Archive

Category Archives for "CCIE Blog | iPexpert"

New Product Release :: CCIE Data Center – Written Exam Video on Demand

We are happy to announce that we’ve recently completed a brand new CCIE Data Center Written Exam Video on Demand. In this coursework, you’ll immerse yourself in each technology your instructor, Jason Lunde CCIE #29431 x2 (R&S and Data Center) presents. Jason will also dissect each technology in a manner in which you will walk away with a complete understanding. Included in the coursework is close to 18 hours of lectures, white boards, and configuration topics!

Check out this Video on Demand course here.

Below, you will find the complete outline of our latest Video on Demand course! We’re quite confident that you won’t find a more thorough, up-to-date product on the market!

Outline

  • Course Introduction
  • CCIE DC Equipment Overview
  • NX-OS Architecture
  • NX-OS Redundancy and File MGMT
  • VDC’s
  • Fabric Extension
  • NX-OS Layer 2
    • VLANs/PVLANs
    • Spanning-tree
    • Port-channels
  • Virtual Port-Channels (vPC)
  • NX-OS Basic Layer 3
    • EIGRP
    • OSPF
    • BGP
  • CCIE DC Jumbo Frames
  • FabricPath
  • VRF (virtual routing and forwarding instances)
  • NX-OS Multicast
  • NX-OS Security
    • Local Accounts
    • RBAC
    • AAA
    • SSH
    • CoPP
    • Rate-limiting
    • ACLs
    • Port-security
    • DHCP Snooping
    • DAI
    • IP Source Guard
  • First Hop Redundancy
    • HSRP
    • VRRP
    • GLBP
  • OTV
  • NX-OS Services
    • ISSU
    • Smart Call Home
    • SNMP
    • SPAN
    • EEM
    • Netflow
  • Unified Ports
  • Fibre Channel

Wireless Configuration Method Speed Test Shootout :: Part 3

This is the third and final article in a series focusing on seeing which configuration methods are fastest or slowest in the CCIE wireless lab.  The idea is to test each method under a variety of likely configuration scenarios that you would experience in the real lab and see how things stack up.

Check out the supporting Speed Test video playlist on our YouTube channel.

This article focuses on autonomous APs.  I set up 3 different scenarios, as listed below:

  • Configuring WDS using local RADIUS and registering 2 APs
  • Configuring two SSIDs with their associated VLANs
  • Configuring a few settings under the radios

If you want to watch the actual configurations, you can check out the companion video to this article over in our YouTube channel.  It shows how I arrived at the configuration speeds and the methods that I used.  You may be able to pick up a few tips or tricks for faster configurations by watching how I do things.

WDS

For this test, had to configure local RADIUS with a network device and user account, then configure AAP1 as a WDS with associated authentication methods.  Finally, I registered both AAP1 and AAP2 Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 1/30/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Nouman Khan, CCIE #19730  (Data Center)
  • Madhav Bhardwaj, CCIE #44772 (Collaboration)
  • Theogene Nishimwe, CCIE #44776 (Collaboration)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Understanding WAN Quality of Service

The time has come, CCIE Collaboration hopefuls, to focus my blog on Quality of Service (QoS). I know, it’s everyone’s favorite subject, right? Well, you don’t have to like it; you just have to know it!

I would specifically like to focus on WAN QoS policies as they are going to be an essential piece of the lab blueprint to understand. Typically, the goal on a WAN interface is to queue traffic in such a way as to prioritize certain types of traffic over other types of traffic. Voice traffic will usually be placed in some type of expedited or prioritized queue while other types of traffic (video, signaling, web, etc.) will use other queues to provide minimum bandwidth guarantees. Policies such as this will utilize the Modular QoS Command Line Interface (MQC) for implementation.

To begin, let’s use our three-site topology (HQ, SB, and SC) to provide a backdrop for this example. The HQ site (R1) has a Frame Relay connection to both the SB (R2) and SC (R3) sites through the same physical Serial interface, which has a total of 1.544 Mbps of bandwidth available. Assume that both R2 and R3 have connections to R1 using Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 1/23/2015

Please join us in congratulating the following iPexpert client’s who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • James Gusman, CCIE #46507 (Data Center)
  • Diego de Oliveira, CCIE #46343 (Wireless)
  • Mohammed Basuliman, CCIE #24626 (Collaboration)
  • Amit Singh, CCIE #19799  (Data Center)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Configure a Highly-Available IPSec VPN tunnel on IOS

It is possible to configure Highly-Available IPSec VPN tunnel on IOS so that the SA information is replicated between the routers. This ensures that a potential failover will be transparent to users and it will not require adjustments or reconfiguration of any remote peers.

There are two protocols used to deploy this feature, HSRP and Stateful Switchover (SSO). HSRP is one of the First Hop Redundancy Protocols that provide network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from failures in network edge devices. The protocol monitors the interfaces so that if either interface goes down, the whole router is deemed to be down and the ownership of IKE and IPSec SAs is passed to the standby router (which now transitions to the HSRP active state). SSO allows the active and standby routers to share IKE and IPSec state information so both routers have enough information to become the active router at any time.

Before we take a look at the configuration, let’s have few words about our topology. The internal network (VLAN 146 below) configuration is outside the scope of this post, but it would be normally configured with a separate HSRP instance, tracking not Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 1/09/2015

Please Join us in congratulating the following iPexpert client who has passed his CCIE lab!

This Week’s CCIE Success Stories

  • Srikanth Navuluri, CCIE #45896 (Routing & Switching)
  • Rodrick Burke, CCIE #46154 (Wireless)
  • Bradley Lierman, CCIE #46093 (Collaboration)
  • Lee Ramirez, CCIE #46113 (Wireless)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

Private VLAN Trunks :: Pt. 2: The Secondary (isolated) Trunk

Picking up where we left off on the first series, I want to discuss the other trunking option that we have in regards to PVLAN trunks. We might need a quick review on our PVLAN structure before we begin, however:

vlan 100
private-vlan primary
private-vlan association 200-201
vlan 200
private-vlan community
vlan 201
private-vlan isolated

This second trunk type is actually called the secondary, or isolated trunk. Much like the promiscuous trunk, this one has a pretty specific purpose, and that is to flip the VLAN tag when a frame is traversing a trunk. This time however, rather than removing the secondary VLAN tag, and replacing it with the primary tag, we are going to be doing the opposite! Remember how we were doing it with the promiscuous trunk? What happened here is the node with MAC A ingresses and is placed in VLAN 200. However, when it needs to reach the L3 GW (the router), we have to remove the secondary VLAN tag and replace it with the primary VLAN ID of 100 (so that it will hit the proper sub-interface on the router).

20141118_01

The routers return traffic will naturally be in VLAN 100 based on the sub-interface configuration. But Continue reading

iPexpert Introduces Jarrod Mills, as CTO and Sr. Routing and Switching Product Portfolio Director / Instructor

As a former attorney, I often found myself drawn to the comfort and familiarity of my office computer. While the thought of spending countless hours toiling over legal briefs caused me much discomfort, spending that same amount of time on a computer was therapeutic. Now, many years later, I can see how my transition into IT was a natural progression, but at the time it seemed crazy to those close to me.

From my formative years on the competitive math team in middle school and high school, to attending college, graduate school and law school on full academic scholarships, I have always striven to excel. What I lacked in career path clarity, I made up for in sheer determination.

Over the past 20 years, I have been fortunate enough to pursue my passion in networking, designing and building world-class networks for Fortune 50 companies throughout the world. Through hard work and perseverance, I have been able to attain 4 CCIE’s (Routing and Switching, Security, Service Provider, Data Center – AND – Wayne has already given me a deadline for #5! ;-). I’ve also been able to amass countless other IT certifications, while simultaneously mentoring and teaching numerous friends and colleagues in Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 12/19/2014

Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!

  • Mark Walbank, CCIE #45915 (Data Center)
  • David Vernum , CCIE #45880 (Data Center)
  • Wilson Huang, CCIE #46040 (Wireless)

We Want to Hear From You!

Have you passed your CCIE lab exam using any iPexpert or Proctor Labs self-study products, or attended our CCIE Bootcamps? If so, we’d like to add you to our CCIE Wall of Fame!

IKEv2 VPN – ASA/IOS

In our next blog post, we will focus on configuring an IKEv2 VPN between the ASA and IOS.

Is there anything special about that configuration? Yes and no. It is still “just” IKEv2 that will take care of negotiating our tunnels, but there will definitely be a difference in how we configure one platform versus another. Remember – tunnel interfaces are not supported on the ASA, at least as of 8.6, and this generally means that we will not be able to use tunnels (FlexVPNs) on IOS, too (there is actually one small exception to this rule, but it will not be discussed in this article).

Let’s take a look at our simple network:
20141216_01

We’ll try to build a VPN tunnel between R10 and ASA3 that we will then use to protect traffic flowing between VLANs 10 and 8. I am going to start with the ASA configuration.

First and foremost – the Policy. Note that PRF must generally be the same as what you have selected for Integrity/Hashing:

crypto ikev2 policy 10
encryption aes-256
integrity sha384
prf sha384
group 14

We will authenticate the tunnel using pre-shared-keys, and since authentication method is no longer negotiated in IKEv2 we Continue reading

Dial-Peer Digit Manipulation

In the CCIE Collaboration lab, understanding dial-peers is extremely important. Lack of knowledge in this area can yield devastating results in your lab score report since they can be found in so many different sections of the exam. We must be thoroughly prepared to tackle every aspect of this technology should we be presented with it at some point.

I recently got a great question in our forums about digit manipulation within POTS dial-peers and how they interact with translation rules and profiles. I figured that since this is such an important topic, my answer to his question bears repeating so it can reach a wider audience.

Let’s begin with the simple example of dialing the number “123” from a CUCME phone. Of course, the POTS dial-peer must be created to support the desired behavior.

dmdm-001

When this pattern is selected, all digits will be stripped automatically since they are explicitly defined. This is due to the “automatic POTS dial-peer digit strip” feature in IOS. See below for the ISDN Q.931 debug output (no Called Party Number).

dmdm-002

Since we are not currently sending a Called Party Number, we’ll need some way to add the digits back to the string to Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 12/12/2014

Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!

  • Chris Hayden, CCIE #45781 (Collaboration)
  • Ahmed Samir , CCIE #45697 (Wireless)

We Want to Hear From You!

Have you passed your CCIE lab exam using any iPexpert or Proctor Labs self-study products, or attended our CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

iPexpert’s Newest “CCIE Wall of Fame” Additions 12/05/2014

Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!

  • Mathew Varghese, CCIE #45557 (Collaboration)
  • Nick Thompson , CCIE #45731 (Collaboration)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

December CCIE Scholarship Winners

iPexpert’s 2014 Scholarship :: December 1st Winners

in December 2013, we announced our 2014 Scholarship Program / CCIE Lab Training Giveaway.

For the entire year of 2014, we gave giving away 60 free Online-HD-ILT Bootcamp seats, and CCIE Lab Self-Study Training Bundles spanning across every CCIE track we teach (R&S, Collaboration, Data Center, Wireless and Security). This concludes our 2014 CCIE Scholarship Giveaway.

The December 2014 winners of a free 5-Day Online-HD-ILT Bootcamp seat:

  • R&S: @rperezdea
  • Collaboration: @Hussein_A_Emam
  • Data Center: @DavidSudjiman
  • Wireless: wifihero
  • Security: @eibanas

The December 2014 winners of a free Lab Essentials HD VOD and Workbook(s) Bundle:

  • R&S: Gusdsalazar
  • Collaboration: @Renilfo
  • Data Center:@Bash_Mac
  • Wireless: macdadwire
  • Security: @AndreAubet

This winners must contact [email protected] with your name / contact information to receive your freebies! Thank you for entering, and congratulations to our December winners.   

 

CCIE Collaboration Success :: Student Spotlight

We’d like to thank Jon Woloshyn for his testimonial! Jon recently passed the CCIE Collaboration lab! Here’s what Jon had to say:

“I attended iPexpert’s CCIE Collaboration 10-Day Bootcamp in August 2014 and I’m happy to say that on November 11th I passed the CCIE Collaboration exam on my first attempt.

I owe a lot of my success to Andy Vassar and iPexpert. The volume 1 workbook coupled with week 1 of the 10—Day CCIE Collaboration Lab Bootcamp helped solidify my understanding and comfort level with all of the technologies on the blueprint. Having my own un-shared, dedicated pod with the exact lab hardware that’s on the lab during that week to practice on day and night was huge. Being able to ask Andy every question that came to mind and get a detailed response was awesome. The fact the he would break from the lesson and lab up the questions being asked to prove the technology made the class very flexible and almost tailored to each student who required additional knowledge.

Week 2 of the 10-day course was the 1-Week Lab Experience (OWLE). I would not have passed without this week. Andy shared his lab strategy and at first Continue reading

iPexpert’s Newest “CCIE Wall of Fame” Additions 11/21/2014

Please Join us in congratulating the following iPexpert clients who have passed their CCIE lab!

  • Andre Mitchell, CCIE #44619 (Collaboration)
  • Gaurav Vasudeva , CCIE #42760 (Routing and Switching)

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s or Proctor Labs self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!