Posts Tagged ‘vol2’
I enjoyed Petr’s article regarding explicit next hop. It reminded me of a scenario where a redistributed route, going into OSPF conditionally worked, depending on which reachable next hop was used.
Here is the topology for the scenario:
Here is the relevant (and working ) information for R1. Continue Reading
yesterday we posted another VOL2 lab to all subscribed member’s account. The lab is a full-scale 8 hour mock exam aimed to prepare you for the real CCIE Security exam. The updated material covers the following new features found in CCIE Security v3.0 bluepring: IPSec VTI (Virtual Tunnel Interface), CBAC Enhancements (found in IOS 12.4), NVI (NAT Virtual Interface), GET VPN (Group Encrypted Transport VPN), Control Plan Protection (an enhancement to Control Plane Policing), SNMPv3 (secure form of SNMP). And of course, more updates for IEWB-SC VOL1 and VOL2 are coming this month!
as promised before, updated Security VOL2 Lab1 has been posted to all subscribed members accounts. The new lab features completely new diagram (I hope you guys like it and significants updates to its contents. Alongside with removing the PIX and VPN3k sections we’ve added tasks covering such topics as IPsec VTI, Zone-Based Firewall, IPS virtual sensors/VLAN groups, ASA reliable static routes, 802.1x authorization and a few more goodies to this lab. The updated content should be less “crazy hard” than its v3.0 predecessor and better mimic the difficulty of the real exam. Still, it was designed to be *harder* than the real stuff, just to make sure you don’t relax too much and don’t let your guards down Anyways, enjoy the first update in the series! We plan to post updates periodically and finish the whole process in June.
For you CCIE-RS folks waiting for the BGP section to be posted. Our apologies for the delay, we’re working to get it done ASAP. The section appears to be bigger than we estimated before, and it may take an extra week to finish it. We’ll try to make an intermittent update by the end of this week, covering at least some of BGP Section tasks. Thank you for your patience!
Labs 4 and 5 in the CCIE Routing & Switching Lab Workbook Volume 2 Version 5.0 is now posted on the members site. More labs in this series will be posted shortly, along with more updates to Volume 1.
Lab 3 for our CCIE Routing & Switching Lab Workbook Volume 2 Version 5.0 is now posted on the members site. A Lab Meet-Up for this scenario is scheduled today at 10:00 Pacific time (GMT -8). The Class-on-Demand version will be posted shortly afterwards. More labs in this series will begin posting next week, which will give people more time to actually configure the scnearios before attending the Lab Meet-Ups.
Also, Lab Meet-Ups will resume running on a weekly basis (starting today). More detailed scheduling information will be available on this shortly. Hope to see you there!
Recently, a number of changes have been made to our IEWB-VO VOL1 and VOL2 products. Specifically, all the tasks have been verified, some bugs fixed, more breakdowns and comments added. Currently, there are 63 technology-focused mini-scenarios an 7 completely independent full-scale mock labs available.
We’re working on making VOL1 (mini labs) more informative, by expanding the breakdowns and incorporating screenshots in additional to detailed configuration steps description. The next step is to add extra labs covering the new v3.0 voice lab content. For more information on IEWB-VO products please refer to:
In this post we will give a brief overview of the upgrade path from CCIE Security v2.0 blueprint to v3.0. First off all, let’s start with the good news to everyone who was preparing using the old blueprint: most of things you have learned are incorporated smoothly in the new blueprint. Basically, the only thing to forget is your VPN3k configuration skills Everything else either remains the same or experiences an “incremental update”, like LAN-to-LAN VPNs with IPsec VTI interfaces. Let’s quickly review the changes made to the hardware and how they could potentially affect you.
- Removal of the PIX and VPN3k devices, which is natural as both are EOL and EOS. Therefore, forget all about VPN3k menu system and enjoy the simpler topology without the PIX However, to some people, getting a PIX is more affordable than getting an ASA. In this case, remember that the latest software release supported by the PIX is 8.0(4) (not the 8.1) and you cannot configure SSL VPN on PIX. Still, you can practice almost 90% of all the firewall features using the PIX.
- Change from the Catalyst 3550 to 3560 models. From the security features standpoint, nothing has seriously changed. You can even continue using the older 3550 model, as they are probably cheaper to get nowadays.
- The so much awaited upgrade from IOS 12.2T to IOS 12.4T. First of all, this might require a change in the hardware platforms you are using. If you were using non-ISR or non-2600XM routers, you will need to change the hardware platform to at least 2600XM with full flash/RAM memory (to run the Advanced Security feat. set) or the 1841 ISRs. Note that using Dynamips you can play with all 12.4T features without getting your hands around any real gear. Secondly, 12.4T introduces a ton of new features, as compared to the dusty 12.2T. However, it’s not that scary as it might look like. Most of the new security features relate to IOS PKI, some AAA enhancements, bunch of advanced VPN topics and infrastructure security. Probably, all the most notable features are VPN/Firewall related: IPsec VTI, WebVPN/SSL VPN support in IOS, DMVPN Phase3, GET VPN; Zone-Based and Transparent firewall, CBAC enhancements. Later in this document we will see those features detailed as the upgrade list of the new SC VOL1 labs.
- ASA software upgrade from 7.x to 8.x. While is a major version jump, it does not imply the huger change in the CLI as it was with the upgrade from 6.x to 7.x. There is quite a bunch of new features in 8.x code (you will see the list later) but most of them are minor ones. Most likely you will enjoy things like Dynamic Access Policies, LDAP Authentication and Authorization, Secure Desktop Enhancements, EIGRP Support (who needs that?:), Transparent Firewall NAT and Traffic Shaping. However, if you are solid with the code version 7.x you wont face big problems mastering the new topics.
- IPS software upgrade from 5.1 to 6.1 and the platform change to 4240. The catch here is that IPS v6.1 does not support many older IDS/IPS appliances, such as 4215 or 4235 and getting a 4240 might be expensive. However, there is some good news still. The CLI has not changed as much as it did with the 4.x to 5.1 upgrade, and all your 5.1 knowledge remains valid and up to date. The most notable new features are Virtual Sensors, Anomaly Detection, Threat Rating and the new IPS Manager Express. If you are OK with doing all your configurations via CLI, you can stick with IPS v6.0 which you could run on the older platforms (4215, 4235) as there are just minor differences between 6.0 and 6.1 (mostly related to IPS Manager Express). Probably the best news is that the old 4215 platform could be successfully emulated in VMware.
Now, let’s look at the v2.0 to v3.0 upgrade path that you can take with out products. Below is the list of the VOL1 technology labs. You can see the outdated topics being deleted and the new topics (which are being developed) highlighted. Naturally, many older labs remain perfectly valid for the new track, and you can continue practicing them while waiting for the upgrade being released. We also decided to keep the NAC labs, even though NAC is not on the current blueprint, mostly because it gives you a perfect scenario for advanced ACS configuration. Of course, if you own our current v2.0 products, you will receive the v3.0 updates free of charge.
IEWB-RS Volume 2 Version 5 Lab 2 is now available for download on the members site. The solutions will be posted tomorrow morning. I hope to see you all at the lab meetup tomorrow to discuss the scenario.
Update: The lab document and solutions have been updated and are now available on the members site. The lab meetup CoD will be posted tomorrow.
Labs 1 and 10 of the new CCIE Routing & Switching Lab Workbook Volume 2 Version 5 (IEWB-RS) are now available on the members site. All users with an active subscription to version 4.1 should automatically see the R&S Lab Workbook Volume II Version 5.0 Beta link when you login. The lab meetup for lab 10 is scheduled for 9am Pacific time this Thursday.
Hope to see you there!
The new CCIE R&S Lab Workbook Volume 2 Version 5 Lab 1 is now available. Click here to download it. Also the first of our new CCIE R&S Lab Meet-Up Series, starting today at 9:30am Pacific time, is open to all users. Simply follow this link to join: http://ieclass.internetworkexpert.com/vol2v5lab1/ If you are planning on attending I would highly recommend printing out the lab and its diagram prior to us starting, as the majority of the class will be held on the command-line.
The schedule of following lab meet-ups will be posted shortly, as well as a projected timeline for the release of the rest of the volume 2 version 5 labs.
Hope to see you on class!