On forums I find a lot of people asking about the interface used for the CCIE R&S Lab exam. Around 6 months ago, Cisco released a video with a tour of the interface, the narrator is not the most exciting in the land but you get the general idea and feel of the lab:
CCIE R&S v4.0 Lab Exam Demo
"This demo will familiarize candidates with the online interface that has replaced paper exams, which presents the virtual topology, test questions, documentation and tools. Strongly recommended for all candidates"
Friday, December 24, 2010
Thursday, December 23, 2010
Cisco IOS menu autocommand with AAA/Cisco ACS
A customer has a router dedicated to a site-to-site IPSec VPN , the users of that VPN are a small group that are not directly responsible for the router. They want a way to check the status of the WAN connection, the IPSec tunnel and also to force a clear crypto sa.
This could be solved with a looking glass but that would require a web server. An alternative solution could be a special user with a menu auto command:
menu VPN title @ VPN VERIFICATION / RESET MENU @
menu VPN text 1 ping Internet (OpenDNS)
menu VPN command 1 ping 208.67.222.222
menu VPN text 2 ping VPN (192.168.0.1)
menu VPN command 2 ping 192.168.0.1 source gi0/1/0
menu VPN text 3 sh crypto isakmp sa
menu VPN command 3 sh crypto isakmp sa
menu VPN text 4 sh crypto ipsec sa
menu VPN command 4 sh crypto ipsec sa
menu VPN text 5 Reset VPN (clear crypto ipsec sa)
menu VPN command 5 clear crypto sa
menu VPN text 6 Exit
menu VPN command 6 exit
menu VPN clear-screen
menu VPN status-line
menu VPN line-mode
menu VPN single-space
My environment uses AAA with a Cisco ACS, so the special user has to be created in the Internal ACS database, restricted to only that router (Per User Defined Network Access Restrictions), allowing shell (exec) access and the auto command menu VPN (TACACS+ Settings)
The router has to refer to the authorization for exec to the ACS:
aaa authorization exec default group tacacs+ local
Of course, if you don’t use ACS and only use AAA with the local database, Ivan @ Cisco IOS Hints has a great example.
Testing:
Server "VPN-Router" Line 6 Terminal-type xterm
VPN VERIFICATION / RESET MENU
1 ping Internet (OpenDNS)
2 ping VPN (192.168.0.1)
3 sh crypto isakmp sa
4 sh crypto ipsec sa
5 Reset VPN (clear crypto ipsec sa)
6 Exit
Selection: 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/95/140 ms
More info:
Tuesday, December 21, 2010
INE CCIE R/S 4.X Expanded Study Blueprint with links
After my bootcamp with Anthony Sequeira, I decided to guide my studies using the INE CCIE R/S 4.X Expanded Study Blueprint, the original doesn't have links for all the topics, so here it is with links for almost everything. Any feedback is appreciated, specially for the few areas where I couldn't find any relevant information.
There is also a PDF version for download.
1.00 Implement Layer 2 Technologies
2.00 Implement IPv4
3.00 Implement IPv6
4.00 Implement MPLS Layer 3 VPNs
5.00 Implement IP Multicast
6.00 Implement Network Security
7.00 Implement Network Services
8.00 Implement Quality of Service (QoS)
9.00 Troubleshoot a Network
10.00 Optimize the Network
11.00 Extra
There is also a PDF version for download.
1.00 Implement Layer 2 Technologies
(a) 802.1d
(b) 802.1w
(c) 802.1s
(d) Loop guard
(e) Root guard
(g) Storm control
(h) Unicast flooding
(l) BPDUFilter
(o) UDLD
(a) No VTP (TRANS)
(b) Pruning
(e) VTP Versions
(f) Regular Macros
(g) Smart Macros
(h) SNMP
(j) SSH
(k) Banners
(b) Allowed VLAN
(d) Native VLAN
(e) ISL
(f) 802.1Q
(h) PaGP
(i) LACP
(k) QinQ Tunneling
(a) Speed and duplex
1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
(a) SPAN and RSPAN
(b) Traffic shaping
(c) Topologies
(h) Broadcast Queue
(j) Load Interval
(q) Subinterfaces
(a) Clock Rate
(b) CHAP
(c) PAP
(h) MLP
2.00 Implement IPv4
2.10 Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM) [2] [3]
(c) IP Unnumbered
(d) /31 Mask
(a) Authentication
(b) Offset List
(c) Distribute List
(1) Gateway Option
(g) Summarization
(b) Stub area
(e) Totally NSSA
(i) Demand Circuit
(k) Summarization
(p) Cost Manipulation [2]
(1) ip ospf cost
(3) SPF Throttling
(4) Incremental SPF
(5) LSA Throttling
(2) Area Range
(3) Redistribution
(u) Router ID
(a) Best path
(b) Loop-free paths
(d) EIGRP queries
(f) EIGRP stubs
(g) Authentication
(j) Adjusting Timers
(n) Distribute lists
(p) SNMP Support
(s) NSF Awareness
(t) Router ID
(a) iBGP
(1) Synchronization
(2) Confederation
(3) Route-Reflection
(a) Tunnel
(b) Redistribute
(c) Static route
(d) Default route
(e) Policy route
(5) Peer Groups
(b) eBGP
(1) Multihop
(2) Next Hop Issues
(1) Authentication
(7) Load Balancing
(a) Local Pref
(b) MED
(c) AS PATH
(d) Weight
(9) BGP Communities
(11) Hide Local AS
(13) Remove Private AS
(14) AS PATH Filtering
(16) NSF Awareness
(a) Profile Phase
(b) Measure Phase
(d) Control Phase
(e) Verify Phase
2.90 Implement filtering, route redistribution, summarization, attributes, and other advanced features
(b) Redistribution
3.00 Implement IPv6
(a) Global Unicast
(b) Link Local
(c) Multicast
(d) Anycast
(e) Site Local
(a) Router Discovery
(b) Prefix Discovery
(a) ICMP version 6
(a) Manual
(b) GRE/IPV4
(c) 6to4
(d) ISATAP
(e) NAT-PT
(b) Summarization
(a) Summarization
3.80 Implement RIPng
4.00 Implement MPLS Layer 3 VPNs
(a) MPLS LDP
(e) OSPF Sham Link
(g) BGP SOO
(h) BGP AS Override
(i) Internet Access
(a) VRF-Lite
(b) MP-BGP VPNv4
(c) MP-BGP Prefix Filtering
5.00 Implement IP Multicast
(b) Shared Trees
(a) Authentication
(c) Timer Adjustments [2]
(a) Auto-RP
(2) Static mapping of Auto-RP groups:
ip pim rp-address 192.168.0.1 55
access-list 55 permit 224.0.1.39
access-list 55 permit 224.0.1.40
(c) BSR
(a) RPF
(b) RPF Check
(c) SSM
(d) Multicast Helper
(k) Anycast
(b) MLD
6.00 Implement Network Security
(b) Log
(c) Log-input
(d) Block RFC 1918
(g) MAC Access Lists
(b) Parameter Maps
6.05 Implement AAA
(a) Client Side in IOS
6.09 Implement Secure Shell (SSH)
6.10 Implement 802.1x
6.10 Implement 802.1x
(a) Reauthentication
(b) Quiet Period
(c) Host Mode
(d) Guest VLAN
(e) Accounting
6.11 Implement NAT
(a) Privilege Levels
6.14 Implement security features
(a) Private VLANs
(1) Storm Control
(2) Protected Ports
(3) Port Blocking
(4) Port Security
7.00 Implement Network Services
7.50 Implement DHCP
8.00 Implement Quality of Service (QoS)
(e) Classification
(f) Policing
(g) Shaping
(h) Marking
(1) CoS
(2) DE
(3) Experimental Bits [2]
(4) IP Precedence
(5) DSCP
(j) Compression
(k) Legacy QoS
(1) CQ
(2) PQ
(3) FRTS
(4) CAR
(c) policies
(a) Requirements
(b) VoIP
9.00 Troubleshoot a Network
10.00 Optimize the Network
10.03 Implement NetFlow
10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)
10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)
(a) SPAN
(b) RSPAN
(3) Filter with ACLs
(a) Version 2
(b) Version 3
10.08 Implement FTP
10.09 Implement TFTP
10.12 Implement HTTP and HTTPS
10.13 Implement Telnet
(a) Access-Class
(b) Session Limits
11.00 Extra
10.01 DNS
11.02 SDM
11.03 TCP
Subscribe to:
Posts (Atom)