study journal

After much digging around, I found a bunch of stuff on how to get an emulated CCIE Security Lab set up, with the exception of the Concentrator (can’t be emulated, but can be connected externally). The components that go into emulating the lab are: GNS3 (front-end to Dynagen/Dynamips) and VMware.

GNS3 allows for emulation of various Cisco Routers as well as the PIX Firewall, which should be good enough for the lab exam. VMware can be used to emulate the IPS, as well as Cisco ACS running on Windows 2k3 Server. These can all be then connected into the Dynamips cloud. At the moment, I have all the pieces running separately - GNS3, ACS and IPS. Once I have all the pieces working together, I’ll write up another post (part 2). Meanwhile, if you have any questions about how to get the pieces working, feel free to ask - I’ll try to answer the best I can.

Tuesday, 12-09-2008

Passed the written exam today… now comes the tough part. Stay tuned!

Scheduled for the 350-018 on Monday June 23 ‘08! Wish me luck! Lab, here I come!

Things are moving along slowly. I feel that writing a blog post with notes slows me down, so I’ll probably just post updates, on how things are going. Currently, I’m working on finishing up VPN, as that really is my strength, and then work on other things. It seems that the passing score of the CCIE security has also been reduced. Good for me! Less time spent on the written, gives me more time for the lab.

• cisco proprietary, distance vector
• user configurable metrics: bandwidth, delay, reliability, load, MTU
• metrics: uses ticks as primary metric, but falls back to hops in case of a tie
• default max diameter - 100 hops, configurable up to 255
• three types of routes: interior, system, exterior
• interior routes - routes between subnets attached to router int. if network not subnetted, igrp does not advertise interior routes
• system routes - routes to network with AS. derived from directly connected network int’s & system route info provided by other igrp routers. do not include subnet info
• exterior routes - routes to network outside AS; considered when identifying gateway of last resort
• update broadcast sent every 90 seconds
• route marked “possibly down” if no update received within 3 update periods (270s)
• after 7 update periods (630s), route removed
• if route “possibly down”, traffic still passes even though it might not be successful
• flash update - sending of update sooner than standard periodic update to notify routers of metric change
• poison reverse - sent to remove a route and place in holddown, which keeps new routing info from being used for some time
• to propagate ‘gateway of last resort’ the route specified by ip default-network command must already be known as a network - it must be igrp-derived, or a static route redistributed from another protocol

• 2 versions, distance-vector
• v1 - classful, fixed length subnet masks
• v2 - classless, vlsm
• metric - hop count (15 max)
• updates sent every 30 seconds with entire routing table
• operates on UDP 520
• hop count - 1 = directly connected, 16 = unreachable
• uses split-horizon with poison reverse and triggered updates
• split-horizon enabled by default. should disable in hub/spoke network, unless sub-interface used
• v2 summarizes networks automatically. ip summary-address takes precedence over auto-sum
• v2 updates are sent via multicast address 224.0.0.9
• by default, when router rip is configured on a router, it only sends v1 info, but listens to both v1 and v2

802.1 - algorithm that prevents bridging loops

802.2 - implementation of the LLC sublayer of the data-link layer; handles errors, framing, flow control, and network layer service interface

802.3 - spec that describes Ethernet. uses csma/cd access at different speeds. extensions of standard include FastE

802.4 - uses token-passing over bus topology. describes the token ring bus

802.5 - uses token-passing access over 4 or 16 Mbps over stp cabling. similar to IBM token ring

802.6 - builds on DQDB technology. supports data rates of 1.5 - 155 Mbps. describes Municipal Area Networks (MAN)

802.7 - broadband

802.8 - fiber-optics LAN

802.9 - integrated voice / data

802.10 - LAN/MAN security

802.11 - wireless

802.12 - demand priority access LAN, 100 Base VGAnyLAN

things are going a bit slow on the studying front - hope to pick it up this weekend.

Yeah, I know - this was supposed to start on May 3, but you know how it goes. I’m going to start putting notes down as I go through each “chapter” of the book I’m reading, for stuff that I might need to look back at later on.

• TACACS responses: ACCEPT, REJECT, ERROR, FAIL
• TACACS / RADIUS use MD5 encryption
• Command for tacacs configuration: tacacs-server host; tacacs-server key
• PPTP - uses modified version of GRE, IP prot 47, TCP 1723, no auth mechanism
• L2TP - UDP 1701, uses PPP (address alloc, per-session auth), LAC (Access Conc), LNS (Network Server)
• ESP: IP prot 50, AH: IP prot 51