Posts Tagged ‘ccie2.0’
IPv6 multicast routing is a fun topic, and is often either loved or avoided . Here is a jump-start for all my CCIE candidate friends.
Readers digest version: “Auto-RP is out, Dense-mode is out, IGMP is replaced with Multicast Listener Discovery (MLD). MLDv2 supports SSM. RPs, Bi-directional PIM, SSM, ASM and BSRs are still alive and well, and we can now avoid static RPs and BSR if we choose to use embedded RP within the multicast packets themselves. (Crazy and amazing stuff).
Want a little more? Then read on. In this multi-part blog, we will discuss static RP, BSR, and Embedded RP. This first blog will discuss static RP, with some examples that will assist you in getting started. For those of you who subscribe the open lecture series, I will be including all three RP options in a discussion there as well.
Here is the topology we will use:
Here is some additional info on the topology. Continue Reading
IOS IPS is fair game for the CCIE Security and CCIE R/S labs. With IOS IPS now using v5 signatures, (just like the sensor appliance), the ability to setup up IOS is not as simple, but very important. The intention of this post is to provide a streamlined process to use as a jumpstart into IOS IPS. For full details, examples and explanations, please refer to our lab workbooks. Both RS and Security cover the topic. Lets get started!
First, we need a place for IPS configuration files to call home. IPS wants a folder. Lets make a directory on the router flash. Optionally if there were other IOS file systems present, we could use those writable file systems as well.
R6#mkdir ips Create directory filename [ips]? Created dir flash:/ips R6#
We are putting the final touches together for the CCSP bootcamp that is launching soon. (PS, it is going to ROCK! ) As I was going through the demo’s on L2 security, I was reminded of how this topic is often an Achilles heel for many CCIE candidates, both R/S and Security.
This blog post is to refresh your memories and provide some examples for layer 2 security on the Catalyst switch. We will begin with DHCP snooping. Continue Reading
Feeling smart? Give these Security CCIE core knowledge questions a try. Click here for part 3 of this series.
Let us know what you feel the answers are, and good luck!
Implement Identity Management
Based on the example below, what commands will bob have the ability to use within the IOS?
enable secret cisco username bob password cisco username bob privilege 15 aaa new-model aaa authentication login default group tacacs aaa authorization config-commands Continue Reading
Benjamin Franklin was quoted as saying “You may delay but time will not“. We may also say that “Email may tolerate delay, but VOIP will not“. Performance Routing (PfR), previously called Optimized Edge Routing (OER), is designed to Continue Reading
What does RITE and the v4 CCIE blueprint have in common? Section 10.04 If you are new to RITE, or would like to know more about it, read on.
Router IP Traffic Export, (RITE), allows the forwarding of unaltered IP packets from a router interface to memory or to a specific MAC address on a locally attached network. A likely candidate being the MAC address of a network analyzer or Intrusion Detection System. Continue Reading
Using an IPS Sensor, we can dynamically apply rate limiting/policing on a router interface, based on a signature match or an event action over-ride, which is generated on the sensor appliance. Ok, I know there is no Sensor Appliance in the RS lab, but what if we need to trigger a rate limit of specific traffic, destined to a router, based on current conditions on that router, such as transmit or receive loads on an interface.
This is a job for, da dada dahhh: Embedded Event Manager (EEM). In this example we will create a service policy which we will apply to the control plane based on a interface threshold being exceeded. Full labs on Embedded Event Manager can be found in our RS v5 Vol1 workbook in “System Management“. Let’s break down the individual steps, first for the control plane policing policy, and then the EEM to apply it. Continue Reading
Cheers from London! I learned this week that a “Christmas Cracker” is not a food item, OR a person. There is so much to know. I am grateful for students willing to show me the ropes here in the UK. Thank you all. Now on to the topic at hand.
Here is an MPLS troubleshooting scenario, that has 1 (one,одну,un,uno) configuration issue. Can you spot it? Lets get to it! Here is the diagram.
Problem: Clients on the 184.108.40.206 network are not able to ping the server, or any other devices, on the 220.127.116.11 network. Your challenge, based on the provided IOS show commands only, is to identify the 1 configuration problem that is causing the network failure.
For Part 2 of this series, click here.
The following questions will be added to the Core Knowledge Simulation engine. Answers will be provided in the comments section.
Implement Identity Management
Refer to the diagram. The software running on the PC performs what role? Continue Reading
Every once in a while I come across a tip that is so exciting I want to share it with the world. I was recently going through one of the many posts I read, and saw the answer to a question that I have been wondering about for many years. Awesome job to Steve Shaw who came up with this. Here is the scenario. Continue Reading