1.0
For Public Release 2009 August 26 1600 UTC (GMT)
Summary
Cisco Unified Communications Manager (formerly CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities.
Cisco has released free software updates for select Cisco Unified Communications Manager versions that address these vulnerabilities. There are no workarounds for these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml.
Affected Products
Vulnerable Products
The following products are affected by vulnerabilities described in this advisory:
* Cisco Unified Communications Manager 4.x
* Cisco Unified Communications Manager 5.x
* Cisco Unified Communications Manager 6.x
* Cisco Unified Communications Manager 7.x
Products Confirmed Not Vulnerable
Cisco Unified Communications Manager Express is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Details
Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.
Malformed SIP Message Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP packets. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP 5060 and 5061, UDP 5060 and 5061) are affected by these vulnerabilities.
The first SIP DoS vulnerability is documented in Cisco Bug ID CSCsi46466 and has been assigned the CVE identifier CVE-2009-2050. The first vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(1) and later.
Cisco Unified Communications Manager 4.x versions are only affected by the first SIP DoS vulnerability if a SIP trunk is explicitly configured. To determine if a SIP truck is configured on a Cisco Unified Communications Manager version 4.x system, navigate to Device > Trunk and choose the option SIP Trunk in the Cisco Unified Communications Manager administration interface. To mitigate against this vulnerability, administrators are advised to restrict access to TCP and UDP port 5060 on vulnerable Cisco Unified Communications Manager 4.x systems that are configured to use SIP trunks with screening devices to valid SIP trunk end points.
The second SIP DoS vulnerability is documented in Cisco Bug ID CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051. The second vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), and 7.1(2).
Network Connection Tracking Vulnerability
Cisco Unified Communications Manager contains a DoS vulnerability that involves the tracking of network connections by the embedded operating system firewall. By establishing many TCP connections with a vulnerable system, an attacker could overwhelm the operating system table that is used to track network connections and prevent new connections from being established to system services. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability, including SIP and SCCP.
This vulnerability is documented in Cisco Bug ID CSCsq22534 and has been assigned the CVE identifier CVE-2009-2052. The vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2), and 7.1(2).
Related SIP and SCCP DoS Vulnerabilities
Cisco Unified Communications Manager contains two DoS vulnerabilities involving the processing of SIP and SCCP packets. By flooding a vulnerable system with many TCP packets, an attacker could exhaust operating system file descriptors that cause the SIP port (TCP 5060 and 5061) and SCCP port (TCP 2000 and 2443) to close. This action could prevent new connections from being established to the SIP and SCCP services. SIP UDP (5060 and 5061) ports are not affected.
The SCCP vulnerability is documented in Cisco Bug ID CSCsx32236 and has been assigned the CVE identifier CVE-2009-2053. The SCCP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2).
The SIP vulnerability is documented in Cisco Bug ID CSCsx23689 and has been assigned the CVE identifier CVE-2009-2054. The SIP vulnerability is fixed in Cisco Unified Communications Manager versions 5.1(3g), 6.1(4), 7.0(2a)su1, and 7.1(2a)su1.
Top of the section Close Section
Vulnerability Scoring Details
Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0.
CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response.
Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks.
Cisco has provided an FAQ to answer additional questions regarding CVSS at
http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html.
Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at
http://intellishield.cisco.com/security/alertmanager/cvss.
Workarounds
There are no workarounds for the vulnerabilities in this advisory. Administrators can mitigate the SCCP- and SIP-related vulnerabilities by implementing filtering on screening devices to permit access to TCP ports 2000 and 2443, and TCP and UDP ports 5060 and 5061 only from networks that need SCCP and SIP access to Cisco Unified Communications Manager servers.
Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory:
Wednesday, July 29, 2009
Final Day of F5 Training
I know this post is not related to cisco but i was sitting here in the course and had a break so thought that i havent been able to blog for a while as been really busy at work. Last 3 days i have been on the F5 LTM Course. We have few F5's at work so work finally decided to pay for our F5 training.
The course was divided in 2 parts.
1) BIG-IP LTM V9.4 Essentials
2) BIG-IP LTM V9.4 Advanced.
The first two days were basic stuff where we learnt how the F5 works and how does it do Load Balancing. Then we did some labs on the different methods of Load Balancing. The second day we did irules, NAT'S, SNAT's. I think the F5 is quite a smart box and can do a lot of things
The next two days were the advanced ones where we worked on what we learnt from the Essentials course. We did some advanced Irules and advanced SNAT's and NAT's. Then we did how to create Virtual Servers and assigning some Pools to that and getting the Load Balancing work on the way Pools work. Today being the last day we are working on the Administration and some Advanced Profiles and then we have a final lab project where all of what we have learnt will be put to test.
Its been a great week of learning. i know you guys must be getting bored. So i am signing off for the day and i promise to keep my blog updated as much i can.
The course was divided in 2 parts.
1) BIG-IP LTM V9.4 Essentials
2) BIG-IP LTM V9.4 Advanced.
The first two days were basic stuff where we learnt how the F5 works and how does it do Load Balancing. Then we did some labs on the different methods of Load Balancing. The second day we did irules, NAT'S, SNAT's. I think the F5 is quite a smart box and can do a lot of things
The next two days were the advanced ones where we worked on what we learnt from the Essentials course. We did some advanced Irules and advanced SNAT's and NAT's. Then we did how to create Virtual Servers and assigning some Pools to that and getting the Load Balancing work on the way Pools work. Today being the last day we are working on the Administration and some Advanced Profiles and then we have a final lab project where all of what we have learnt will be put to test.
Its been a great week of learning. i know you guys must be getting bored. So i am signing off for the day and i promise to keep my blog updated as much i can.
Sunday, July 19, 2009
Well Done Omkar
On Saturday go an email from Omkar Tambalkar ( We did Narbik's Bootcamp together) and he has passed his CCIE R & S. Here is what OMKAR had to say.
I took the test at San Jose this week and it was an surreal experience, I passed and got #####. The whole experience has been great. I was planning to take the test in Feb 09 but work comittments and deadlines caused me to drop the ball and I rescheduled it for July 09.
Narbik, your bootcamp was awesome, it really helped me solidify the concepts and pass the lab!!
Cheers,
Omkar
Thursday, July 2, 2009
Got an update from IPEXPERT
Got an update from Drew at IPEXPERT and here is what they say
Hello Vivek,
We went ahead and re added the updated R&S files. We are aware of an issue with the by section files that our developers are working as fast as possible to fix. In the mean time we ask that customers download the full volume 1 PDF until the by section files are working.
So hopefully the issue will be fixed soon. Thanks Drew. Will keep everyone posted when i have full access to the new files.
Tuesday, June 30, 2009
No update from IPEXPERT yet
Following up from my last post few days ago. I am still awaiting a response from IPEXPERT. Still getting the same error.
Will keep everyone posted with any updates as and when i get them.
Will keep everyone posted with any updates as and when i get them.
Sunday, June 28, 2009
New IPEXPERT Blueprint Ver 4.0
Got the email this morning from IPEXPERT with the subject
"IPexpert’s CCIE R&S (Blueprint Version 4.0) Workbook, Volume 1 Now Shipping".
Was very excited and went straight to my members section and got this error. So i have emailed them and hopefully they will fix it for me. I think in New Zealand it is already monday and the links might not be ready by Monday US time.
Will update all of you once the error has been fixed. But i am really excited.
"IPexpert’s CCIE R&S (Blueprint Version 4.0) Workbook, Volume 1 Now Shipping".
Was very excited and went straight to my members section and got this error. So i have emailed them and hopefully they will fix it for me. I think in New Zealand it is already monday and the links might not be ready by Monday US time.
Will update all of you once the error has been fixed. But i am really excited.
Thursday, March 19, 2009
New Update for Command Memorizer
Recently got an update for Command Memorizer. Man i am loving this product. The new updates contain shortcuts to DOC CD which i think are very good. Then they have added Forums section in it, plus they have another section called CCIE Quickfire which quick fire questions about few sections. My overall experience with the product has been great and i would like to say BIG THANKS to David Bombal and Richard Bannister for such a great contribution. Well Done guys !!!!Keep it up....
Wednesday, February 25, 2009
CCIE Command Memorizer.
First look at CCIE Command Memorizer.
Bought CCIE Command Memorizer today. My first impression of the product is very good. I already have IPEXPERT BLS as i mentioned in my previous post but this tool gives me different perspective that way i can learn. Even though i have to type the commands in full but i dont mind doing that. The whole thing is divided in parts. They cover most of the topics mentioned in the CCIE (R & S) blueprint. You cant type " ? " for help, which means that you need to know the command before you type it. I think this is a good feature but everyone has a different view on things. The reason why i think it is great is that instead of typing ? all the times and drill down until i find the right command with COMMAND MEMORIZER i need to actually know what i am typing which means i can save a lot of time during my lab exam as i know the commands by heart. Another benefit of not having help when attempting any scenario is that it will change my habit of typing ? everytime and instead go to the CISCO DOC CD to find the answer which means i am improving my navigation skills for the CISCO DOC which can be very handy when i am doing my lab. But again everyone has a different view.
You can do the scenarios as many times you want. Once you are finished you can reset the whole page and do all over again. You dont even need internet connection, once you have activated the product you are good to go and you can use the product anywhere you want.
I tried the switching section and they have really good scenarios to work on. They start from basic and then complex scenarios.
Will update more once i have tried it a bit more.
Bought CCIE Command Memorizer today. My first impression of the product is very good. I already have IPEXPERT BLS as i mentioned in my previous post but this tool gives me different perspective that way i can learn. Even though i have to type the commands in full but i dont mind doing that. The whole thing is divided in parts. They cover most of the topics mentioned in the CCIE (R & S) blueprint. You cant type " ? " for help, which means that you need to know the command before you type it. I think this is a good feature but everyone has a different view on things. The reason why i think it is great is that instead of typing ? all the times and drill down until i find the right command with COMMAND MEMORIZER i need to actually know what i am typing which means i can save a lot of time during my lab exam as i know the commands by heart. Another benefit of not having help when attempting any scenario is that it will change my habit of typing ? everytime and instead go to the CISCO DOC CD to find the answer which means i am improving my navigation skills for the CISCO DOC which can be very handy when i am doing my lab. But again everyone has a different view.
You can do the scenarios as many times you want. Once you are finished you can reset the whole page and do all over again. You dont even need internet connection, once you have activated the product you are good to go and you can use the product anywhere you want.
I tried the switching section and they have really good scenarios to work on. They start from basic and then complex scenarios.
Will update more once i have tried it a bit more.
Tuesday, February 17, 2009
Display configuration sections while configuring the router
Was going through my Google reader the other day and found this very interesting article on NIL wiki page. Its about how to display the configuration of currently selected interface or routing protocol without using any parameters.
I know what you must be thinking now that you can do that with do show running interface name but with this EEM TCL policies you can achieve it without parameters that would display the configuration of the currently selected interface..
For more on this visit the NIL WIKI PAGE.
I know what you must be thinking now that you can do that with do show running interface name but with this EEM TCL policies you can achieve it without parameters that would display the configuration of the currently selected interface..
For more on this visit the NIL WIKI PAGE.
Wednesday, February 11, 2009
How Cisco Grade short answer section
Was reading the cisco forum " Certifications: CCIE Open Ended Questions" on how cisco are grading the open ended questions and here is what i found:
Hello XXXX,
I work on the CCIE team. The short answer section is graded on an "all or nothing" basis. If you answer the minimum number correct you will get 100%. If you don't achieve the minimum, your score shows as 0%. It is indeed possible that you answered two questions correctly.
Lora O'Haver
Learning @Cisco
Dont you think it is bit unfair. What i think that you should be awarded marks on each right answer you give on the open ended questions. Feel free to comment.
Hello XXXX,
I work on the CCIE team. The short answer section is graded on an "all or nothing" basis. If you answer the minimum number correct you will get 100%. If you don't achieve the minimum, your score shows as 0%. It is indeed possible that you answered two questions correctly.
Lora O'Haver
Learning @Cisco
Dont you think it is bit unfair. What i think that you should be awarded marks on each right answer you give on the open ended questions. Feel free to comment.
Tuesday, February 3, 2009
Breaking the Application Bottleneck : TechWiseTV
Learn how you can improve application deployment times and deliver significant power savings in your data center. Find out how you can give your WAN users LAN-like speed and reduce your bandwidth usage with a solution that can easily be installed. Watch TechWiseTV and see how the Cisco ACE Application Control Engine Module and Cisco Wide Area Application Services (WAAS) enable you to:
- Improve application performance by 300 percent or more
- Dramatically reduce your operating costs by maximizing the benefits of virtualization
- Simplify your network architecture and your IT management
- Add a vital new layer of security against application attacks
- Mitigate the risk of making changes to your data center and branch IT environments
Monday, February 2, 2009
Congratulations to Carl Burkland
Congratulations to Carl Burkland on passing the the R & S lab on Friday. Well done Carl. Send him your congrats to Carl.
Wednesday, January 28, 2009
CCIE Written Exam
Sorry for not been able to update my blog for some time. Had been busy studying for my Written Exam. Passed the CCIE written exam today. Got 87 and i think it is a good result. I sucked big time on QOS getting only 33 % only. QOS always has been my weak point and it has been proved as well. Now i know where to put some more efforts on. Planning to schedule my lab around MAY. I know i still need to put a lot of hardwork. Will talk to Narbik about renting one of his racks and take it for one month or preferabbly two months if he gives me a better deal on rack rental. Otherwise will rent Narbik's rack rental for one month and rent some rack time from IPEXPERT as i had bought BLS from them. So i can do some of their labs as well. Will try to update the blog with my daily study schedule. Thanks again to Dave and Rick who kept me motivated during my CCIE written learning process.
Wednesday, January 14, 2009
Virtual Links
Virtual Links
Nested Virtual Links
OSPF without Area O
Link Metrics
- Used to connect an area to the backbone thru another area.
- Configuration uses router-id.
- Used to connect discontinuous Area O's.
- Any discontinuous area is a bad idea.
- If authentication is configured on Area O it must be configured on the far end virtual link router. Use " Area O authentication " on remote end
Nested Virtual Links
- You can extend to more than one area away.
- One Hope at a time.
- As you install Virtual link, you bring Area O outwards to the remote area.
OSPF without Area O
- In a single area system, Area O is not needed.
- Once you have more than one area, Area O is required.
- A virtual link by itself is part of Area O.
- To make a virtual link come up though, some area must exist in Area 0 already.
- Loopbacks work perfectly fine.
Link Metrics
- Router advertised dont include local link.
- Received Router have local link cost added.
- Frequently use " SH IP RO OS" to see changes.
- May influence simple path changes on Per Router Basis.
- May influence Area exit point choices if multiple ABR's exist.
- Use "SH IP O I | IN IS UP | COST"
Changes to CCIE Lab and Written Exam Question Format and Scoring
Effective February 1, 2009, Cisco will introduce a new type of question format to CCIE Routing and Switching lab exams. In addition to the live configuration scenarios, candidates will be asked a series of four or five open-ended questions, drawn from a pool of questions based on the material covered on the lab blueprint. No new topics are being added. The exams are not been increased in difficulty and the well-prepared candidate should have no trouble answering the questions. The length of the exam will remain eight hours. Candidates will need to achieve a passing score on both the open-ended questions and the lab portion in order to pass the lab and become certified. Other CCIE tracks will change over the next year, with exact dates announced in advance.
Effective February 17th, 2009, candidates will also see two other changes in CCIE written exams. First, candidates will now be required to answer each question before moving on to the next question; candidates will no longer be allowed to skip a question and come back to it at a later time. Second, there will be an update to the score report. The overall exam score and the exam passing score will now be reported as a scaled score, on a scale from 300-1000. This change will not affect the difficulty of the current set of exams and will assure CCIE written exams will be consistent with Cisco’s other career certification exams.
Effective February 17th, 2009, candidates will also see two other changes in CCIE written exams. First, candidates will now be required to answer each question before moving on to the next question; candidates will no longer be allowed to skip a question and come back to it at a later time. Second, there will be an update to the score report. The overall exam score and the exam passing score will now be reported as a scaled score, on a scale from 300-1000. This change will not affect the difficulty of the current set of exams and will assure CCIE written exams will be consistent with Cisco’s other career certification exams.
Sunday, January 11, 2009
OSPF - Things to Remember
Few things to remember about OSPF
- Always match Network Type
- Timers wont matter if interface types are different
- Broadcast and Non Broadcast always try to elect DR/BDR
- Always use Broadcast statement when using Frame-Relay Maps.
Things about Network Types
- If you cant change the network type use NEIGHBOUR command
-Configure all OSPF frame relay interfaces for Point to Multipoint.
Types of Network Types
-Broadcast -- DR election takes place -- Timer 10/40
-Non-Broadcast - DR election takes place-- Timer 30/120
-Point to Point - NO DR-- Timer 10/40
-Point to Multipoint - NO DR - Timer 30/120
-Point to Multipoint Non Broadcast - NO DR timer 30/120
Where to use OSPF Neighbour Command
- Neighbour Command is used to Signify where a Peer is when it cant be reached via multicast.
-Only necessary on one side of connection
-Hub site will configure the neighbour command
- Always match Network Type
- Timers wont matter if interface types are different
- Broadcast and Non Broadcast always try to elect DR/BDR
- Always use Broadcast statement when using Frame-Relay Maps.
Things about Network Types
- If you cant change the network type use NEIGHBOUR command
-Configure all OSPF frame relay interfaces for Point to Multipoint.
Types of Network Types
-Broadcast -- DR election takes place -- Timer 10/40
-Non-Broadcast - DR election takes place-- Timer 30/120
-Point to Point - NO DR-- Timer 10/40
-Point to Multipoint - NO DR - Timer 30/120
-Point to Multipoint Non Broadcast - NO DR timer 30/120
Where to use OSPF Neighbour Command
- Neighbour Command is used to Signify where a Peer is when it cant be reached via multicast.
-Only necessary on one side of connection
-Hub site will configure the neighbour command
Monday, January 5, 2009
CCIE Written Exam scheduled.
Last few days had been really busy. Dint study at all last few days as the family as the family is back from the UK after celebrating Christmas and New Years. I dint get time to blog at all. After i finished switching i managed to finish OSPF and a little bit of BGP before New Years. I have booked my CCIE written exam on 28th January 2009. So its time to get serious again and knock the Written exam and start preparing for the Big one. Thanks to RICK TYRELL, DAVE AROUNSACK , OMKAR (all buddies from CCIE BOOTCAMP in PASADENA, US) for following my blog and keeping in touch with me. Congrats to DAVE for Passing his CCIE Written exam.
Subscribe to:
Posts (Atom)
