Robert Williams, CEO of Certguard, the self-proclaimed “I hate braindumps” vigilante organisation has publicly defamed Ethan Banks on this website

http://www.networkworld.com/community/node/28444

Mr Williams has claimed that Ethan has used Testkings to study for his Written Exam and as such Ethan should have his CCIE Status revoked.  Now, anyone who has pursued CCIE, is in the process of CCIE, or has otherwise supported someone in their pursuit, knows how long and arduous the process is.  Ethan has only said the content in these dumps is what the exam material is based on, not that he used it as his only study guide.

I reviewed some of the older TestKing material during my final review, although it wasn’t a major focus. The good news is that the TK stuff has a lot of the concepts you need to know. But if you’re looking for actual questions that will show up on the exam, I didn’t see that in any of the TK material I looked at.

Now…  Can anyone see in this quote where Ethan advocates using this material?  All he says are the concepts are there.  Nothing more.  If he only relied on Testking to study, as opposed to knowing the material, then he would not have been able to pass his written.  I think that is pretty simple.

The beauty of CCIE is you cant pass it by dumping.  I am sure we have seen vendors promoting their “real” labs…  But can you memorise eight hours of typing?  If one question about L3 changes, then that will ruin your whole topology!  You must know the material… Simple as that.

I can understand the crusade that Certguard are undertaking, and what the deal with dumping for exams does.  They even have a section where sites are combed to see if they promote dumps or not.  Have a look and see what he thinks of my site! :)  www.certguard.com However, I think the attack on Ethan is unjustified and is nothing more of an exercise to scapegoat a hard working individual and generate traffic/income/hits/interest in a site that people may not have known about before.

Now… on to EIGRP!

Back in the saddle again.  The past week or so I have been working on switching and frame-relay mainly.  I feel I am pretty much across these topics.  Trouble is, and what scares me is they (especially frame-relay) just seems a little too easy.  Last thing I need is to settle into some complacent state thinking I know everything when really I am leaving something out.

I have been looking a lot at these topics because if your L2 is broken nothing else will work.  I will put a similar amount of effort into OSPF/EIGRP/BGP too.  If I lose (say) 5 points because I completely screw multicast then that’s too bad.  If I screw IGP then I have the potential to lose a hell of a lot more.  This does not mean I will ignore QoS/Multicast/IPServices, but I think these topics are a hell of a lot more granular and also don’t have the dependency that L2/L3 does.

Now… onto EIGRP for the next few days then I will drill OSPF more than a couple on their honeymoon night.

To configure DHCP Snooping:

Static IP:

ip dhcp snooping

ip dhcp snooping vlan xxx

ip source binding MAC vlan xxx IP interface zzz
interface zzz

ip verify source

MAC + IP:

ip dhcp snooping

ip dhcp snooping vlan xxx

ip source binding MAC vlan xxx IP interface zzz

interface zzz

switchport port-security (etc)

ip verify source port-security

Whats the difference? Well… In the first example, the switch will not filter based on MAC address. If the wrong IP comes in on interface zzz (as specified by ip source binding) then the switch will drop the traffic. In the second example, configuring port security will drop traffic if the MAC address learned via port-security is incorrect. The second example will ALSO filter rogue IPs. The two are not mutually exclusive.

DAI:

ip arp inspection vlan xx

ip arp inspection filter ACL vlan xxx static

arp access-list ACL

permit ip host IP mac host MAC

Cheers

I still have pages of notes from the bootcamp to type out!  Been busy!

Yesterday I went to go and book my lab.  “Sorry you sat your written more than 18 months ago”  So what to do?

Call VUE and book an exam, that’s what!  So I booked it and passed it.  One less thing to worry about.

One thing I do wonder though…  Do Cisco get the score report and give me a Lab that has high scores in areas I didn’t do so well in?  For example, if I scored 0 for IPv6 would I get 15 IPv6 points in the lab?  If I scored 100% for BGP in the written would I only get 4 points for BGP in the lab?  etc etc

Narbik’s bootcamp is over and I rate it VERY highly.  I’ll post up the rest of my notes later when I get around to it.

 

Here are some links I found which help, some more obscure than others, some not proving anything too difficult and really are quite random but they helped me on things and clarified the odd command I wasnt too sure on or was otherwise new.

BGP ORF:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11borf.html

 

Class based policing:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/cls_bsd_policing_ps6922_TSD_Products_Configuration_Guide_Chapter.html

 

Frame-relay traffic-shaping from IE.  Good article!

http://blog.internetworkexpert.com/category/ccie-routing-switching/frame-relay/

 

BGP ttl-check, easily done… Just alternatives to ebgp-multihop too.

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html

 

IP Routing Protocol reference:

http://www.cisco.com/en/US/docs/ios/12_3/iproute/command/reference/ip2_a1g.html

 

Voice traffic adaptive-shaping:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_vats.html

 

 

 

I slept in this morning…  I was exhausted last night.  I know I havent updated my notes for two days.  I’ll need to sort those out later.

 

Today we are doing QOS, Security and tips & tricks.  Plus anything else left over.

My beloved Chelsea lost the European Cup final this morning on Penalties to Manchester United.  I woke up at 4am to see this… After staying up all night doing BGP labs.

Today we are doing Multicast, RIPv2 and IP Services.

If we won I would see if I could make the drive down to the Cisco office and do the lab today I would have been so high… But alas Chelsea falter again.  I have been supporting them way too long and should have expected this.  Hopefully I last the day.  Hopefully I don’t see anyone wearing a United shirt too.  For the record, my Chelsea shirt is staying in the drawer today.

Some rough notes- Ive been up a long time

Summarising:

ip summary-address eigrp xxx a.b.c.d mask leak-map yyy

leak-map will advertise specific routes that match the route-map yyy.  If route-map yyy does not exist, then no specifics are advertised.  If route-map yyy exists, but the ACL in yyy is not there then is matches any, therefore will advertise ALL specifics as well as the summary. No leak-map advertises the summary only.  Multiple summaries are allowed, unlike RIPv2.

Authentication:

md5 only.  key-chain

ip authentication key-chain eigrp ASNUM xxx

ip authentication mode eigrp ASNUM xxx

 

Default route injection:

interface#ip summary-address eigrp xxx etc -> best way!

router#ip route 0.0.0.0 0.0.0.0.0 null0

router#network 0.0.0.0

redistribute static/connected etc is bad in EIGRP because the external AD is 170

ip default-network w.x.y.z -> classful network, network must be advertised into EIGRP

 

router#no default-information allowed in -> stops the propagation of default route if received elsewhere via ip default-network command

Metric:

Betty Doesnt Really Like Much - Bandwidth (kbit), Delay (sum of all delays), Reliability (x/255), Load (x/255), MTU (bytes)

((sum of all delays/10) + (10,000,000/lowest BW in path)) x 256 = metric

to change:

router# metric weight 0 a b c d e -> 0 = TOS (always 0) a = K1 (BW multiplier) b = K2 (load multiplier) c = K3 (delay multiplier) d = K4 (reliability multiplier) e = K5 (reliability multiplier).  

[K1*BW + (K2*BW)/(256-Load) + K3*Delay] * [K5/(Reliability + K4)]

Default is: EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

 

Stub networks:

Suppresses transit eigrp updates.  Will receive updates, but will not pass down to downstream neighbours.

R1(config-router)#eigrp stub ?

  connected      Do advertise connected routes

  leak-map       Allow dynamic prefixes based on the leak-map

  receive-only   Set IP-EIGRP as receive only neighbor

  redistributed  Do advertise redistributed routes

  static         Do advertise static routes

  summary        Do advertise summary routes

 

Waiting for some routers to reload between Labs.  May was well put the time to good use.  Today we went all through OSPF with a fine tooth comb.  Once dissected with the comb, each strand was further splayed and examined under a microscope.  We then held a magnifying glass over the eyepiece of the microscope, then we projected it onto a wall and magnified it about a million times.

I think you get the idea.

I think I learned more about OSPF today that what I have in my 10 years of commercial/professional/telco/ISP experience.

I wanted to break things up a little so I did some IPv6 labs (mainly RIPng) over the past hour or so.  I’ll put some of my well dodgy notes from today’s OSPF lectures down, do some IPv6/OSPFv3 labs then later do some OSPFv2/IPv4 labs.

Here we go:

(this is meant to be a table - dont laugh.  Im a network guy not a web guy)

LSA Type  Advertised by?   Routing table entry    ”show ip ospf database ?”

1                    all                           O                                 router

2                     DRs                      -                                  network

3                  ABRs                       IA                               summary

4                    ABR                      -                                   asbr-sum

5                   ASBR                       E2/E1                          external

6                MOSPF                         -                                 *ignore lsa mospf

7                ASBR-NSSA                N1/N2                      nssa-external

 

I’ll just like to add that I think, even after all this time, “not so stubby area” sounds funny.

 

OSPF states - what’s happening?

Down - hellos sent, none received

INIT - received hello

2WAY  - hellos & router-ids exchanged, DR election

EXSTART - DR & BDR adjacency, DR & others master/slave

EXCHANGE - DDP packets, database exchange

LOADING - LSR/LSU/LASCK

FULL - wheeeeeeeee

 

ip ospf retransmission interval

 

If LSACK doesnt come, neighbour is considered down after dead timer expires

State can be FULL, but routes wont be inserted into routing table unless network types are ok

 

Your OSPF is stuck somewhere?

DOWN - interface down, no neighbour statement for non-broadcast

INIT - ACL blocking, corrupt DB

2WAY - DR to DROTHER

EXSTART/EXCHANGE mtu mismatch- fix mtu or ip ospf mtu-ignore

LOADING - bad LSAs coming in (why?), Hardware problem (usually RAM)

FULL - network types not matching

 

Network types:

Broadcast - Ethernet, 10/40 hello/dead, DR/BDR election. 224.0.0.5|6 multicast addresses, next hop = originating router, not advertising router.

non-broadcast - Frame-relay, 30/120, DR/BDR (needs neighbour command), next-hop originating router

point-to-multipoint (broadcast) - partial mesh Frame-relay, 30/120, no DR/BDR, 224.0.0.5 (ie no DR address, just 224.0.0.5 all OSPF address), next-hop advertising router - special O routes

point-to-multipoint non-broadcast - needs manual neighbour command and cost.  Used for non-equal bandwidth so you can influence routing:

(warning! ASCII art!)

_________1_______

|                          |

2                         3

|                          |

_________________

Say 1 has 1.5M link, 2 has 128k, 3 has 64k.

on 1:

router ospf 1

neighbor 2 cost 32

neighbor 3 cost 64

etc

 

fast neighbour down detection?

ip ospf dead-interval min hello-multiplier x

Dont run debugs when doing this… Unless you dont want to log into the router again

 

Authentication:

 

                    Area        Interface

enable      router            int

apply           int              int

 

Summarising:

R1———2———-3————-4

lets say R1 has a few loopbacks on it you wish to summarise.

if R1 is ASBR (summarising LSA type 5s and 7s)

summary-address xxx

if R2 is ABR (LSA type 1s):

area range xxxxx/yy

 

Filtering:

1——–2————-3———4(RIP)

          5

R1-R2-R5 area 1, R2-R3 area 0, R3-R4 area 2

LSA1  1) distribute-list on local router (on R5)  2) area 1 range xxxxxx not-adv (on R2)

LSA3  3) dl on local router, 4) IP prefix list (on R3)

ip prefix-list TEST seq 5 deny 1.0.0.0/8

ip prefix-list TEST seq 10 permit 0/0 le 32

area 2 filter-list prefix-list TEST in

 

LSA5 or 7  5) DL on each router, 6) distribute-list out on R4 (ONLY TIME outbound), 7) summary-address x.x.x.x not-adv on ASBR R4

 

DB filtering:

if# ip ospf database-filter all out  -> blocks all outbound LSAs

router# neighbor X database-filter all out  -> must be point-to-multipoint

 

Cost:

reference/BW = cost   default ref=100

if changing, change on all routers

router# auto-cost reference-bandwidth xxx

you might need to configure all routers so that 10M Ethernet links have a cost of 85 etc

 

DB overload protection:

out: redist maximum-prefix xxx warn%

in: max-lsa xxx warn etc

I cant sleep.  What a fantastic opportunity!  I can do more labs!

I’ll do the rest of the frame-relay labs now.  If I have time left before class (we are doing OSPF and EIGRP today) I might see if I can squeeze in RIPv2 and/or IPv6 before Narbik beats us about the head with LSA floods and Not So Stubby Areas and the like.