Last week I had the opportunity to spend time with several CCIE security candidates in Texas, and had a blast. One of the questions that came up was regarding ARP inspection on the ASA in transparent mode. This topic comes up a lot, so I wanted to share it with y’all   in this blog.

Here is the diagram we can work with:

ARP inspection on the ASA in transparent mode, is really very simple. The intent is to stop attackers from spoofing the L2 address of another host, such as a default gateway or some other critical system. The ASA does this by verifying that all ARP traffic is accurate for the specific key devices you are protecting against spoofing.

As we already know, Read the rest of this entry »

We had some requests to blog this success story as well.

Here is his awesome story:

Finally… I passed the CCIE Security exam.  3rd time’s a charm   What a journey this has been.  I have been dreaming about CCIE since 2001, but began serious study in June 2007.  A year later, I passed the written and finally yesterday (3/9) on my 3rd try I passed the lab.

Read the rest of this entry »

We recently spotlighted our new CCIE R&S passers in our newsletter, but we were remiss in recognizing everyone else. Shame on us!

Heartfelt congratulations to ALL of our recent passers!

#13900 Casssio Gomes (SP) (2x)
#17275 Yaroslav Rosomakho (SP) (4x)
#21607 Andriy Yerofreyev (Voice) (2X)
#25664 Vikrant Pundir (SP)
#25719 Mohamed Gazzaz (Sec)
#25722 Bambang Gunawan (SP)
#25793 Flavio Provedel (R&S)
#25809 Brian Luers (R&S)
#25820 Joni Oksanen (SP)
#25821 Steven Clarkin (R&S)
#25823 Branimir Turk (R&S)
#25869 Hadi Esper (R&S)

IOS IPS is fair game for the CCIE Security and CCIE R/S labs. With IOS IPS now using v5 signatures, (just like the sensor appliance), the ability to setup up IOS is not as simple, but very important. The intention of this post is to provide a streamlined process to use as a jumpstart into IOS IPS. For full details, examples and explanations, please refer to our lab workbooks. Both RS and Security cover the topic.   Lets get started!

First, we need a place for IPS configuration files to call home. IPS wants a folder. Lets make a directory on the router flash. Optionally if there were other IOS file systems present, we could use those writable file systems as well.

R6#mkdir ips
Create directory filename [ips]?
Created dir flash:/ips
R6#

Read the rest of this entry »

The new Core Knowledge Simulator Testing Engine is coming along nicely thanks to our partner, Graded Labs. We are behind schedule, however. We are attempting to incorporate all of the desired features and more. I will be blogging about a new expected date of release for that custom engine soon.

In the meantime, I have added a node to the R&S and Security simulators called More Questions. Our instructors will be working daily to add new and improved Core Knowledge questions to these simulators often.

Of course, new questions are also being added to the latest Service Provider Core Knowledge Simulation.

Many of you have been asking about a Voice Core Knowledge Simulation product and we will be sure to announce a date of release soon.

Enjoy the new questions everyone, and remember the goals of these products:

• Pinpoint your areas of weakness on Core Knowledge
• Provide study documents to improve in these weak areas
• Practice with question interpretation and your short-answer responses

We are putting the final touches together for the CCSP bootcamp that is launching soon.  (PS, it is going to ROCK! ) As I was going through the demo’s on L2 security, I was reminded of how this topic is often an Achilles heel for many CCIE candidates, both R/S and Security.

This blog post is to refresh your memories and provide some examples  for layer 2 security on the Catalyst switch. We will begin with DHCP snooping. Read the rest of this entry »

Feeling smart?   Give these Security CCIE core knowledge questions a try.  Click here for part 3 of this series.

Let us know what you feel the answers are, and good luck!

Implement Identity Management
Based on the example below, what commands will bob have the ability to use within the IOS?

enable secret cisco
username bob password cisco
username bob privilege 15
aaa new-model
aaa authentication login default group tacacs
aaa authorization config-commands
 Read the rest of this entry »

INE would like to thank Nadeem Rafi for this guest blog post on using GNS3 with Ubuntu! Nadeem is one of our prized CCIE 2.0 Self-Paced students currently studying hard for his CCIE R&S exam. You will often see Nadeem in the INE Online Community working with his fellow students. Nadeem is currently enjoying 100 rack rental tokens from Graded Labs for his excellent post here!

Installing and Dual Booting Ubuntu

Linux is a stable Operating System and applications that do intense calculations can be handled in a more optimized way, as compared to other proprietary Operating Systems. Perhaps one of the best things, however,  is the fact that it is free and can co-exist with other Operating Systems.

Read the rest of this entry »

As many of you know – I am NOT the Dynamips guru around here. For advanced questions on GNS3 and or Dynamips, I immediately direct students to our forum on ieoc.com. That is where all the emulating whiz kids hang out. With that said, I like to have a copy running on every computer I own. While I do not do full practice labs on the platform (I use Graded Labs for that), I love to be able to build little mini-scenarios on the fly whenever I quickly need to test a feature.

Last night I purchased Windows 7 Home Premium and set out to eradicate Windows Vista, doing a “clean install” for the upgrade. I thought I would walk you through the installation of GNS3 on this system as I heard that students have been having issues. Well, here we go (fingers crossed!): Read the rest of this entry »

Using an IPS Sensor, we can dynamically apply rate limiting/policing on a router interface, based on a signature match or an event action over-ride, which is generated on the sensor appliance.   Ok, I know there is no Sensor Appliance in the RS lab, but what if we need to trigger a rate limit of specific traffic, destined to a router, based on current conditions on that router, such as transmit or receive loads on an interface.

This is a job for, da dada dahhh: Embedded Event Manager (EEM).  In this example we will create a service policy which we will apply to the control plane based on a interface threshold being exceeded.  Full labs on Embedded Event Manager can be found in our RS v5 Vol1 workbook in  “System Management“.  Let’s break down the individual steps, first for the control plane policing policy, and then the EEM to apply it. Read the rest of this entry »