del flash:vlan.dat

frame-relay route 513 interface serial0/3 315

Well I got through the last workbook I wanted to get through sometime last week before moving back to the Internetwork Experts workbook 2. I started lab 2 today with a few dumb issues. First off I forgot to delete the vlan.dat file from flash before configuring the switching section. This didn’t play nice when it came time to prune vlans. It is always a real pain in the rear when you spend countless minutes troubleshooting only to remember you forgot to delete the file. Those are the mistakes that I can’t stand making, such a complete waste of time.

The other command was missing from my frame-relay switch when it came time to enable EIGRP. I spent another hour trying to figure out why the interfaces were not coming up and why EIGRP was not forming a neighbor relationship. I must have forgotten to check the up state of the serial interfaces on both R3 and R5 before moving passed frame relay. I must have just been overly excited to move and configure HDLC! I found the missing route when I was out of ideas on why the interfaces were not coming up. Sure enough it is always one of the first items I should be checking.

At this rate I will be buying a cold Cisco lunch for $1400 and the cost of the trip to eat that lunch :). At least I am learning as I continue to torture myself. I am coming to the realization that I am going to just need to break my labs up between two to three days. Too much to do at night when I get home.

Either way I am not feeling all that comfortable about my mock lab on April 14th, or the real lab for that matter.

Just tell me that the IOS is more secure than Windows 🙂

Cisco Wednesday ‘celebrated’ its first six-monthly patch schedule for IOS by delivering five separate security alerts. The alerts affect Cisco IOS Multicast VPN (MPVN); IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Router Switch Processor 720; IOS user datagram protocol delivery; and IOS’ Data-link Switching feature.

Cisco warned that its MVPN could be exploited to allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other MPLS-based VPNs by sending specially crafted messages. Patches and workarounds are available for this vulnerability.

Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on version 12.2 could be open to a denial-of-service attack, preventing any traffic from entering an affected interface,according to Cisco. Devices are vulnerable if they are configured for Open Shortest Path First (OSPF) Sham-Link and MPLS VPN. Workaround and fixes are available for this problem.”

Full article here

According to the netpro forums we should have access to all the links on the site that are otherwise down and being addressed according to this post :

“… The approach our CCIE Lab operations is taken is to redirect the queries that are no longer available at to the current and valid web page.

Every time a page is moved our lab team creates an entry allowing the new path, so all needed documentation will be available for candidates.

Maurilio ”

Thanks to Ethan for pointing out this thread…

I forgot to post this last week, but the wife and I found out we will be having a boy this coming August. Now honestly I have being dealing with nothing but Barbie’s, Disney Princesses, pink, frilly, frizzy, Hannah Montana, and everything else nice with my eight year old daughter. Needless to say it was a very big shot in the arm when I found out it was going to be a boy. I already went out and got him some Michigan U wear for his first couple months when he can sit and watch college football with me. Don’t get me wrong I love my daughter very much and what she brings to my life, but she never took to football, hockey, boy toys, and everything else I tried to get her to play with…

I told the wife we could get some headphones to lay on her stomach and play some CCIE audio training for him to listen to and all that got me was something heavy thrown my way. I am wondering if she will let me read him the sports section of the newspaper every night going forward…

I have nothing new to report this week :(. It has been a long two weeks at work the last two weeks. With the virus outbreak which was causing network problems and a few projects that came online I have been putting in fifty hours per week on average.

I did pick up some new commands for our ASA Box though. With the few machines we could not pin down right away we found they were trying send out packets to the internet. Our ASA box was syslogging their activity but not blocking it yet.

threat-detection basic-threat…

…was turned on to sniff out the traffic coming from the inside trying to get out. Once this was turned on it shut out the machines that were infected and trying to send out unwanted traffic. So all and all at least within the last two weeks I have been able to pick up some new Cisco commands and trouble shooting.

This week I need to finish my taxes as my top priority. Within the next few weeks I will be painting some rooms in preparation for the baby. I am hoping to get enough lab time in to take a shot at my mock lab on April 19th, if not I will just have to postpone it. The baby will be coming whether the rooms are ready or not so I need to make sure they are done!

A great continuation post on redistribution from Petr Lapukhov.

“Please, refer to the previous parts of this article, for information on the diagram and terms. For this scenario, called “dual-core”, we want the “fast” Ethernet connections (VLAN 356) to be used as primary transport for packet exchange between the routing domains. The Frame-Relay cloud should only be traversed, if the primary (“fast”) connections fail for some reason. That obviously means we will need to configure two transit domains: the OSPF and EIGRP 356. Plus, routes traversing EIGRP 356 should be given higher preference inside other routing domains, since it’s going to be the primary transit path…”

Full article here

Well I finished the BGP Advanced workbook last week. We have been fighting a virus outbreak at work that has taken down at least one 2k server which has me really spent this week. Our Symantec Corporate edition is not cutting it. It can’t even stop a three year old virus. It is flat out garbage. Our license is coming up for renewal at a cost of $16k for one year. I really don’t see me renewing that one. Not when AVG network edition has been catching the virus before it can even infect and cost only $5k for two years… I can’t believe Symantec charges so much for a product that is so inferior. Maybe they think admins will just continue the status quo and keep on paying them. Either way I have not wanted to touch a keyboard really at all this weekend.

Back to topic, I plan on starting volume 4 tomorrow and work through that for the week. I am hoping to have that and volume 5 completed in three weeks. My first mock lab is April 19th and not sure if I will make it, but we will see.

Also I have been contemplating my lab date of July 14th. Originally it was scheduled ahead of my wife giving birth but with things needing to be done before hand I am not sure if I will be able to dedicate all my time right up to lab day. I am thinking maybe October since in September I will get all my vacation time back and can set some time away maybe to dedicate a month before the lab to make sure I am ready.

Part II to his excellent video!

“In Part 2 of the GRE/IPSec tutorial series, you will learn how to encrypt the GRE tunnels you built in Part 1. Although I only show you how to create a hub and spoke topology, it is also possible to create a fully meshed topology or even a partial mesh. I highly recommend creating GRE tunnels from the branch to every datacenter in your organization…”

Full article here

As with Ethan I left groupstudy’s ccielab mailing list today. I couldn’t take all the noise either anymore. The constant posts on whether CCIE is worth it anymore, the posts on “I passed my CCIE lab with only two months of studying…” (hmmm wonder what practice labs were used in those two months,) just are getting too old. I met some great people on that list so it isn’t a total wash. Himawan’s post on his update to obtaining your CCIE turned into another CCIE vs the world argument. Seriously if you are looking to obtain your CCIE to become rich and famous you will be very disappointed. The CCIE is not a panacea for anyone’s career. I choose to do it because it is the top certification in the industry and to learn as much as I can, not to get my number and try to go out and get a six figure job the next day…

Himawan’s site was the first site I starting reading about the CCIE. He has created an updated version of his “How to Become a CCIE” and it is a good read especially point #1. Here is a little clip.

“Passing the elite level and world’s toughest certification from Cisco Systems, tips from someone who has done it three times
By Himawan Nugroho, CCIE#8171 (R&S, Security, SP)

I was digging through my own blog archive and found that my first post about How to Become a CCIE is quite old and need to get updated. In fact, I’m thinking to modify it in such a way so the same principle should be applied to any CCIE tracks, and even to any top level certification from other vendor. Without any intention to re-invent my own writing, I just put the updates and I tried to make it short this time. So if you’d like to read more about my experience taking the lab 3 times, I suggest you to read the original version and all related posts, starting with the summary of my journey.”

You can read the rest here

Next Page →