Archive for January, 2011
Today’s CCENT-level challenge involves the methods that are commonly used to describe and compare modern network infrastructures regarding such things as performance and structure.
ICND1-1: What common descriptive characteristic for a modern network often encompasses a measure of the probability of a network failure called the Mean Time Between Failures or MTBF?
Dennis caught our eye creating Visio versions of the best-selling Volume 1 workbook network topology for his fellow students in the IEOC. Thanks again Dennis and enjoy your $50 Gift Certificate for Amazon.com.
The files that Dennis created for his fellow students can be found by clicking here.
Here is his story…
In 1991, I began my official work life as a Customer Service Representative. I repaired all manner of equipment for many well-known small to medium sized retail chains and large retail chains with names ending in “mart”. In 1996 I took a position with a small contracting company working at NOAA (National Oceanic and Atmospheric Administration). I worked as a Help desk Engineer for several years. I became Microsoft MSCE certified in 1998. In 1999 I took another position within my company still at NOAA for their Computer Incident Response Team. I had several satisfying years in that position learning all about incident detection, response and remediation.
The Cisco Unified Communications feature called Mobile Connect (also familiarly referred to as Single Number Reach) is truly a great feature of Unified Communications Manager, and can provide us with many efficiencies both in being able to be reachable just about anywhere, and in being able to be easily identified when placing inbound calls from our mobile phones into the CUCM cluster to our colleagues. As admins, we know that if we wish to have our users place calls from their mobile phones inbound to their colleagues inside the CUCM cluster, that we need to match up all or at least part of their inbound calling party number (CLID) to their CUCM Remote Destination. But what happens when what the carrier is sending CLID digits inbound to our IOS voice gateways that differs significantly from our Remote Destinations in CUCM, especially if we have truly embraced Cisco’s push toward true Globalization in v7.0, v8.0 & v8.5?
Tags: callmanager, CCIE Voice, cisco voice, How to Pass the CCIE Voice Lab Exam, ip-phone, MGCP, mobile connect, PRI, telephony, unified communications manager, unified mobility, voice gateway, voip phone
In our recent Implement Layer 2 Technologies series, we examined Q-in-Q tunneling in great detail. In this discussion, I mentioned a big caution about the Service Provider cloud with 802.1Q trunks in use for switch to switch trunking. This caution involved the use of an untagged native VLAN.
You see, this configuration could lead to what is known as the VLAN hopping attack. Here is how it works:
- A computer criminal at a customer site wants to send frames into a VLAN that they are not part of.
- The evil-doer double tags the frame (Q-in-Q) with the outer frame matching the native VLAN in use at the provider edge switch.
- The provider edge switch strips off the outer tag (because it matches the native VLAN), and send this frame across the trunk.
- The next switch in the path examines the frame and reads the inner VLAN tag and forwards the frame accordingly. Yikes!
Notice the nature of this attack is unidirectional. The attacker can send traffic into the VLAN, but traffic will not return. Admittedly, this is still NOT something we want taking place!
What are solutions for the Service Provider?
- Use ISL trunks in the cloud. Yuck.
- Use a Native VLAN that is outside of the range permitted for the customer. Yuck.
- Tag the native VLAN in the cloud. Awesome.
Today’s challenge is drawn from the exciting area of CCNA Security. Enjoy. As always, you can find the answer in the comments area a day or two after the date of this post.
IINS-1: The CIA Triad seeks to define the three primary purposes for network security. These are to secure an organization’s data confidentiality, integrity, and availability. Define integrity as it is used in the CIA Triad. For bonus credit, provide the term texts often attribute the A for in CIA as opposed to Availability.
Cisco had promised us Christmas 2010 editions of these new exams. Those dates have slipped again.
The new Cisco CCDA 640-864 DESGN and CCDP 642-874 ARCH exams are now scheduled to hit by January 31, 2011.
Both exams promise to test new material regarding virtualization and data centers. Stay tuned to see if these new exams do actually materialize. For those tracking such things – this is the third new date for these exams.
You will find the answer to today’s CVOICE Exam Practice in the comments area of the blog approximately 24 hours after the post. Have fun!
CVOICE-1: Cisco Unified Communications gateways support various VoIP signaling protocols. For each description below, provide the signaling protocol that is described:
A. This protocol specifies the commands and responses to set up and tear down calls. It also details features such as security, proxy, and transport control protocol (TCP or User Datagram Protocol [UDP]) services. It is a text-based protocol that borrows many elements of HTTP, using the same transaction request-and-response model and similar header and response codes.
B. This protocol definition controls VoIP gateways that are connected to external call control devices, referred to as call agents.
C. This standard specifies the components, protocols, and procedures that provide multimedia communication services—real-time audio, video, and data communications—over packet networks, including IP networks. The protocol is part of a family of ITU-T recommendations.
D. This Cisco proprietry protocol is used between Cisco Unified Communications Manager and Cisco Unified IP phones.
I have been asked for many years now, “What is the best phone to use when studying for the CCIE Voice exam?”. And while this answer has changed over the years with the different blueprint requirements (with no doubt whatsoever it will change again come next blueprint), the answer for the past year and a half has been a tough one. You see, the actual CCIE Voice lab exam uses Cisco 7965G phones – which you certainly do not need to run out and buy, since all of the same features can be tested using a lesser model, say a 7961 or 2 hardware phone (only difference would be the background image – color and resolution). And certainly, without a doubt, using hardware phones –attached to an INE / GradedLabs Voice Rack using hardware EzVPN through a Cisco IOS router or Cisco ASA– is hands down, the absolute best way to study.
I passed my Lab – # 27992!
I like to thank you for Deep Dive modules and other support you provided!
- Akash Patel, CCIE Voice #27992
Share in Akash’s success with 30% off all self-paced training products! This is a perfect opportunity to get the latest videos in our CCIE Voice Deep Dive Series! This sale also applies to all of our other great training in CCIE Routing & Switching, CCIE Security, CCIE Service Provider, CCNP, and CCNA. Use discount code: 27851 during checkout to save!
Beginning January 17th, 2011, Cisco will add Layer 2 Switch Troubleshooting to the 2 hour Troubleshooting section of the lab exam. Like the Layer 3 Troubleshooting that you will perform, these switches are emulated devices using Cisco’s IOU product – that stands for IOS on UNIX and is a similar approach to the popular Dynamips platforms. Cisco calls the ability to emulate switches on UNIX – L2IOU.
As you know, INE has been addressing Layer 2 Troubleshooting in all of our CCIE R&S products for a long time – so there will be few modifications that need to be made. I realize that change does cause some level of fear among students studying hard for this exam. I will be sure to schedule a free vSeminar next week to chat about this latest exam format and answer your questions. Watch the blog for the date and time of that vSeminar.
By the way, Cisco announced this change on the Cisco Learning Network this week. Here is the original post.