Archive for the ‘Allgemein’ Category

Received the plaque …

Mittwoch, April 22nd, 2009

Two months after the lab exam, i received the plaque. Well it’s looking nice. Would be better if the font would not look frayed, but it does a bit, if you look at the characters in detail. All in all it’s ok. But a wooden border, like the plaques had before, would add some more value to it.

I gave it already a nice place.

Just came from a vacation. Did some cycling for about two weeks and continued my training for the ironman this year in Switzerland. In about three months in july 12, i will be in zuerich to do the:

3,6 km swim, 180 km ride, 42,195 km run

I have started learning for the written again. Think i will soon make the test. Maybe in about 3-4 weeks.

What’s next…

Freitag, Mรคrz 6th, 2009

Now it’s one week ago and i still sometime login to my cisco certification account and watch at the result of my exam. ๐Ÿ™‚

But what comes next? Have you thought about this before? Forward-looking i was already thinking about taking another path. Did want to have more knowledge about security. I was think about Service Provider also. But this is not as close to me, as security is, in the sense of building up a network. I take the path from LAN to WAN then after R&S, Security comes first and after that Service Provider. Had also already more experience in security and side effects will be better for me with security, i think. Also in April the security lab, will have some interesting updates as the pix and the concentrator will be removed from the lab.

Well, i have my little family and my son is still small. But now he is already close to his first birthday. Time runs, as i can just notice often.

So i will take the time i can spare to start the security track and start learning in the near future.

I will have to build my rack and have already seen that most of the devices can be build with dynamips/dynagen, pemu and vmware. So i will share my buildup and proceedings and populate my blog with more security topics in the future.

Will have some holiday also, if you think now, i should take that first.

#23664

Freitag, Februar 27th, 2009

DID IT! DID IT! DID IT! Can’t believe it still. I am happy. ๐Ÿ™‚ Long way has ended and new journey beginns. What a relief! Fantastic.

CCIE Number 23664. Yesterday in Brussels.

Free graded lab by ipexpert including 8 hours rack access

Freitag, Februar 20th, 2009

Hi,

here is the good news, thanks to my colleague pointing to.

Everyone who wants to try a graded lab, can do this for free, including a free 8 hours rack rental session .

http://www.imakenews.com/ipexpert/e_article001347969.cfm?x=bf96L3k,bcHBn6KQ,w

Graded Labs IPExpert / IE / Cisco

Dienstag, Februar 17th, 2009

While IPExpert and proctorlabs has the grading feature for their labs, IE is now also the offering of the Poly Lab Assessment. I tried both and i can suggest both of them. While the Poly Lab is quite new, i tried it twice and the results have been interesting for learning. You can generate your own lab, depending on you skills. If you are novice, beginner, intermediate, advanced or expert in the different R&W topics. The lab questions are then generated on behalf of your skills. The difference to a mock lab is, that after you hit the grade button, your result will be generated in 5 minutes by tcl scripts. The mock lab will be graded by a human and you will get comments on your configurations.

The IPExpert labs have been also very interesting and grading has worked well.

You should try a graded lab. You will probably be astonished about how many errors you can make even with a first looking working configuration. That was for me also the most important thing. Since you will overlook many little errors looking at your own configuration. Many things you wont see that fast and the secure and more easy way to have a script grade you. Since it will not be able to overlook missing or wrong configurations parts. Very good for learning also.

If you are working at a Cisco Gold Partner, then you could also ask your Cisco SE for the ASET Labs. They have a grading machine in the back also from labgear.net. There are several different topics for about 4 hour sessions and also currently 6 different full time labs. All labs can be graded. These are very similar to the real labs, although they are not written by the CCIE Lab team from Cisco. But most important thing is, that you will get them for free and they come from Cisco. You can get about 72 hours per month lab time from Cisco. Even if you just want to lab some things out, this is possible on Cisco’s lab equipment.

If you want to get in touch with the real Labs, you can try the Assessor Lab from Cisco. The will cost you about 200$ each. Still only two four hour labs available, but is also good for a try.

Source:

http://www.internetworkexpert.com/ccie-routing-switching-poly-labs-assessment.htm

http://www.ipexpert.com/index.cfm/product/sku/CCIE_RS_Lab_Graded_Assessment

http://www.cisco.com/warp/public/765/download/pep/aset_qualify.html

http://www.cisco.com/web/learning/le3/ccie/preparation/assessor_details.html

Changes to the CCIE lab exam

Sonntag, Januar 18th, 2009

Cisco has announced some changes to the CCIE exam. Especially to the CCIE lab exam for Routing and Switching. Other paths should follow. There will be an oral test within the 8 hours lab exam, about topics from the blueprint. Four to five questions will be asked by the proctor, to be answered by the candidate in about 10 – 15 minutes.

Answers will be counted into the overall score of the lab exam.

It seems Cisco want to find out those who just memorize solutions and can not tell anything about those topics, which are being currently configured. Everything is fair game and it’s a challenge and shouldn’t be to difficult if you have learned your lesson.

Here is the part of the text from the Cisco Announcement:

Effective February 1, 2009, Cisco will introduce a new type of question format to CCIE Routing and Switching lab exams. In addition to the live configuration scenarios, candidates will be asked a series of four or five open-ended questions, drawn from a pool of questions based on the material covered on the lab blueprint. No new topics are being added.

Source:

http://www.cisco.com/web/learning/le3/ccie/index.html


CCIE Wireless is there

Dienstag, Dezember 2nd, 2008

Interesting news. Wireless is a new topic on the plan. Now we have:

I still go for the Routing and Switching.

Source:

http://www.cisco.com/web/learning/le3/ccie/index.html

How to receive logging/traps with Linux from your dynamips with syslog-ng/snmptrapd

Samstag, November 29th, 2008

What are traps and informs and is it possible to have a NMS (Network Managment System) on your Linux box to receive those messages? Cisco Works is also NMS, you might try this also, it’s possible to install it under VMWare, i had some trouble with 3.1 on Windows 2003 Server Enterprise SP2 though. Complaining always about not enough space on drive c:, however i expanded the disc to have more than 25GB of free space. Still no success. So i got to the point, where i dropped LMS and tried to use already present programs on my Linux box. Would like to see LMS also on my VMWare maybe later.

First make sure you have connectivity to the outside world from your dynamips. Here is a link to an more detailed description http://blog.sazza.de/?p=355. In short you need a local interface that can be bridged. You create a bridged interface and setup this with IP adressing. I use a VMWare interface for this bridged interface. Here is my script:

ifconfig vmnet7 0.0.0.0
ifconfig vmnet7 down
brctl addbr br0
ifconfig br0 10.0.0.1 netmask 255.255.255.0
brctl addif br0 vmnet7
brctl addif br0 tap0
ifconfig br0 up
ifconfig tap0 up
ifconfig vmnet7 up
The tap0 is created from your dynamips.net file. Is use Router1’s secound FastEthernt Interface:

[[Router R1]]
model = 3725
console = 2001
autostart = False
slot2 = NM-1FE-TX
slot1 = NM-4T
F0/0 = SW1 F1/1
F0/1 = NIO_tap:tap0
Now i can use R1 F0/1 for connections to the outside world.

Check your syslog-ng configuration file, to enable a socket your syslog server listens to port 514/udp:

/etc/syslog-ng/syslog-ng.conf

source src {
#
# include internal syslog-ng messages
# note: the internal() soure is required!
#
internal();

#
# the default log socket for local logging:
#
unix-dgram(„/dev/log“);

#
# uncomment to process log messages from network:
#
udp(ip(„0.0.0.0“) port(514));
};

Then restart your syslog daemon by issuing „/ect/init.d/syslog restart“. Make sure you can see the socket listening with

hostname:/usr/share/snmp/mibs # netstat -lun
Proto Recv-Q Send-Q Local Address Foreign Address State
udp 0 0 0.0.0.0:514 0.0.0.0:*
udp 0 0 0.0.0.0:162 0.0.0.0:*
udp 6624 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 0.0.0.0:69 0.0.0.0:*

You might want do add port 514/tcp for syslog also listening to tcp logging messages. You can also log from your cisco router to any tcp port with:

R2(config)# logging host 10.0.0.1 transport tcp port 514

After this your system is able to recieve syslog messages und will log it into /var/log/messages for example. Check with „tail -f /var/log/messages“. Configure logging from a router with:

R2(config)# logging host 10.0.0.1

and produce some logging messages.

Next make sure that your local firewall does not block logging packets to your host.

You need at least ports:

514/udp

514/tcp

162/udp

At this point on your linux box start your

# snmptrapd -fa

You should have net-snmp-5.x.x installed (check with „rpm -qa | grep net-snmp“). This daemon also needs some kind of access configuration:

cat /etc/snmp/snmptrapd.conf

authCommunity log,execute,net CISCO
logoption f /var/log/snmptrapd.log
logoption s 2

/etc/snmp/snmpd.conf

mibs +ALL

Where CISCO is your community string. This is for SNMP v1 and v2c.

But you might want to download a list of MIBS from cisco first, to have snmptrapd support all kinds of cisco mibs. You can download them from ftp://ftp.cisco.com/pub/mibs/v1/v1.tar.gz and ftp://ftp.cisco.com/pub/mibs/v2/v2.tar.gz.

Just copy them to /usr/share/snmp/mibs (find out your mibs directory with „net-snmp-config –snmpconfpath“, where mibs should be a subdirectory, under your path for example /usr/share/snmp).

You should now be able to receive those mibs in your logfile /var/log/snmptrapd.log.

for example:

Nov 29 17:19:12 hostname snmptrapd[5824]: 10.0.0.2: Enterprise Specific Trap (.1) Uptime: 0:26:44.80, SNMPv2-SMI::enterprises.9.9.43.1.1.6.1.3.18 = INTEGER: 1, SNMPv2-SMI::enterprises.9.9.43.1.1.6.1.4.18 = INTEGER: 2, SNMPv2-SMI::enterprises.9.9.43.1.1.6.1.5.18 = INTEGER: 3

Or do an snmpwalk:

# snmpwalk -v2c -c CISCO 10.0.0.2

Reload your Cisco router with snmpset:

First enable system-reload:

snmp-server community CISCO RW
snmp-server system-shutdown

Then set the router ro reload (note dynamips router instance will crash, since reloading the router is only supported by dynagen console):

snmpset -c CISCO -v 2c 155.1.0.2ร‚ย  .1.3.6.1.4.1.9.2.9.9.0 i 2

Source:

http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd

http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications

http://www.net-snmp.org/wiki/index.php/TUT:Configuring_snmptrapd_to_parse_MIBS_from_3rd_party_Vendors

http://www.net-snmp.org/wiki/index.php/TUT:Using_and_loading_MIBS

http://tools.cisco.com/ITDIT/MIBS/servlet/index

LockLizard with new IE products, beta V5 workbook

Samstag, Juli 12th, 2008

I`m using linux only on my laptop. Sometimes i`m not able to connect to the internet maybe for about 2-3 weeks, for example when being on holiday in a little town with no access to internet at all, like this year. But IE is now using security protection for their files, that will prevent me from using these documents. I don`t understand their orientation. I have paid for these files and i don`t want the be treated as a someone untrustable. And also i want to use these documents to ease my work and not to make my work more complicated. With the new protection software you have to connect every week once to the internet to be able to read them. Also LockLizard only works with Windows.

They suggest using vmware with xp or vista on linux to unprotect these files with the new locklizard software. It`s like if you by a book and you will not be able to read it, if you don`t update the store where you bought it once a week, what pages are you reading right now.

I would like to change to another workbook vendor, but seems like that others are not that easy to setup on dynamips. IPexpert said, that they don`t support dynamips. They will send a full hardisc with their materials. But this should work with linux also.

Source:

http://www.internetworkexpert.com/locklizardfaq.htm

Failed my second lab attempt and what comes next?

Samstag, Mai 17th, 2008

I have a child and i really enjoy it to be with him. Configuring devices is still quite nice, but it will not be as good as playing with my son. So he learns the most in his first year.

How to motivate for the next try? Learning from the last attempts is quite difficult for me. This attempt was quite strange. But maybe i did not had enough sleep the days before my last attempt.

So what to learn from my last attempt? The sections i did not thought i was right, i was 100% and the others that have been my stronger topcis, i did not came above 2/3 percent. All over the other, i was better on my first attempt.

What i think i can learn about my last attempt is that, sometimes i think the question is more difficult that it is at least. So i think i need more practise in some certain topics to make sure to be more confident about the configuration. I think i test to much and i heasitate to much of choosing the right way.

So here is my todolist of what to improve next time and how to do it at my next and third attempt.

  • become more self confident about the configuration i use
  • improve on certain topics, i still have some weak topics and i sometimes hope they will not be present, but this is just a hope ๐Ÿ™‚
  • maybe more improvement on my speed, but like last time i wasn’t to slow, but might be even quicker, maybe i can try to finisch most of the config before lunch
  • just do more practise and test more different technices
  • get more sleep the days before my next attempt
  • look again through the topics and again starting first with an overview of things, then go into detail

Here is what was good and what i will do again like last time:

  • make a diagramm from the layer 2 and layer 3 topology and start reading the different questions over
  • don’t spend to much time on diagramms but make them readable on the first try
  • use earplugs ๐Ÿ™‚

But how to motivate for the next attempt. Two weeks have passed from my last attempt now. And still i feel like i have to move a rock on my next attempt. I need a bit more to recover before i start it all over again, but i will do it again and i won’t wait to long this time.

As last time the proctor was really good, at this attempt i got the feeling, better not to ask and proctors have been absent from the labroom for at least 30 minutes. I did not feel good this time. But it have been also more participants this time.

Cisco has not really commented about the dynamips usage as a learning tool. But since the cisco commandline will spread more and more with this tools, it maybe the reason why they don’t comment much on using dynamips.

Even now it’s possible with pemu to emulate a pix. Many using this also already as a learning tool.

I will start it all over again and this time i will take the lab, when i’m ready. And this will be when i know i will pass.