Hello everyone,

We are excited to announce that our CCIE Voice Core Knowledge Simulator has been released! You can try out a sample here. So far, the first 100 questions have been released, and will be followed shortly by additional updates.

The simulation is designed to help prepare candidates for the newly added “open ended” section of the 3.0 Voice CCIE Lab Exam. This new section of the exam consists of four computer based, short-answer questions which candidates have 30 minutes to complete.

And as Anthony Sequeira has stated with our other tracks, the simulator is designed to:

* Pinpoint your areas of weakness on Core Knowledge
* Provide study documents to improve in these weak areas
* Practice with question interpretation and your short-answer responses

Enjoy the questions, and as always, good luck with your studies!

IOS IPS is fair game for the CCIE Security and CCIE R/S labs. With IOS IPS now using v5 signatures, (just like the sensor appliance), the ability to setup up IOS is not as simple, but very important. The intention of this post is to provide a streamlined process to use as a jumpstart into IOS IPS. For full details, examples and explanations, please refer to our lab workbooks. Both RS and Security cover the topic.   Lets get started!

First, we need a place for IPS configuration files to call home. IPS wants a folder. Lets make a directory on the router flash. Optionally if there were other IOS file systems present, we could use those writable file systems as well.

R6#mkdir ips
Create directory filename [ips]?
Created dir flash:/ips
R6#

Read the rest of this entry »

We are putting the final touches together for the CCSP bootcamp that is launching soon.  (PS, it is going to ROCK! ) As I was going through the demo’s on L2 security, I was reminded of how this topic is often an Achilles heel for many CCIE candidates, both R/S and Security.

This blog post is to refresh your memories and provide some examples  for layer 2 security on the Catalyst switch. We will begin with DHCP snooping. Read the rest of this entry »

Feeling smart?   Give these Security CCIE core knowledge questions a try.  Click here for part 3 of this series.

Let us know what you feel the answers are, and good luck!

Implement Identity Management
Based on the example below, what commands will bob have the ability to use within the IOS?

enable secret cisco
username bob password cisco
username bob privilege 15
aaa new-model
aaa authentication login default group tacacs
aaa authorization config-commands
 Read the rest of this entry »

Benjamin Franklin was quoted as saying “You may delay but time will not“.  We may also say that “Email may tolerate delay, but VOIP will not“.  Performance Routing (PfR), previously called Optimized Edge Routing (OER), is designed to Read the rest of this entry »

What does RITE and the v4 CCIE blueprint have in common? Section 10.04 If you are new to RITE, or would like to know more about it, read on.

Router IP Traffic Export, (RITE), allows the forwarding of unaltered IP packets from a router interface to memory or to a specific MAC address on a locally attached network. A likely candidate being the MAC address of a network analyzer or Intrusion Detection System. Read the rest of this entry »

Sooo…. Picking back up where we left off yesterday. We we last left our heroes they were in a bind because we had mentioned that there was going to be authentication on the links but we spent too much time trying to PING with ourselves. (We did wash our hands, right?)

To get you back on track with the configurations up to this point:

INE-R3(config-if)#do sh run | s host|Serial1/0|Virtual|Loop
hostname INE-R3
interface Loopback0
 ip address 173.100.0.3 255.255.255.0
interface Serial1/0
 no ip address
 encapsulation frame-relay
 frame-relay interface-dlci 305 ppp Virtual-Template35
interface Virtual-Template35
 ip unnumbered Loopback0
 ppp multilink
INE-R3(config-if)# 

INE-R5(config-if)#do sh run | s host|Serial0/0/0|Virtual|Loop|Multi
hostname INE-R5
interface Multilink53
 ip address 173.100.0.5 255.255.255.0
 ppp multilink
 ppp multilink group 53
interface Serial0/0/0
 no ip address
 encapsulation frame-relay
 frame-relay interface-dlci 503 ppp Virtual-Template53
 frame-relay lmi-type cisco
interface Virtual-Template53
 no ip address
 ppp multilink
 ppp multilink group 53
INE-R5(config-if)# 

Read the rest of this entry »

Cisco Employees,

As a Cisco employee you are eligible to receive special pricing from INE. Just create a Members’ site account using your @cisco.com email address and login. Once logged in you will see a special banner with the pricing details. You can click on the banner for additional details in regards to the pricing along with information about our Cisco Employee Referral Program.

Please note that you will need to use your @cisco.com email address to be eligible for this special pricing. If you already have Members’ site account associated with your @cisco.com email address you just need to login to view the pricing information.

Good luck with your studies!

Change was in the air, and Bob knew it.   Bob had simply been ignoring the fact that the existing IPSec site to site tunnels that he inherited at his company were old school, and there were better options, especially when plans included bringing up dozens of new sites.   Since his company was going to be purchasing MPLS services, Bob was open to learning better ways of implementing secure tunnels.    In Bob’s studies, he read a article written by Petr Lapukhov on DMVPN and was very interested.    Bob’s glee was short lived when he learned that when the spokes of DMVPN had to build tunnels to other spokes, it was not quick enought for voice traffic.   Bob learned that the latency happens when setting up the IKE phase 1 and 2 tunnels between the spokes.    Then Bob chanced upon one of Anthony Sequeira’s blog posts regarding GET VPN, and learned that with GET (Group Encrypted Transport), there was no need to build the tunnels between spokes, and therefore less latency.   This would solve the latency issue for time sensitive traffic, and still have the benefits of encryption!  It sounded almost too good to be true.

Read the rest of this entry »

After returning from vacation, Bob (the optimistic firewall technician) decided that he wanted to take some time and get a little bit more familiar with firewall configuration. He was able to get permission to use some spare equipment for practice.

  Read the rest of this entry »