Monday, January 10, 2011

Initial Draft

After 3 months at TCAM-INTERRUPT, I have decided to combine forces with my good friends; Daniel Rodriguez and Jose Miguel Huertas (CCIE #27028) to create Initial Draft on a more flexible blogging platform and post content on a regular basis, focused but not limited to our preparation for the CCIE R&S lab (I'm known for going off-topic).

The interesting content of this blog was migrated and Daniel and Jomi posted a couple of interesting articles for the unveiling of the site, and hopefully we will have new content every week.

So, please update your bookmarks to Initial Draft, drop us a line on the comment section or follow us on twitter.

Friday, December 24, 2010

CCIE R&S v4.0 Lab Exam Demo Video

On forums I find a lot of people asking about the interface used for the CCIE R&S Lab exam. Around 6 months ago, Cisco released a video with a tour of the interface, the narrator is not the most exciting in the land but you get the general idea and feel of the lab:

CCIE R&S v4.0 Lab Exam Demo

"This demo will familiarize candidates with the online interface that has replaced paper exams, which presents the virtual topology, test questions, documentation and tools. Strongly recommended for all candidates"

Thursday, December 23, 2010

Cisco IOS menu autocommand with AAA/Cisco ACS

A customer has a router dedicated to a site-to-site IPSec VPN , the users of that VPN  are a small group that are not directly responsible for the router. They want a way to check the status of the WAN connection, the IPSec tunnel and also to force a clear crypto sa.

This could be solved with a looking glass but that would require a web server. An alternative solution could be a special user with a menu auto command:

menu VPN title @ VPN VERIFICATION / RESET MENU @
menu VPN text 1 ping Internet (OpenDNS)
menu VPN command 1 ping 208.67.222.222
menu VPN text 2 ping VPN (192.168.0.1)
menu VPN command 2 ping 192.168.0.1 source gi0/1/0
menu VPN text 3 sh crypto isakmp sa
menu VPN command 3 sh crypto isakmp sa
menu VPN text 4 sh crypto ipsec sa
menu VPN command 4 sh crypto ipsec sa
menu VPN text 5 Reset VPN  (clear crypto ipsec sa)
menu VPN command 5 clear crypto sa
menu VPN text 6 Exit
menu VPN command 6 exit
menu VPN clear-screen
menu VPN status-line
menu VPN line-mode
menu VPN single-space

My environment uses AAA with a Cisco ACS, so the special user has to be created in the Internal ACS database, restricted to only that router (Per User Defined Network Access Restrictions), allowing shell (exec) access and the auto command menu VPN (TACACS+ Settings)

The router has to refer to the authorization for exec to the ACS:

aaa authorization exec default group tacacs+ local

Of course, if you don’t use ACS and only use AAA with the local database, Ivan @ Cisco IOS Hints has a great example.

Testing:

Server "VPN-Router"    Line 6    Terminal-type xterm

              VPN VERIFICATION / RESET MENU

    1          ping Internet (OpenDNS)
    2          ping VPN (192.168.0.1)
    3          sh crypto isakmp sa
    4          sh crypto ipsec sa
    5          Reset VPN (clear crypto ipsec sa)
    6          Exit

Selection: 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/95/140 ms

More info:

Tuesday, December 21, 2010

INE CCIE R/S 4.X Expanded Study Blueprint with links

After my bootcamp with Anthony Sequeira, I decided to guide my studies using the INE CCIE R/S 4.X Expanded Study Blueprint, the original doesn't have links for all the topics, so here it is with links for almost everything. Any feedback is appreciated, specially for the few areas where I couldn't find any relevant information.

There is also a PDF version for download.

1.00    Implement Layer 2 Technologies

 (a) 802.1d
 (b) 802.1w
 (c) 802.1s
 (d) Loop guard
 (e) Root guard
 (l) BPDUFilter
 (o) UDLD

 (b) Pruning
 (h) SNMP
 (j) SSH
 (k) Banners

 (e) ISL
 (f) 802.1Q
 (h) PaGP
 (i) LACP



 (c) Topologies

 (a) Clock Rate
 (b) CHAP
 (c) PAP
 (h) MLP

 

2.00    Implement IPv4



            (1) Gateway Option

 (b) Stub area
 (u) Router ID

 (a) Best path
 (t) Router ID

 (a) iBGP
(a) Tunnel
(b) Redistribute
(c) Static route
(d) Default route
(e) Policy route
 (b) eBGP
 (1) Multihop
                        (a) Local Pref
                        (b) MED
                        (c) AS PATH
                        (d) Weight
            (9) BGP Communities
            (10) Regex Engine Performance Enhancement
            (11) Hide Local AS
            (12) Conditional Route Advertisement
            (13) Remove Private AS
            (14) AS PATH Filtering
            (15) BGP Policy Accounting
            (16) NSF Awareness
            (17) Support for TTL Security Check
            (19) Support for Next-Hop Address Tracking
            (20) Outbound Route Filtering



            (1) Default Seed Metric
            (2) Setting parameters with a Route Map


3.00    Implement IPv6

 (c) Multicast
 (d) Anycast
 (e) Site Local



 (a) Manual
 (b) GRE/IPV4
 (c) 6to4
 (d) ISATAP
 (e) NAT-PT



3.80    Implement RIPng

 

4.00    Implement MPLS Layer 3 VPNs

 (a) MPLS LDP

 (g) BGP SOO


 (a) VRF-Lite
 (c) MP-BGP Prefix Filtering

 

5.00    Implement IP Multicast



  (a) Auto-RP
 (2) Static mapping of Auto-RP groups:

ip pim rp-address 192.168.0.1 55
access-list 55 permit 224.0.1.39
access-list 55 permit 224.0.1.40

 (c) BSR

 (a) RPF
 (b) RPF Check
 (c) SSM
 (k) Anycast

 (b) MLD

 

6.00    Implement Network Security

 (b) Log
 (c) Log-input



6.05    Implement AAA
 (a) Client Side in IOS


 (c) Host Mode

6.11    Implement NAT

6.14    Implement security features

7.00    Implement Network Services

7.50    Implement DHCP

 

8.00    Implement Quality of Service (QoS)

 (f) Policing
 (g) Shaping
 (h) Marking
            (1) CoS
            (2) DE
            (3) Experimental Bits [2]
            (4) IP Precedence
            (5) DSCP
            (1) RTP Header Compression
            (2) TCP Header Compression
            (3) Class-Based Header Compression Methods
 (k) Legacy QoS
(1) CQ
(2) PQ
            (3) FRTS
            (4) CAR

 (c) policies

 (b) VoIP

 

9.00    Troubleshoot a Network

 

10.00    Optimize the Network

10.03    Implement NetFlow
10.04    Implement SPAN, RSPAN, and router IP traffic export (RITE)

 (a) SPAN
 (b) RSPAN
            (1) Configure IP Traffic Export
            (2) Configure IP Traffic Capture
            (3) Filter with ACLs
            (4) Filter with Sampling
            (5) Capture Bidirectional Traffic

 (a) Version 2
 (b) Version 3

10.08    Implement FTP
10.09    Implement TFTP
10.13    Implement Telnet

 

11.00    Extra

10.01    DNS
11.02    SDM
11.03    TCP