Dec
27

Many of my Boot Camp students ask me about exactly how they are going to be using the DOC-CD during the lab exam.  Specifically, they say “I have heard that I need to be a master at the DOC-CD in order to pass, but what exactly does that mean?”

I thought I would post a concrete example of how to use the DOC-CD during the lab exam for all to read.

I was very diligent in studying all of my expanded blueprint topics during preparation, but my memory is certainly not what it used to be, especially after long years of collegiate partying at Zoo-Mass Amherst. Thanks to DOC-CD access, however, I did not need to memorize too many details at all.

Here is a sample task from a hypothetical Security section of the lab exam and a narrative of how I used the DOC-CD in this instance.

Security

DoS Protection

8.2 Configure R1 to protect Web servers located at 192.168.100.100, 192.168.100.101, and 192.168.100.102 from DoS SYN-flooding attacks. Ensure the router sends Resets to the servers if connections are not established within 15 seconds. Make sure R1 reduces this interval by half if 700 connection requests are received within 1 minute. Return to the previous interval if the connection requests fall to 300 within 1 minute.

2 points

Thanks to my studies, I quickly recognize this is a question that requires the use of the TCP Intercept feature. I also recall that an access list can be used with the feature, and I remember that the feature can operate in one of two modes. But frankly, that is all I remember. No problem at all!

I fire open the link to the DOC-CD and find the TCP Intercept feature within 10 seconds. Literally. Once there, I very quickly jog my memory of the two modes and some of the other features available with the tool. I have already read this document twice in great detail as part of my preparation, so everything comes back really quickly as I skim it during the lab exam.

I get full credit for this lab task in about 4 to 5 minutes, thanks in great part to your friend and mine, the DOC-CD.


You can leave a response, or trackback from your own site.

17 Responses to “Using the DOC-CD During the CCIE Lab Exam”

 
  1. Adam Clark says:

    What of the announcement that states:

    22 Aug 2008

    CCIE labs changing from UniversCD to Cisco Documentation

    On Sept 24 2008 CCIE labs will no longer support using the UniversCD documentation for the lab exam.

    All labs are migrating to Cisco Documentation only. For those scheduled to take the CCIE lab prior to Sept 24 access will still be available for UniversCD.

    The Cisco Documentation pages have the same information that currently resides on UniversCD, please refer to the links on the CCIE web pages to view these pages and become familiar with the new format.

    Cisco Documentation: http://www.cisco.com/web/psa/products/index.html

    After Sept 24 2008 only the Cisco Documentation web pages will be available for CCIE labs.

  2. Piyanan Satayapiwat says:

    This is an interesting question. Can you give me the configuration required in order to answer this question? Especially for the one that says “Make sure R1 reduces this interval by half if 700 connection requests are received within 1 minute. Return to the previous interval if the connection requests fall to 300 within 1 minute.”.

  3. INE Instructor says:

    That new link is the documentation I am speaking of in this post. I still refer to it as the DOC-CD.

  4. Snobke says:

    Piyanan, I think it would look like this:
    (take note that I only searched the DocCd for this and composed this:)

    access-list 101 permit tcp any 192.168.100.100 0.0.0.3

    ip tcp intercept list 101
    ip tcp intercept mode watch
    ip tcp intercept drop-mode oldest
    ip tcp intercept watch-timeout 15 (this is standard)
    ip tcp intercept one-minute low 300
    ip tcp intercept one-minute high 700

    May I ask you how you find this in the new documentation? On the Doc CD I found this right away, bbut I don’t manage to find this on the documentation web page.

    If I am wrong in my commands, don’t shoot me as I am not (yet) studying CCIE ;)

  5. INE Instructor says:

    Here is the solution configuration:

    !
    access-list 110 permit tcp any host 192.168.100.100
    access-list 110 permit tcp any host 192.168.100.101
    access-list 110 permit tcp any host 192.168.100.102
    !

    !
    ip tcp intercept list 110
    ip tcp intercept watch-timeout 15
    ip tcp intercept one-minute low 300
    ip tcp intercept one-minute high 700
    ip tcp intercept mode watch
    !

    Verifications include:
    sh tcp int statistics
    sh run | include intercept
    sh access-list 110

  6. INE Instructor says:

    Here is the path in the “new” DOC-CD:

    http://www.cisco.com/web/psa/products/tsd_products_support_configure.html -> Cisco IOS Software -> 12.4 Family -> Cisco IOS Software Releases 12.4 Mainline -> Configuration Guides -> Cisco IOS Security Configuration Guide, Release 12.4 -> Traffic Filtering, Firewalls, and Virus Detection -> Configuring TCP Intercept (Preventing Denial-of-Service Attacks)

  7. Piyanan says:

    Thanks all for the config.

  8. Roy Waterman says:

    Hi,

    Could you possibly explain how you are able to find the TCP Intercept feature within 10 seconds, i.e what you do once you get to the doc cd?
    I am only aware of searching the Master Index for commands beginning with T, and TCP Intercept is not listed, so elaboration into feature searching would be much appreciated!

  9. INE Instructor says:

    Hi Roy!

    I posted the full navigation path here in the comments on Dec 31. I memorized the path during my studies – it was easier than memorizing the details of the feature :-) Please e-mail me if you need more help on the DOC-CD.

  10. Roy Waterman says:

    Thanks for the quick reply :)
    I was wondering if you were performing some kind of doc-cd ctrl-f kung fu.
    I better memorise locations :)

  11. INE Instructor says:

    No – I wish there was a magic solution – after using the DOC-CD all of the time during studies (see my recommended study approach), you just end up knowing all the locations like they are a part of you :-)

  12. federico says:

    hi all,
    my (maybe stupid) question is:
    does the lab version of the DOC_CD (aka http://www.cisco.com/web/psa/products/index.html) it’s fast enough? it is a real http website or it can be used in offline mode?
    or it is proxi-ed locally by some local server?
    my exam is so far away but i would like to know :)
    thanks!

  13. INE Instructor says:

    There used to be issues with the speed of the “DOC-CD” site – but from what I have heard – Cisco has repaired this at all testing locations.

    It should be the same speed you achieve when practicing using a Cable Modem or DSL.

  14. federico says:

    thank you,
    i will start using it immediately when approaching studies from the workbook I.

  15. w33p says:

    since december 2008 until now some changes occured so the path

    “http://www.cisco.com/web/psa/products/tsd_products_support_configure.html -> Cisco IOS Software -> 12.4 Family -> Cisco IOS Software Releases 12.4 Mainline -> Configuration Guides -> Cisco IOS Security Configuration Guide, Release 12.4 -> Traffic Filtering, Firewalls, and Virus Detection -> Configuring TCP Intercept (Preventing Denial-of-Service Attacks)”

    changed!
    my problem is that i can’t find it anywhere here:
    http://www.cisco.com/cisco/web/psa/default.html

    is anyone willing to help?

  16. chrismarget says:

    “my problem is that I can’t find it anywhere”

    It’s here:
    IOS and NX-OS Software -> IOS -> 12.4 Family -> 12.4 Mainline
    Configuration Guides
    Cisco IOS Security Configuration Guide: Securing the Data Plane

 

Leave a Reply

Categories

CCIE Bloggers