Archive for October, 2008
Our new CCIE 2.0 model of agile and responsive development, adaptive and personalized learning, and intimate community interaction and involvement is what we believe will help us further our goals. As stated in the announcement our commitment is to our customers and not the bottom line.
We feel that this new model will let us respond to changes within days, not months, or years; that it will enable us to further engage our customers with unique and tailored learning solutions. Furthermore, it will empower our customers by giving them more control over, flexibility of, and opportunity for CCIE advancement.
The announcement we made yesterday seems to have generated a lot of interest in the CCIE community. The response has been overwhelmingly positive, but a very limited few have unfortunately assumed that this announcement was done to participate in some sort of “vendor war”. We don’t want to be involved in or appear to be involved in any sort of “vendor war”. Our sole focus is on our customer and their success. That’s my core belief, our instructors’ core focus, and IE’s guiding principle. To further follow that principle, I’ve removed any posts or blog comments that could be somehow perceived as feeding into a “vendor war”.
Lastly I would like to say that your goals are our goals, that we can only achieve these goals together, and only if we are continually striving for improvement.
I. Module 1: The Operation of Data Networks
A. Cisco Network Devices
B. The OSI Model
C. The TCP/IP Model
D. Voice Over IP and Video Over IP
E. Network Diagrams
F. Network Paths
G. Common Network Problems
H. LAN versus WAN Features
II. Module 2: Implementing a Small Switched Network
A. Physical Media
C. Network Segmentation
D. Basic Switching Concepts
E. Initial Switch Configuration
F. Switch Verifications
G. Basic Switch Security
H. Common Switch Issues
III. Module 3: IP Addressing and IP Services for a Small Network
A. The Role of Addressing
B. Private versus Public Addressing
D. Create and Apply an Addressing Scheme
G. Common Addressing Issues
IV. Module 4: Implementing a Small Routed Network
A. Basic Routing Concepts
B. Operation of Cisco Routers
C. Initial Switch Configuration
D. Physical Media
F. Router Management
G. Router Security
H. Router Verifications
V. Module 5: WLAN
B. Wireless Components
C. Wireless Configuration
D. Wireless Security
E. Common Wireless Issues
VI. Module 6: Network Security
A. Security Threats
B. The Security Policy
C. Attack Mitigation Techniques
D. Common Security Appliances and Applications
E. Best Practices
VII. Module 7: WANs
A. Connecting a WAN
B. Configure a Serial Connection
C. Verify a Serial Connection
Exam Number: 640-822
Exam Name: ICND1
Number of Questions: 40
Total Time: 90 Minutes
Passing Score: 804
Describe the operation of data networks
Implement a small switched network
Implement an IP addressing scheme and IP services for a small network
Implement a small routed network
Explain and select the appropriate administrative tasks required for a WLAN
Identify security threats to a network and describe general methods to mitigation
Implement and verify WAN links
640-822 is one of the best Cisco (written) exams I have EVER seen. It does an excellent job of testing real world skills that an entry-level technician would need to succeed supporting small routed and switched networks.
The emphasis of the exam is on basic configuration and troubleshooting of Cisco devices. While there are a smattering of definitional type theory questions, the major focus is “hands-on”, scenario based questions.
You should be ready to solve Simulations, scenario and exhibit-based multiple-choice questions, drag and drop, and standard multiple-choice queries. Be very careful about how much time you dedicate to any one question, since you might really burn the clock on a single given exercise. Time management is a key to success in this exam.
This exam does a superb job at reflecting the published exam blueprint, and as such, you can expect our course materials for CCENT to explain fully all questions.
You will feel very proud when you complete the CCENT certification with a passing score on this exam, as you will very clearly be ready to support the basic Cisco network!
Enjoy your studies!
In this post we will quickly discuss the use of most commonly needed IGMP timers. First, as we know, multicast routers periodically query hosts on a segment. If there are two or more routers sharing the same segment, the one with the lowest IP address is the IGMP querier (per IGMPv2 election procedure – as you remember, IGMPv1 let the multicast routing protocol define the querier).
Thank you everybody for the tremendous response to our announcement vSeminar. For those of you that weren’t able to attend due to capacity or other issues, the recording for CCIE 2.0 – The Next Evolution can be found here.
Much more detail will be posted over the coming days, but in a nutshell this is what’s changing at IE:
First and foremost, Internetwork Expert is not joining the Cisco 360 Program. Instead, we have devised a new framework – CCIE 2.0 – for the next evolution in the training industry.
CCIE 2.0 consists of the following:
- dynamic customized self-paced content
- adaptive written & hands-on assessments (Poly-Labs)
- continuing interaction with instructors, authors, customer success managers, and support staff
- community involvement
Next, starting Q1 2009 we will be offering ILT, online classes, class-on-demand, and lab workbooks for the Associate & Professional level tracks. We’ll be starting at CCENT, progressing to CCNA, and CCNP/CCVP/CCSP.
Stay tuned for more detail on the program, along with our new vSeminar and Online Classroom schedule.
In this post we will look at the basic classification and marking features available in the 3550 and 3560 switches. Basic features include packet marking using port-level settings and port-level policy-maps. Discussing Per-VLAN classification is outside the scope of this document.
The Catalyst QoS implementation bases on Differentiated Services model. In a few words, the ideas of this model could be outlined as follows:
1) Edge nodes classify ingress packets based on local policy and QoS label found in packets.
2) Edge nodes encode traffic classes using a special field (label) in packets to inform other nodes of the classification decision.
3) Core and edge nodes allocate resources and provide services based on the packet class.
Brian Dennis and Brian McGahan, Co-Founders of Internetwork Expert, will make a major corporate announcement during an online webcast, Thursday, October 30th at 11AM PDT.
Who: Brian Dennis and Brian McGahan: Co-Founders of Internetwork Expert
What: Major Corporate Announcement
Where: Online Webcast
When: 11 a.m. (PDT) Thursday, October 30th, 2008
If you are not able to attend this live event, a recording will be posted shortly afterwards.
Current customers please note, this announcement will not affect the status of our Investment Protection Program. All previous, current, and future purchases are still protected under this plan!
Recently as most rack rental customers are aware of it’s not easy to find an available rack or mock lab session. Our security rack rentals are running near 100% capacity, the SP racks are also near 100% capacity, voice is already near 75% capacity and R&S rack rentals are near 92.5% capacity. Currently we are out of power and space at our two offices in the Reno Technology Center. We have just signed a lease on a new 4200sqft hosting facility. This will allow us to expand to over 400 CCIE racks. We have already started purchasing the additional hardware for the new racks and they should start becoming available in November so watch for sessions that are currently sold out to become available.
Around the middle of November you will see the start times of the rack rentals and mock labs vary (every 3 hours a session will start). This is designed to accommodate our customers in Europe, the Middle East and Asia. Currently the sessions start at inconvenient times for customers in these locations.
The voice racks now support EZVPN and SSL VPN connections. We have installed two VPN routers for redundancy and to allow for multiple connections. This means you can now use your own phones and/or soft phones. We are also adding additional 7960s to each rack. After next week you will see one additional 7960 phone added to the HQ site bringing the total to three 7960s and one additional 7960 for the BR1 site bring the total to two 7960s.
We will have a voice bootcamp rental kit available for anyone running their own voice CCIE bootcamps. Currently vendors that are renting out our voice racks for bootcamps need to provide their own IP phones and router/PIX/ASA for the VPN connection. The new kit that is identical to the kit we will start using for the voice bootcamps includes (per student) three 7960 phones, an ATA 186 and an analog phone. There is also one VG248, two 3550 24 port PoE switches, one 2811 and the necessary cables needed to connect everything up.
I would like to add that our voice rack rentals are only $15 per 5.5 hours. In addition to our voice products and classes you should be able to do any vendor’s practice labs on our voice racks. To view our topology click here.
Since the rumor seems to be out that something big is brewing at Internetwork Expert I thought I would let everyone know that yes we will be making a big announcement early next week. Everyone just stay tuned!
Update: A few people have asked if they should wait to make a purchase until after the annoucement. The answer is no. You actually have an advantage if you purchase before the annoucement. Example: if you purchase a self-paced E2E today and the self-paced E2E changes next week you are covered by our Investment Protection Program.
One of the new technologies to be featured in the CCIE Security 3.0 blueprint is the GET VPN. This blog post will give you the basics of this new and exciting technology.
Here is the scenario; you are a large corporation with multiple branch offices that need VPN connections between them in order to protect data that needs to be shared from branch to branch. The standard Cisco solution is to create point-to-point IPSec VPNs between these branch offices. This can quickly become a nightmare for administration, obviously, as this “any to any” encryption model using traditional VPN methodologies simply does not scale. Helping to exasperate this issue is the replication of multicast traffic and the extreme difficulty of implementing Quality of Service mechanisms across the core of the network.
The Group Encrypted Transport VPN model has your routers become trusted members of VPN groups as a replacement for the point-to-point model. Secured packets now use the existing router infrastructure and have their original IP header preserved. This helps to ensure that intelligent services like QoS and multicast are no longer implementation problems!
Another huge scalability issue with the traditional, point-to-point approach for “any to any” VPNs is key management. The GET VPN features simplified security policy and key distribution thanks to the Group Key Distribution Model. This model uses Group Domain of Interpretation (GDOI) as specified in RFC 3547. The Group Key Distribution Model features a Key Server (a Cisco router) that authenticates group members, and handles the distribution of security policies and any required keys. In the interests of further scaling this already scalable solution, as well as improving availability, Cooperative Key Servers can be used across wide geographic distributions.
Here are the core technologies to explore with the GET VPN feature:
- Group Domain of Interpretation (GDOI) RFC 3547
- Key Servers (KS)
- Cooperative Key Server (COOP KSs)
- Group Member (GM)
- IP tunnel header preservation
- Group security assocaition
- Rekey mechanism
- Time-based anti-replay (TBAR)
Here are the GET VPN core benefits:
- Large scale any-to-any IPSec security
- Utilizes the underlying IP VPN routing infrastructure
- Integration with existing multicast infrastructures
- IP source and destination address preservation
I certainly hope this post wets your appetite and gives you a framework to begin your studies of the GET VPN technology.