Posts from ‘Uncategorized’
We are excited to announce that our CCIE Voice Core Knowledge Simulator has been released! You can try out a sample here. So far, the first 100 questions have been released, and will be followed shortly by additional updates.
The simulation is designed to help prepare candidates for the newly added “open ended” section of the 3.0 Voice CCIE Lab Exam. This new section of the exam consists of four computer based, short-answer questions which candidates have 30 minutes to complete.
The simulator is designed to:
* Pinpoint your areas of weakness on Core Knowledge
* Provide study documents to improve in these weak areas
* Practice with question interpretation and your short-answer responses
Enjoy the questions, and as always, good luck with your studies!
IOS IPS is fair game for the CCIE Security and CCIE R/S labs. With IOS IPS now using v5 signatures, (just like the sensor appliance), the ability to setup up IOS is not as simple, but very important. The intention of this post is to provide a streamlined process to use as a jumpstart into IOS IPS. For full details, examples and explanations, please refer to our lab workbooks. Both RS and Security cover the topic. Lets get started!
First, we need a place for IPS configuration files to call home. IPS wants a folder. Lets make a directory on the router flash. Optionally if there were other IOS file systems present, we could use those writable file systems as well.
R6#mkdir ips Create directory filename [ips]? Created dir flash:/ips R6#
We are putting the final touches together for the CCSP bootcamp that is launching soon. (PS, it is going to ROCK! ) As I was going through the demo’s on L2 security, I was reminded of how this topic is often an Achilles heel for many CCIE candidates, both R/S and Security.
This blog post is to refresh your memories and provide some examples for layer 2 security on the Catalyst switch. We will begin with DHCP snooping. Continue Reading
Feeling smart? Give these Security CCIE core knowledge questions a try. Click here for part 3 of this series.
Let us know what you feel the answers are, and good luck!
Implement Identity Management
Based on the example below, what commands will bob have the ability to use within the IOS?
enable secret cisco username bob password cisco username bob privilege 15 aaa new-model aaa authentication login default group tacacs aaa authorization config-commands Continue Reading
Benjamin Franklin was quoted as saying “You may delay but time will not“. We may also say that “Email may tolerate delay, but VOIP will not“. Performance Routing (PfR), previously called Optimized Edge Routing (OER), is designed to Continue Reading
What does RITE and the v4 CCIE blueprint have in common? Section 10.04 If you are new to RITE, or would like to know more about it, read on.
Router IP Traffic Export, (RITE), allows the forwarding of unaltered IP packets from a router interface to memory or to a specific MAC address on a locally attached network. A likely candidate being the MAC address of a network analyzer or Intrusion Detection System. Continue Reading
Sooo…. Picking back up where we left off yesterday. We we last left our heroes they were in a bind because we had mentioned that there was going to be authentication on the links but we spent too much time trying to PING with ourselves. (We did wash our hands, right?)
To get you back on track with the configurations up to this point:
INE-R3(config-if)#do sh run | s host|Serial1/0|Virtual|Loop hostname INE-R3 interface Loopback0 ip address 188.8.131.52 255.255.255.0 interface Serial1/0 no ip address encapsulation frame-relay frame-relay interface-dlci 305 ppp Virtual-Template35 interface Virtual-Template35 ip unnumbered Loopback0 ppp multilink INE-R3(config-if)# INE-R5(config-if)#do sh run | s host|Serial0/0/0|Virtual|Loop|Multi hostname INE-R5 interface Multilink53 ip address 184.108.40.206 255.255.255.0 ppp multilink ppp multilink group 53 interface Serial0/0/0 no ip address encapsulation frame-relay frame-relay interface-dlci 503 ppp Virtual-Template53 frame-relay lmi-type cisco interface Virtual-Template53 no ip address ppp multilink ppp multilink group 53 INE-R5(config-if)#
As a Cisco employee you are eligible to receive special pricing from INE. Just create a Members’ site account using your @cisco.com email address and login. Once logged in you will see a special banner with the pricing details. You can click on the banner for additional details in regards to the pricing along with information about our Cisco Employee Referral Program.
Please note that you will need to use your @cisco.com email address to be eligible for this special pricing. If you already have Members’ site account associated with your @cisco.com email address you just need to login to view the pricing information.
Good luck with your studies!
Note: Full working solution is located at the end of the document.
Change was in the air, and Bob knew it. Bob had simply been ignoring the fact that the existing IPSec site to site tunnels that he inherited at his company were old school, and there were better options, especially when plans included bringing up dozens of new sites. Since his company was going to be purchasing MPLS services, Bob was open to learning better ways of implementing secure tunnels. In Bob’s studies, he read a article written by Petr Lapukhov on DMVPN and was very interested. Bob’s glee was short lived when he learned that when the spokes of DMVPN had to build tunnels to other spokes, it was not quick enought for voice traffic. Bob learned that the latency happens when setting up the IKE phase 1 and 2 tunnels between the spokes. Then Bob chanced upon one of INE’s blog posts regarding GET VPN, and learned that with GET (Group Encrypted Transport), there was no need to build the tunnels between spokes, and therefore less latency. This would solve the latency issue for time sensitive traffic, and still have the benefits of encryption! It sounded almost too good to be true.
After returning from vacation, Bob (the optimistic firewall technician) decided that he wanted to take some time and get a little bit more familiar with firewall configuration. He was able to get permission to use some spare equipment for practice.